WHY WOULD SOMEONE HACK YOUR WEBSITE?

Many people say to themselves, "I don't need to worry too much about security for my website, because no one would ever want to hack it in the first place." In my opinion, this belief comes from a lack of knowledge of many of the reasons someone might hack a website; Maybe they see reports of big banking websites being targeted, and assume that no one would try to hack their website, because no financial information is ever posted on it.

This list should make it clear that any website at all is a potential target. If your website hasn't been targeted (yet), that's probably just a matter of luck; 'they' simply haven't found your site as of yet. This list is meant as an eye-opener to hopefully impress upon you that website security is important to consider for all websites - even yours!

Stealing User Information

This is one of the biggest, most obviously damaging ones in this day of 'identity theft'. But don't think that just because your website does not store financial information, it is safe. Even the most basic information that the most simple of websites might collect can be surprisingly useful. For example, almost any website that has "users" for any purpose at all will store, at minimum, a user's email address. That, alone, is valuable information to a hacker.

Lists of actively-used e-mail addresses can be sold for a king's ransom. Worse, though; usually unique user names and passwords are also stored. Many people use the same user names and passwords on multiple websites. So stealing your list of users' information could give hackers access to your members' accounts on other websites. It works the other way around, too; information from other websites could be used to gain access to user accounts on yours.

Websites should not store passwords in plain text in the first place, but even lists of password hashes can be very useful. Users should not use the same user names and passwords on multiple websites, but the fact is they do, in extremely high percentages. My own, limited research on this topic suggests 75% of users will use the same user names and passwords on multiple websites. You don't want your website to be the source of revealing this information.

Stealing Server Information

In addition to your users' information, they may be looking for information on your server itself, perhaps to facilitate hacks for other reasons listed below. Your website might store your database user name and password, for instance. Having that information could allow the hacker to more easily add content to the site, steal information, and do other 'bad things'.

Defacing Your Website

If your website has more than 2 users or so, there is bound to be a time when one of them might have cause to want to embarass you by defacing it. Even if your site does not cover any controversial topic whatsoever, its mere existence could offend someone on a much more broad basis. Virtual Eco-Terrorists may decide that your website is one of billions which actively support the Military/Industrial Complex because it sells something or promotes something.

Any website is vulnerable to this, and your website being a small time operation isn't really as much of a help there as you might think; Those who deface your website will make it popular once they do so, by sharing links to it among their peers, in order to boost their "street cred" as hackers. Your site could even end up listed in more 'credible' places as examples of websites which have been cracked (and are to be avoided as a result).

But it should be noted that ultimately, the hackers don't necessarily need any reason to deface your website. Hacking of this sort started off as its own virtue; it's own end-game. Even today, when most hacking has a 'purpose', that purpose may be as simple as being able to add your website to someone's "hacker resume" when they are seeking paid hacking work.

Search Engine Optimization

One of the best ways to improve a website's ranking

This reason is an extension of 'defacing' your website in a way, but it's more subtle, and with more specific purpose behind it. It doesn't absolutely have to be something related to your website's topic, either. In fact, it is often links to some malicious website that simply tries to harm people's computers in some way, just to generally increase the number of times their website will show up in search results.

Promoting Their Own Product/Service

Or, the links might be completely visible; giving your website viewers the impression that you support that other site. The risk there is that it's easier for you to realize you have been 'hacked', but surprisingly few such attacks are discovered at all. How closely do you monitor your website pages once they are 'up'? If you know you didn't change a web page, do you ever check it again to make sure someone else didn't?

Just as with "Search Engine Optimization", this does not need to be related to your website. It is often links to malicious sites that seek to harm your users' computers and/or sell some fraudulent product or service. They are piggybacking on your website's reputation to promote their own "thing".

Hosting Illegal/Objectionable Content

This is, again, a form of defacement of your website, but is more subtle and with a specific purpose. It can be difficult and expensive to secure hosting for illegal or objectionable content, so many of those who do such things will attempt to use other peoples' websites to host the content directly, instead.

This could greatly increase the cost of your hosting due to large amounts of photo/video content being loaded from it constantly; content you never intended to be there. And you could even end up having your site closed down or worse, you could potentially be subject to criminal or civil liability due to the content someone else put there.

