Learning Objectives
- Describe the process and aim of a brute-force attack.
- Describe hacking as gaining unauthorised access and explain possible aims.
- Describe how data interception captures transmitted data.
- Select relevant protective measures for each threat.
Key Terms
- Brute-force attack
- An attack that repeatedly tries many possible credentials or values until a correct one is found.
- Hacking
- Gaining unauthorised access to a computer system or account.
- Data interception
- Capturing data while it is being transmitted.
- Credential
- Information used to authenticate a user, such as a username and password.
- Strong password
- A password that is difficult to predict or discover through repeated guesses.
- Two-step verification
- Authentication requiring a second verification step in addition to the first credential.
- Encryption
- Transforming data so that intercepted content is not understandable without the key.
- Access level
- A permission setting that limits which resources and actions a user can access.

Brute-Force Attacks
A brute-force attack repeatedly tests possible passwords or other credentials. The attacker may use automated software to make a very large number of attempts. If a correct combination is eventually found, the attacker can attempt to log in as the authorised user.
The aim is usually unauthorised access. A short or predictable password reduces the number of possibilities that must be tried. A longer, less predictable password increases the search space and makes the attack less practical.
Authentication controls can reduce the threat. Two-step verification means that discovering a password alone may not be sufficient. Systems can also respond to repeated failed attempts, but candidates should focus on the syllabus solutions such as strong authentication.
Hacking
Hacking in this syllabus context means gaining unauthorised access to a computer system, network or account. The attacker may exploit weak credentials, software vulnerabilities or information obtained through another attack.
The aim can vary. An attacker may want to read confidential data, alter or delete data, install malware, use system resources or disrupt operation. The definition of hacking is the unauthorised access; these later actions are possible aims or consequences.
Access levels limit the damage that an account can cause. A user should receive only the permissions needed for the role. If a low-level account is compromised, the attacker should not automatically gain administrator-level control.
Data Interception
Data interception occurs when an attacker captures data as it travels between devices. The attacker may monitor a communication link or an insecure wireless transmission.
The aim is often to obtain sensitive information such as login credentials or personal details. Encryption protects confidentiality because intercepted ciphertext is not understandable without the correct key. HTTPS and SSL security help create a protected connection for web communication.
Data interception is different from hacking into stored files. Interception targets data in transit. Hacking concerns unauthorised access to a system or account. A single incident can involve both, but the processes are distinct.
Matching Solutions To Threats
Strong passwords and two-step verification reduce the chance that guessed credentials lead to access. Access levels restrict what a compromised account can do. Firewalls can control unauthorised network connections. Software updates reduce known vulnerabilities that could be exploited.
Encryption and HTTPS are especially relevant to data interception because they protect transmitted content. An answer gains strength when the protection is connected to the attack mechanism rather than presented as a general list.
Comparing Three Threats
| Threat | Process | Main Target | Relevant Protection |
|---|---|---|---|
| Brute force | Repeatedly tries possible credentials | Authentication | Strong passwords and two-step verification |
| Hacking | Gains unauthorised access | System, account or data | Authentication, access levels, updates and firewalls |
| Data interception | Captures transmitted data | Data in transit | Encryption, HTTPS and SSL security |
Worked Examples
Explaining A Brute-Force Attack
Question: An attacker uses software to try thousands of passwords against one account. Describe the process and aim.
- Name the repeated automated guessing process.
- State what success would provide.
Answer: It is a brute-force attack. The software repeatedly tests possible passwords with the aim of finding the correct one and gaining unauthorised access.
Protecting Intercepted Data
Question: A password is sent through an HTTPS connection and the transmission is intercepted. Explain why the password is better protected than through HTTP.
- Identify that HTTPS creates a protected connection.
- State that the transmitted data is encrypted.
- Explain the effect on the interceptor.
Answer: The intercepted data is encrypted, so it should not be understandable without the required key.
Examination Guidance
- Define hacking as unauthorised access before describing what the attacker may do.
- State that brute force uses repeated attempts, often automated.
- Use data in transit when distinguishing interception from access to stored data.
- Choose a solution that directly blocks or reduces the stated process.
Common Mistakes
- Calling every failed password attempt hacking.
- Saying a long password makes brute force impossible rather than more difficult.
- Claiming encryption prevents interception; it protects the meaning of intercepted data.
- Describing data interception as deleting a file from storage.
Knowledge Check
1. What is the aim of a brute-force attack?
2. What is hacking?
3. What does data interception target?
4. Why does two-step verification help against brute force?
5. How does encryption reduce the impact of interception?