Learning Objectives
  • Describe the process and aim of a brute-force attack.
  • Describe hacking as gaining unauthorised access and explain possible aims.
  • Describe how data interception captures transmitted data.
  • Select relevant protective measures for each threat.
Key Terms
Brute-force attack
An attack that repeatedly tries many possible credentials or values until a correct one is found.
Hacking
Gaining unauthorised access to a computer system or account.
Data interception
Capturing data while it is being transmitted.
Credential
Information used to authenticate a user, such as a username and password.
Strong password
A password that is difficult to predict or discover through repeated guesses.
Two-step verification
Authentication requiring a second verification step in addition to the first credential.
Encryption
Transforming data so that intercepted content is not understandable without the key.
Access level
A permission setting that limits which resources and actions a user can access.
Summary diagram
Summary Of The Main Ideas In This Lesson
Brute-Force Attacks

A brute-force attack repeatedly tests possible passwords or other credentials. The attacker may use automated software to make a very large number of attempts. If a correct combination is eventually found, the attacker can attempt to log in as the authorised user.

The aim is usually unauthorised access. A short or predictable password reduces the number of possibilities that must be tried. A longer, less predictable password increases the search space and makes the attack less practical.

Authentication controls can reduce the threat. Two-step verification means that discovering a password alone may not be sufficient. Systems can also respond to repeated failed attempts, but candidates should focus on the syllabus solutions such as strong authentication.

Hacking

Hacking in this syllabus context means gaining unauthorised access to a computer system, network or account. The attacker may exploit weak credentials, software vulnerabilities or information obtained through another attack.

The aim can vary. An attacker may want to read confidential data, alter or delete data, install malware, use system resources or disrupt operation. The definition of hacking is the unauthorised access; these later actions are possible aims or consequences.

Access levels limit the damage that an account can cause. A user should receive only the permissions needed for the role. If a low-level account is compromised, the attacker should not automatically gain administrator-level control.

Data Interception

Data interception occurs when an attacker captures data as it travels between devices. The attacker may monitor a communication link or an insecure wireless transmission.

The aim is often to obtain sensitive information such as login credentials or personal details. Encryption protects confidentiality because intercepted ciphertext is not understandable without the correct key. HTTPS and SSL security help create a protected connection for web communication.

Data interception is different from hacking into stored files. Interception targets data in transit. Hacking concerns unauthorised access to a system or account. A single incident can involve both, but the processes are distinct.

Matching Solutions To Threats

Strong passwords and two-step verification reduce the chance that guessed credentials lead to access. Access levels restrict what a compromised account can do. Firewalls can control unauthorised network connections. Software updates reduce known vulnerabilities that could be exploited.

Encryption and HTTPS are especially relevant to data interception because they protect transmitted content. An answer gains strength when the protection is connected to the attack mechanism rather than presented as a general list.

Comparing Three Threats
Threat Process Main Target Relevant Protection
Brute force Repeatedly tries possible credentials Authentication Strong passwords and two-step verification
Hacking Gains unauthorised access System, account or data Authentication, access levels, updates and firewalls
Data interception Captures transmitted data Data in transit Encryption, HTTPS and SSL security
Worked Examples
Explaining A Brute-Force Attack

Question: An attacker uses software to try thousands of passwords against one account. Describe the process and aim.

  1. Name the repeated automated guessing process.
  2. State what success would provide.

Answer: It is a brute-force attack. The software repeatedly tests possible passwords with the aim of finding the correct one and gaining unauthorised access.

Protecting Intercepted Data

Question: A password is sent through an HTTPS connection and the transmission is intercepted. Explain why the password is better protected than through HTTP.

  1. Identify that HTTPS creates a protected connection.
  2. State that the transmitted data is encrypted.
  3. Explain the effect on the interceptor.

Answer: The intercepted data is encrypted, so it should not be understandable without the required key.

Examination Guidance
  • Define hacking as unauthorised access before describing what the attacker may do.
  • State that brute force uses repeated attempts, often automated.
  • Use data in transit when distinguishing interception from access to stored data.
  • Choose a solution that directly blocks or reduces the stated process.
Common Mistakes
  • Calling every failed password attempt hacking.
  • Saying a long password makes brute force impossible rather than more difficult.
  • Claiming encryption prevents interception; it protects the meaning of intercepted data.
  • Describing data interception as deleting a file from storage.
Knowledge Check

1. What is the aim of a brute-force attack?

Answer: To discover a correct credential and gain unauthorised access.

2. What is hacking?

Answer: Gaining unauthorised access to a computer system, network or account.

3. What does data interception target?

Answer: Data while it is being transmitted.

4. Why does two-step verification help against brute force?

Answer: A discovered password alone may not be sufficient to complete authentication.

5. How does encryption reduce the impact of interception?

Answer: It makes captured data unreadable without the required key.