Dictionary attacks utilize a computer program to try to gain access to a system, account, or encrypted file by entering words from a list of common words, phrases, and leaked passwords from security breaches. People often use easy to remember and commonly used passwords. According to CNN, “password” is one of the most used passwords. Most people often use the same password for multiple accounts, meaning once a password has been successfully guessed, access may be granted to multiple areas.
Hackers use words and phrases with a high probability of success. Dictionary attacks require less time and resources to execute, than brute-force attacks. Traditional brute-force attacks try every possible password combination, while dictionary attacks use a large number of pre-selected words and phrases. This predetermined list of passwords is made up of variations of common passwords. Once access to an account has been wrongfully granted, personal data, payment information, or intellectual property, can be stolen. Internal damage can also be done to an organization this way.
Password dictionary lists are typically built with a specific target in mind and use that target to better guess passwords. For example, the password for a specific organization may include the name of the organization, the city it is located, or a variation of this information.
Dictionary attacks are becoming more common and easier to execute. The best way to protect your passwords is to use individual and complex passwords for each account. Never use commonly known information, such as your birthday, child’s name, pet name, or family names for a password. Hackers can research social media accounts for this information. Remember to always use capital letters, numbers, and special characters to increase the complexity of your password and make it harder for hackers to access your data.
Earlier this year, Intel fell victim to a data breach that was responsible for more than 20 gigabytes of its proprietary data and source codes being leaked.The data, which was previously only made available to partners and customers under a NDA contract, is now publicly available on BitTorrent feeds, for anyone to see. Intel does not believe the data includes any customer or personal information, but are still investigating this situation. It is believed that an individual with access to the Intel Resource and Design Center, where the data was stored, downloaded and shared it. The data was published by Tillie Kottmann, a Swiss software engineer who offered barebones details on Twitter. Kottmann said the documents resided on an unsecured server, where he was able to identify the server using the nmap port-scanning tool. Although the zip files were password protected, he was able to guess the passwords, as most of them used the password Intel123 or intel123.