The First Question is Why are websites hacked?

It’s not true that only large corporate or government websites are hacked. Smaller websites are more vulnerable to attack due to in general less security and/or website maintenance. Smaller websites and blogs are targeted more in an attempt to use them for larger attacks among other things.

website-security-hackers — Photo credit: CJ Isherwood via Foter.com / CC BY-SA

The more modest websites are targeted and compromised to be used in DDoS attacks, where websites from all over the Internet can also be used by attackers to participate in launching a larger scale attack. Compromising bank websites, corporate accounts, and government website hacking are some examples of large scale attacks. Generally the hackers do not have all the resources. They need a large number of Bots to process such attacks, so they compromise smaller websites unbeknownst to them and keep them in preparation of the next planned large level attack.

Adware: A kind of spyware that tracks your browsing habits covertly to generate adverts.

Anonymous: A hacktivist collective, Anonymous uses hacking techniques to register political protest in campaigns known as “#ops.” Best known for their DDoS attacks, past activities have included attacks against the Church of Scientology; Visa, Paypal, and others who withdrew their services from WikiLeaks’ Julian Assange after WikiLeaks began releasing war documents.

Back door: A back door is a hidden entry to a computing device or software that bypasses security measures, such as logins and password protections. Some have alleged that manufacturers have worked with government intelligence to build backdoors into their products. Malware is often designed to exploit back doors.

Black hat: A black hat hacker is someone who engages in hacking for illegal purposes, often for financial gain, though also for notoriety. Their hacks (and cracks) result in inconvenience and loss for both the owners of the system they hack and the users. They traditionally hack in order to alert companies and improve services, black hat hackers may instead sell the weaknesses they discover to other hackers or use them.

Bot: A programme that automates a usually simple action so that it can be done repeatedly at a much higher rate for a more sustained period than a human operator could do it. Like most things in the world of hacking, bots are, in themselves, benign and used for a host of legitimate purposes, like online content delivery. However, they are often used in conjunction with cracking, and that’s where its public notoriety comes from. Bots can be used, for instance, to make the content calls that make up DDoS attacks. Bot is also a term used to refer to the individual hijacked computers that make up a botnet.

Botnet: A botnet is a group of computers controlled without their owners’ knowledge and used to send spam or make denial of service attacks. Malware is used to hijack the individual computers, also known as “zombies,” and send directions through them.

Brute force attack: Also known as an exhaustive key search, a brute force attack is an automated search for every possible password to a system. It is an inefficient method of hacking compared to others like phishing. It’s used usually when there is no alternative. The process can be made shorter by focusing the attack on password elements likely to be used by a specific system. Most modern encryption systems use different methods for slowing down brute force attacks, making it hard or impossible to try all combinations in a reasonable amount of time.

website-security-brute-force-attack — Photo credit: bobsfever via Foter.com / CC BY-ND

Clone phishing: Clone phishing is the modification of an existing, legitimate email with a false link to trick the recipient into providing personal information.

Compiler: A compiler is a program that translates high-level language (source code in a programming language) into executable machine language. Compilers are sometimes rewritten to create a back door without changing a program’s source code.

Cracking: To break into a secure computer system, frequently to do damage or gain financially, though sometimes in political protest.

Denial of service attack (DoS): DoS is used against a website or computer network to make it temporarily unresponsive. This is often achieved by sending so many content requests to the site that the server overloads. Content requests are the instructions sent, for instance, from your browser to a website that enables you to see the website in question. Some have described such attacks as the Internet equivalent of street protests and some groups, such as Anonymous frequently use it as a protest tool.

Distributed denial of service attack (DDoS): This type of cyberattack has become popular in recent years because it’s relatively easy to execute and its effects are obvious immediately. Attackers use a number of computers to flood the target with data or requests for data. This can be accomplished by seeding machines with a Trojan and creating a botnet or, as is the case with a number of Anonymous attacks, by using the machines of volunteers.

Doxing: Discovering and publishing the identity of an otherwise anonymous Internet user by tracing their online publically available accounts, metadata, and documents like email accounts, as well as by hacking, stalking, and harassing.