What Is 'Brute Force' Dictionary Hacking?

Question: What Is 'Brute Force' Dictionary Hacking?

Answer: Hackers use three common methods to acquire people's computer passwords:

1. Brute Force ('Dictionary') Repetition
   


2. Social Engineering (commonly: phishing)
   


3. Administrator Back Doors
   

1) Brute Force (aka 'Dictionary' Attacks)

The term "brute force" means to overpower the defense through repetition.
In the case of password hacking, brute forcing involves dictionary
software that recombines English dictionary words with thousands of
varying combination. (Yes, much like a Hollywood safecracker movie
scene, but much slower and much less glamorous). Brute force
dictionaries always start with simple letters "a", "aa", "aaa", and then
eventually moves to full words like "dog", "doggie", "doggy". These
brute force dictionaries can make up to 50 attempts per minute in some
cases. Given several hours or days, these dictionary tools will overcome
any password. The secret is to make it take days to crack your password.




2) Social Engineering Attacks

Social engineering is the modern con game: the hacker manipulates you to
divulge your password by using some kind of convincing personal
contact. This personal contact might involve direct face-to-face
communications, like a pretty girl with a clipboard doing interviews in a
shopping mall. Social engineering attacks might also occur over the
phone, where a hacker will masquerade as a bank representative calling
to confirm your phone number and bank account numbers. The third and
most common social engineering attack is called phishing or whaling.
Phishing and whaling attacks are deception pages masquerading as
legitimate authorities on your computer screen. Phishing/whaling emails
will often redirect the victim to a convincing phishing website, where
the victim types in their password, believing the website to be their
actual bank or online account.




3) Administrator Back Doors

This kind of attack is akin to stealing the building master keys from
the building janitor: the perpetrator accesses the system as if they
were an entrusted employee. In the case of computer administrators:
special all-access accounts allow the user into areas where only trusted
network administrator should go. These administrator areas include
password recovery options. If the hacker can enter your system with the
administrator's account, the hacker can retrieve passwords of most
anyone on that system.