Brute Force Attack
In a now-infamous brute force attack, over 90,000 PlayStation and Sony Online Entertainment accounts were compromised in 2011. Hackers attempted countless username and password combinations from an unidentified third party, eventually ransacking members’ accounts for personal information.
The now-discontinued Club Nintendo also fell victim to the same type of attack in 2013, when hackers executed a coordinated attack on over 15 million members, eventually breaking into over 25,000 forum members’ accounts. All compromised accounts were suspended until access had been restored to the rightful owners — but the damage to brand reputation had already been done.
What you need to know:
A brute force attack aims to take personal information, specifically usernames and passwords, by using a trial-and-error approach.
This is one of the simplest ways to gain access to an application, server or passwordprotected account, since the attacker is simply trying combinations of usernames and passwords until they eventually get in (if they ever do; a six-character password has billions of potential combinations).
How the attack happens:
The most basic brute force attack is a dictionary attack, where the attacker systematically works through a dictionary or wordlist — trying each and every entry until they get a hit. They’ll even augment words with symbols and numerals, or use special dictionaries with leaked and/or commonly used passwords. And if time or patience isn’t on their side, automated tools for operating dictionary attacks can make this task much faster and less cumbersome
Where the attack comes from:
Thanks to the ease and simplicity of a brute force attack, hackers and cyber criminals with little-to-no technical experience can try to
gain access to someone’s account. The people behind these campaigns either have enough time or computational power on their side to make it happen.