User Mischief

If your website has any social element to it at all (forums, online games, or any other such interactive content), you will inevitably have users who will want to abuse what is available to perform some sort of mischief. It could range from something as simple as posting as another user to embarass them, or 'h

acking' into someone's online game account to steal virtual goods or just harm that user's account in some way.

Sites like Facebook experience untold numbers of this type of thing every single day, but these attacks have been used long before the term "social network" was in vogue. The key here is not to think in terms of "what would be useful to someone to hack", because this type of attack rarely serves any real purpose.

As confusing as it may seem, there are many, many persons on the Internet who simply love to embarass or harm others, and will spend a lot of time and effort to do so, even in supposedly meaningless ways.

Conclusion

Hopefully, I've laid out some good reasons that your website needs to take security seriously. Literally no website in existence - no matter how 'small' or 'simple' - is immune to all of the things I have mentioned.

Again, I'm not trying to induce you to panic here. I simply want you to be aware that there are hackers out there who would love to take over your website, so you should be sure that whoever puts your website together is aware of the threats out there, and takes proactive measures against them. If you are not sure about that, feel free to drop me a line; Website security audits are one of the things I do, as an extension of developing websites to be relatively secure in the first place.

HELP! I THINK I'VE BEEN HACKED

Your computer starts to run a little weird. You notice the drive light blinking when you aren’t doing anything and the system seems a little slow. In the middle of writing an important document for work your system suddenly reboots for no reason. At first you may shrug it off, then you notice some weird program in your Startup group. There is a good chance your system has been hacked.

Had you been exposed to a massive dose of gamma radiation you might turn green and ripped with muscles bursting out of your clothes and set off destroying everything in your path until you find the perpetrators and make them pay. Since your average person can’t turn into The Incredible Hulk, we have to settle for getting angry and saying “help! I think I’ve been hacked!!”

Various emotions may overtake you but it is important to act quickly and decisively to stop any ongoing intrusions, determine the extent of the damage caused and secure and protect your system for the future.

Unfortunately, if you did not prepare in advance for such an incident you probably are finding out much later than you should have and you have next to nothing to go on in trying to determine what occurred- how did the intruder get in? When did they intruder get in? What changes have been made to the system?

When you first realize you may have been hacked you need to decide your course of action. Your initial reaction may be to disconnect your computer from the Internet or shut it down entirely to break the connection with the hacker. Depending on the situation this may be the way to go. However, you may find many more clues and gather more evidence by performing certain actions while the system is still live.

If the system in question contains sensitive or classified material that you feel might be in jeopardy or if you believe your computer might be infected with a virus or worm that is actively propagating (sending itself out) from your computer you probably need to go ahead and disconnect from the Internet at the very least.

There are six essential phases that make up incident response:

Prepare to detect and respond to incidents

Detect incident

Gather clues and evidence

Clean system and patch vulnerabilities

Recover lost data or files

Take lessons from incident and apply them to secure for future

WHAT IS HACKER?

The term "hacker" can mean two different things:

1. Someone who is very good at computer programming, networking, or other related computer functions and loves to share their knowledge with other people
2. Someone who uses their expert computer skills and knowledge to gain unauthorized access to systems, corporations, governments, or networks.

What most people think of when they hear the term "hacker"

The word "hacker" does not bring the best of thoughts to most people’s minds. The popular definition of a hacker is someone who intentionally breaks into systems or networks to illegally procure information or infuse chaos into a network for the express purpose of control. Hackers are not usually associated with doing good deeds; in fact, the term "hacker" is often synonymous with "criminal" to the public. These are black-hat hackers or crackers, the folks we hear about on the news creating chaos and pulling down systems. They maliciously enter secure networks and exploit flaws for their own personal (and usually malicious) gratification.

There are different kinds of hackers

However, in the hacker community, there are subtle class differences that the general public is not aware of. There are hackers who break into systems that don’t necessarily destroy them, who have the public’s best interest at heart. These people are white-hackers, or "good hackers." White-hat hackers are those individuals who break into systems to point out security flaws or bring attention to a cause. Their intentions are not necessarily to wreak havoc, but to do a public service.

