Why do Hackers Hack

Why do Hackers Hack? Part 2

“In 2016, 3 billion Yahoo accounts were hacked in one of the biggest breaches of all time..”

Over the last few months we have increasingly been called to look at websites that have been hacked, compromised, taken over or however you wish to describe it. First of all these are not sites that we have developed or maintain – hopefully that keeps our reputation intact. Every time we talk to clients and potential clients about website security and hacking, the same question comes up – “Why do Hackers hack websites?”

I think that in order to understand why, you need to think about your value to a Hacker and how they can gain from you. This usually, but not exclusively, depends on how big you are or how much data you hold.

If you have not read Part one of this article then I would recommend that you take a look at Why do Hackers hack? Part 1

We have looked at the larger targets on the internet and they look far more enticing than your little website…. Don’t they?

Jackpot Day

That’s very true and if you crack one it is a Jackpot day. However they are probably well protected and you would hope that the likes of Amazon have a very on the ball security team who are spending some of that $7,385 per second to keep our data safe.

So that leaves you, the low hanging fruit for the lower league hacker.

Before we go any further it is probably worth mentioning that these types of attack are less targeted and use automatic tools to scour the internet for vulnerabilities. Let’s think of it a  sawn off shotgun as opposed to the sniper rifle approach from my last article. That probably reflects quite accurately the person pulling the trigger. These guys may not even be particularly skilled, simply young kids using pre-written tools – hence the name Script Kiddies

Hacking your individual website probably won’t yield much in the prize stakes but if a hacker can take control of a number of sites then the power he/she has on the internet increases. We are not talking about 2 or 3 sites here but 10’s of thousands

Wham, Bam, Spam

Spam

Yes, spam! It’s not from somebody that is sat at their desktop banging away on a keyboard. Oh.no… Spam largely comes from web servers that have been compromised and are doing the hackers bidding like internet Zombies. By sending fewer emails from a large number of servers the hacker can remain under the radar of the authorities.  The servers will also act as hosts for the spammers landing pages, spreading their message of cheap pharmaceuticals, bitcoin scams  and helping to spread that malicious payload like virus.

DDos

Large botnets ( Robotised groups of compromised web servers) are commonly used to perform distributed denial-of-service (DDoS) attacks, a way of disrupting a computer system by flooding it with data. Much as with spam, an individual computer in a botnet can’t do much damage on its own, but the combined resources of the entire network enable the hacker to overwhelm the victim server with an enormous amount of traffic.

On parts of the web access to large DDoS botnets is even sold as a “service” to hackers looking to sabotage competitors, take revenge on enemies, or simply make a statement.

Attacking you Visitors

In this instance we are looking at hackers trying to deliver a malicious payload to your sites visitors such as a virus or malware. These are usually disguised as innocent looking links, downloads or updates. Whatever they are they are, looking to propagate their nastiness further.

Cyber Safety

How to keep yourself safe.

The best way to keep your computer and website safe is not to have one in the first place. As that is a bit unrealistic we probably need to look at how we think about security of other things we have and work with. Would you leave your car by the side of the road, unlocked, windows down and the key on the dashboard? No, and I’m glad to hear that. So if we would lock the bad guys out of our car why are we so averse to doing the same with our computers. Here is a simple checklist of things you should have in mind to keep your website and computers safe.

  • Have complex passwords – there are plenty of articles on the web as to what a complex password should look like and some tools that will generate them for you.
  • Install a Web Application Firewall
  • Keep your core website framework (Wordpress, Drupal etc) up to date. It’s free.
  • Keep all your plugins/extensions up to date.
  • Avoid allowing users to upload files to your website.
  • Make sure that your web developer/host is keeping things secure.

We provide our clients with a weekly report that outlines what activity has taken place on their site including attempted malicious logins, patching and a list of other things. This means that we are accountable for what happens on their site. It shouldn’t be hard for your developer to provide this kind of information so if you’re not looking after these aspects of your site then make sure they are.

We have produced an eBook that is free to download from the homepage of our website at www.visiblethoughts.co.uk

Also feel free to email me at [email protected] and let me know what other articles you would find useful or simply for a chat.

Finally I you would like to be notified when we have more articles for you then just join our mailing list.

“Passwords are like underwear: don’t let people see it, change it very often, and you shouldn’t share it with strangers.”

- Chris Pirillo


Why do Hackers Hack

Why do Hackers Hack? Part 1

“60 % of small companies go out of business within six months of a cyber attack.”

Over the last few months we have increasingly been called to look at websites that have been hacked, compromised, taken over or however you wish to describe it. First of all these are not sites that we have developed or maintain – hopefully that keeps our reputation intact. Every time we talk to clients and potential clients about website security and hacking, the same question comes up – “Why do Hackers hack websites?”

I think that in order to understand why, you need to think about your value to a Hacker and how they can gain from you. This usually, but not exclusively, depends on how big you are or how much data you hold.

