Overview
Brute force attacks begin with automated software that’s used to guess a password (or an answer) to get behind a locked “digital door.” The automated software can run billions of combinations of letters, numbers, and symbols over and over until it becomes statistically correct and cracks the code.
The higher the encryption on the data, the longer it takes to break through the door and obtain the desired data. Sometimes this process can take a few minutes; other times it can go on for years before it’s able to break the code. Brute force attacks are a serious threat capable of affecting millions of accounts and tarnishing a business’s reputation.
How Brute Force Attacks Work
- An attacker decides on their intended target: either an encrypted file that has been stolen (offline) or a login page (online).
- They use a computer program that’s configured to attempt entry by trying usernames, along with millions of password combinations. (They may also attempt one password with many usernames.)
- Once the correct username and password combination is found, the attacker is able to access the secure data.
Example of a Brute Force Attack
Back in 2013, several GitHub users were notified about potentially being a victim of a brute force cyberattack that happened on the site. Many users had weak passwords that led to the site being targeted and ultimately letting sensitive data get into the hands of outsiders. GitHub notified users that they would be forced to change their passwords and use more secure combinations.
During this incident, the attackers used over 40,000 unique IP addresses that made it easier for them to fly under the radar. This attack was done slowly on purpose in order to not raise any alarm to GitHub security.
Conclusion
Brute force attacks are used to break through security measures so they can reach the intended data target. While this may seem like something only hackers can use to their advantage, many security firms use brute force attacks to help test their clients’ systems.
Whether online or off, any time a system is under an automated attack it’s a severe threat because it’s only a matter of time before it succeeds. By implementing countermeasures you can at least slow attackers down.