The use of a botnet, or numerous systems under the control of the hacker can help circumvent limitations on password entry attempts applied to IP address. It is also important to know that limitations on password entry attempts is front-end, meaning the method you would use to login to your own account (gmail, Amazon, etc). If a hacker can access the IT-side, it is possible to utilize the very same tools and benefits that the intended professionals would use. If a hacker can acquire and copy the entire system used, and then remove the limitation on password entries, they could essentially ‘practice’ against a model of the system without the countermeasures in place. Once they find a successful password, they simply use it on the real website.