Corporate and High Profile Websites

In a nutshell corporate breaches tend to revolve around theft, leaking, disruption, money, activism, idealism or political motives.

Theft and Data Leaks

Theft and leaking often go hand in hand, kind of like large scale blackmail but your private information and possibly reputation is in the hands of someone else’s hands. Let’s have a quick look at the Ashley Madison hack of 2015. Wired ran a more in-depth article on what went on but in summary it was something like this…..

Ashley Madison describe themselves as “The most famous name in infidelity and married dating”. Now this article is not about judging people who are involved in such activities, however I think that it is safe to say that discretion is a key thing for the people involved. The hackers in question managed to gain access to the customer database and stole 9.7 Gb of data, which included account details and logins from 32 million users. The hackers demanded that Ashley Madison site be closed down or they would publish the data online. Which they did a couple of weeks later.

Coverage of the incident on Wired.com says “The hackers appeared to target AshleyMadison and EstablishedMen over the questionable morals they condoned and encouraged, but they also took issue with what they considered ALM’s fraudulent business practices. Despite promising customers to delete their user data from the site for a $19 fee, the company actually retained the data on ALM’s servers, the hackers claimed. “Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” the hackers wrote. “Too bad for ALM, you promised secrecy but didn’t deliver.”

I’ll leave you to ponder the rights and wrongs of this, but it does demonstrate the reasons for hacking and in this case it ticks the Steal, Leak and Activist boxes.

Your data is your identity

Disrupt Services

Hackers love to take things down, no we are not back on the Ashley Madison case again, but if they can make something crash and stop it functioning properly they just love it. This technic can also be used to request a ransom payment. Imagine Amazon not being able to trade for even a few hours. Let’s put that in perspective a little more; last year (2018) Amazon was reported to have made a nett profit of $10.1 billion dollars. That equates to $7,385 per second.

The interesting thing about disruption of service attacks is that it could be you that is doing it!! Attacks take many forms but one, the Distributed Denial of Service Attack (DDoS), gets you to help. It uses infected/compromised PC’s and servers to fire data, on cue, at a specific target. That could be millions of machines pointed at a single point. So if you don’t want to be part of this hacking party make sure that your Desktop, Laptop, Phone, Tablet and Servers all have a suitable Anti Virus installed and are on the latest version of all their software and patches. If you have a website then make sure your developer keeps everything up to data and use a Web Application Firewall as well. Our WAF of choice is Wordfence. If that is a bit much to take onboard then drop me and email and I’ll help you along the way.

Time is Sales & Sales is Money

Steal Money

This has got to be one of the main reasons for hacking a  large website. More often than not the larger websites are eCommerce and sell products or services. As we all know from experience when you buy things you have to pay for them and online you need to hand over your credit card details. But it’s not just your credit card details you need to hand over but your detail about where the card it registered to. In fact you need to part with all the details that are needed for a successful transition – all the detail that somebody else would need to make a transaction on your behalf.

There is also enough data here for an effective identity theft. Obtaining such data is not for the hacker to use but is more likely to be sold on.

Ransomware

Ransomware is not a new thing and probably started as early as the last 80’s. The problem with a ransom is getting paid. Asking for payment into your bank account is probably not the brightest thing for a hacker to do, but with the advent of cryptocurrency this is now a much safer method to rip somebody off. Effectively the ransomware encrypts all your files and any others it can find. You than have to pay a chunk of cash to get them back.

I’ve seen for myself when a virus or malware hits a large organisation and the devastation is instantaneous.

While websites are not often targeted for ransomware payments a great many personal computers and servers are. We have seen only recently how the NHS was effected. Further afield the city of Baltimore in the US was held ransom. This attack effected numerous systems across the city including phone systems and even the ability for people to complete on their house sales. And while many systems were not effected, they were turned off as a precaution to stop them becoming infected. In this instance the ransom was $70,000 which the Mayor refused to pay. The cost of the recover, mainly due to lack of proper backups, is alleged to have come in at $16m.

Lastly…..

Hacktivism, Idealism, Political Motives

These are the guys with a specific purpose in life. They are idealists and out to expose injustice or they may have political motives. One high profile group that fits in this category is Anonymous which has a attacked governments and establishments across the globe since their inception in 2003.

From a small business point of view these are the least likely to be turning their attention toward you as they tend to be very focused. Although it does depend what you are up to.

That is probably enough for now, so in the next article we will look at how you fit into this story…….

In the meantime, if you are worried about the security of your website then read about our Hacked Website Recovery Service or Contact Us for a chat.

Finally I you would like to be notified when part 2 of this article is available then just leave your details here.

"Companies spend millions of dollars on firewalls, encryption and secure access devices, and it's money wasted; none of these measures address the weakest link in the security chain - their staff"

- Kevin Mitnick, "The World's Most Famous Hacker"