BRUTE FORCE ATTACKS
"Brute force" is almost self-explanatory, and easy to demonstrate.
Remember the time you lost your key and couldn't get into your own house? Yes, you do. The spare key was also unavailable and you had to force your door open. Forcing the door open required you to repeatedly hit the padlock/hinges with a harmer/crowbar. After several tries, you were finally in!
Congratulations, you "brute-forced" your way into your own house. You might just be a hacker. Lol
Brute Force Attacks
In computer science, the term “brute force” refers to methods that check every potential solution of a certain problem, until the correct one or the best one is found.
As the name suggests, brute force attacks involve repeatedly trying to gain unauthorised access to a system, service or network. Here, a hacker tries all possible combination of login details (usernames and passwords) to a system to find the right login credentials which would grant the hacker access to said system. It's essentially a trial and error method of hacking because the hacker keeps trying different combinations of usernames and passwords until they gain access and/or the system blocks them from login attempts.
For example, if you wanted to gain access to John Doe's Online Banking account, you could repeatedly try different iterations of username and password pairs till you unlock his account.
Brute force attacks are one of the oldest forms of cyber-attacks and are still relevant to this day. However, because of the length of time required to try different login details combinations and with the complexity of computer systems and services, they are now mostly perpetrated using bots or scripts. For example, an attacker could purchase a brute force attack exploit kit and/or write a simple python script which repeatedly tries these different login credentials to a system till access is granted.
Goals of Brute Force Attacks
The reasons hackers engage in all cyber-attacks are mostly similar, however, the goals of brute force of attacks can be distilled to the following:
- Impersonation for further cyber attacks: The attacker may want to use to privileges of the user he brute-forced to perform further attacks. Others are:
- Information Theft
- Financial Fraud
- Harvesting User Credentials
- Advanced Persistent Threats
- Reputational Damage
Types of Brute Force Attacks
The most common types of brute force attacks include:
- Dictionary Attacks: The most common type of brute force attack. Here, an attacker works through a "dictionary" of possible passwords and tries all of them against a given username
- Reverse Brute Force Attack: Here, the attacker tries a common password against different combinations of usernames. People with common passwords (like "password") are highly susceptible to this kind of attack.
- Exhaustive Key Search: This is the technique of trying every possible combination of every key on the keyboard until a password is cracked.
- Credential Surfing: When an attacker obtains a username and password match, this can be reused across different platforms. considering that many internet users have the same username/password combinations, it's easy to compromise a person across several different platforms/websites when one of their username/password credentials are found.