Interesting, well I guess folks using it should be just as careful as the rest of us. Someone with a 116.90.81.14 ip was really interested in it. Username "bernard" is also a new one on me.
I think these attackers just use wordlists for the most part. I had an SSH server log tens of thousands of attempts with the username ‘initech’ before I got fail2ban running and turned off password auth. Not sure there many people out there actually naming user accounts after the company from Office Space.