In this article we will discuss – What is a brute force attack?
A brute force attack is almost like a digital lock pick for a password. A brute force attack uses automated software to guess a user’s password or to get behind a “digital door” such as an encrypted file or folder. The automated brute force software used by hackers and security analysts can run billions of combinations of letters, numbers, and symbols repeatedly until it finds the correct combination.
With enough attempts any password standard password can be broken – it is merely a matter of time. With enough resources and time an attacker can break the password and gain access to the account or “locked door”, the amount of time it takes to break the code depends on the complexity of the password and the number of resources at the attacker’s disposal.
For example, a run of the mill hacker using a fairly advanced computer would still take years or even decades to break a complex password combining letters, numbers, and symbols whereas an agency from the government or would be able to break the same password in a matter of weeks or days due to the number of combinations they can try in a given period of time.
Even for them, a long complex password would take an inordinate amount of time to break. One thing to keep in mind for the future is quantum computers and their ability to run an incredible amount of calculations at the same time – a password that would take a modern “Super Computer” 10,000 years to break could be broken with a quantum computer in a matter of days if not hours, this was recently achieved by Google.
How Does a Brute Force Attack Work?
The basics of a brute force attack are to try combinations over and over again until a correct sequence is found.
The attacker whether white, grey, or black hat decides upon the intended target; this could be an encrypted file that is to be tested or broken into or through a login page to gain access to someone’s account.
They use a computer program that is specially designed to crack passwords and try to gain access through repeated attempts with usernames and password combinations. A variation is to try a single common password with various usernames. The amount of people still using password1234 as a password to an account is incredibly worrying.
After repeated attempts and an undefined period of time, the correct username and password are found and the attacker is able to gain access to the account of secure data.
An Example of a Brute Force Attack
In 2013 Github the place of computer programmers and coders was hacked. The Github users were told about the breach and notified that they may potentially be the victim of a cyberattack that had happened on the site over a period of weeks.
Many of the computer people using the site were still using weak and poor passwords which eventually led to the sensitive data being taken into the hands of outsiders. The website notified people of the breach and forced them to change their passwords and to use a more secure combination. We talk about good passwords and combinations here.
During the attack on the Github website the attackers used 40,000 unique IP addresses which allowed them to remain undetected by Github security, this allowed them to quietly attack the site without raising suspicion and not raise any alarm bells with the Github security.
What Can I Do?
You can implement countermeasures to slow the attackers down and make it not worth their while before they move on to an easier target. We look into countermeasures and password security in the related articles but in brief having a strong password with a good mix of letters, numbers, and symbols is a good way to turn the tables in your favor – adding two-factor authentication is an extra feature of security which is incredibly important for any account on the internet or an encrypted file.
Conclusion of What is a Brute Force Attack
Brute Force Attacks are used by all types of hackers and penetration testers to break through security measures either in a malicious attack or as a test for a product or a client’s system.
A brute force attack can be run both online and offline depending on what is being attacked and it is a mathematical inevitability that it will eventually succeed (but it could be 10,000 years!).
Get in contact with WPDesigns and discuss our security services and how we can help to lock down your website.