A brute force attack is a method used to obtain encrypted passwords with an automated system that tries every possible combination until it is correct and obtains access.
Brute force attacks begin with automated software that’s used to guess a password, or an answer, to get behind a locked “digital door.” The automated software can run billions of combinations of letters, numbers, and symbols over and over until it becomes statistically correct and cracks the code. The higher the encryption on the data, the longer it takes to break through the door and obtain the desired data. Sometimes this process can take a few minutes; other times it can go on for years before it’s able to break the code. Brute force attacks are a serious threat capable of affecting millions of accounts and tarnishing a business’s reputation.
How Brute Force Attacks Work
- A hacker decides on their intended target: either an encrypted file that has been stolen (offline), or a login page (online).
- They use a computer program that's configured to attempt entry by trying usernames, along with millions of password combinations. (They may also attempt one password with many usernames.)
- Once the correct username and password combination is found, the hacker is able to access the secure data.
Example of a Brute Force Attack
Back in 2013, several GitHub users were notified about potentially being a victim of a brute force cyber attack that happened on the site. Many users had weak passwords, which led to the site being targeted and ultimately letting sensitive data get into the hands of outsiders. GitHub notified users that they would be forced to change their passwords and use more secure combinations. During this incident, the attackers used over 40,000 unique IP Addresses which made it easier to fly under the radar. This attack was done slowly on purpose in order to not raise any alarm to GitHub security.
Brute force attacks are used to break through security measures so they can reach the intended data target. While this may seem like something only hackers can use to their advantage, many security firms use brute force attacks to help test their clients’ systems. Whether offline or online, any time a system is under an automated attack it’s a severe threat because it's only a matter of time before it succeeds. By implementing countermeasures you can at least give attackers a run for their money by slowing them down.
As always, If you have any questions or concerns about any of the topics mentioned in this article, please feel free to reach out to support. Live chat and ticket support are available 24/7.