Hacking as a public service

White-hat hackers are also known as ethical hackers; they are hackers who are working from the inside of a company, with the company’s full knowledge and permission, who hack into the company’s networks to find flaws and present their reports to the company. Most white-hat hackers are employed by actual computer security agencies, such as Computer Sciences Corporation (CSC). As stated on their site, "more than 1,000 CSC information security experts, including 40 full-time "ethical hackers," support clients in Europe, North America, Australia, Africa and Asia. Services include consulting, architecture and integration, evaluation and assessment, deployment and operations, and training. The deployment of ethical hackers to test the vulnerability of computer networks is one of the many ways CSC can help clients deal with ongoing security threats." These cyber security experts look for flaws in the system, and repair them before the bad guys can exploit them.

Getting a job as a hacker

Although white-hat hackers are not necessarily recognized as much as they should be, more and more companies are looking for people who can stay ahead of the individuals determined to bring their systems down. By hiring white-hat hackers, companies have a fighting chance. Even though these programming gurus were once considered outcasts in the public eye, many hackers now hold critical and extremely high-paying jobs with corporations, governments, and other organizations. Of course, not all security breaches can be prevented, but if companies hire people who are able to spot them before they become critical, then half the battle is already won. White-hat hackers have their jobs cut out for them, because black-hat hackers are not going to stop doing what they are doing. The thrill of penetrating systems and bringing down networks is just too much fun, and of course, the intellectual stimulation is unmatched. These are very smart people who have no moral qualms about seeking out and destroying computer infrastructures. Most companies that manufacture anything to do with computers recognize this,and are taking appropriate security measures to prevent hacks, leaks, or other security mishaps.

TIPS TO AVOID GETTING HACKED

There are a number of ways that computer hackings can occur. Not only can your entire computer system itself get hacked, but your website, email, and much more can all be victims to a computer hacking. If someone is able to hack into your website, your entire website could be compromised, along with if someone hacks into your email, imagine all the personal information that could be stolen from there. Here are a few tips you can use to avoid a hacker coming in and destroying your computer, email, or website. 

1. Make Your Passwords Tough and Change Often

It is beyond easy to have the same password for all accounts, which is why we all do it, but what happens when that password gets hacked? Everything gets hacked! Make sure to include symbols, uppercase and lowercase letters, and numbers. How are you supposed to remember all those? A password keeper! Take a second and visit Google and search for “password keeper.” Not only will they store your passwords, but they also will create unique passwords for you. 

2. Delete, Delete, Delete!

Times of technology are always changing, and so are the forms of social media. Remember when Xanga and MySpace were all the rage? Go back and delete those old accounts that you no longer use. There is plenty of personal information on there and probably the account has a password with your dog’s name and your favorite number. 

3. Save a Back Up

No matter if it’s just a simple research paper or your entire 1,000 page website, a version of it should be saved using an external hard drive, a flash drive, or by using an online service. If you have your website backed up and a hacker comes in, you can go in and change your passwords and put up your old site. 

4. Install Firewall and Anti-Virus Software

Firewalls forbid outside threats like hackers and viruses from being able to access your system. Now a days most computers already have anti-virus software on them from the beginning, but be sure to check that it is not outdated (or that you even have one) and to make sure it runs scans frequently. If you are looking for a free anti-virus software, try AVG.

5. Encrypt Data

To go along with storing your data on your hard drive as well as an external drive, make sure to encrypt it! This way if a hacker does get access to your computer, you get to put up a security gate and make everything hard to access. Try TrueCrypt when starting to encrypt your data. 

Follow these 5 simple tips and you should be able to avoid a hacker coming in and stealing your information and ruining your website.

WHAT IS 'HACKING'?

Hacking is the practice of modifying the features od a stystem, in order to accomplish a goal, outside the creator’s original purpose. The person who is constently engaging in hacking activities and has accepted hacking as a lifestyle and phisophy of their choice, is called a hacker.

Computer hacking is the most popular form of hacking nowadays, especially in the field of computer security, but hacking exists in many other forms such as phone hacking, brain hacking and etc. It is not limited to either of them.

Due to the mass attention given to blackhat hackers from the media, the whole hacking term is often mistaken for any security related cyber crime. This damages the reputation of all th hackers and is very cruel and unfair to the law abiding ones of them, from who term itself originated. The goal of this website is to introduce people the true philosophy and ethics of hackers, hoprefully clearing their name and giving them the social they deserve.