If you’re looking at a site that’s been defaced, filled with Spam links, find your site has been disabled and replaced with a demand for money or you’ve found out that you got shut down by your web host for sending Spam, then you’ve probably been hacked.
Recently, the Schweb team worked on a site that had been hacked. This wasn’t an instance of national security, but to our customer, and to us, it was important. Hackers exploited this site’s vulnerability. This site was built on Joomla.
According to Schweb Design, LLC Senior Developer, Jason Borden, “When a site is hacked, there’s very little we can do beyond restoring from a backup. To remove a hack from a site, we’d need to find out what was changed and undo it. This is nearly impossible, because there are so many places to check. Tens of thousands of website files could have been modified so there’s no way to guarantee we’ve completely eradicated a hack.”
Instead, we can “erase the site and restore a backup,” said Borden. “This means that [the customer] will likely lose data, particularly if the site is an ecommerce store. If that’s not possible, we have to create a new site and migrate the content over. This is costly, because it's a significant portion of the work to create a new site.”
Some people think that just because they have a small site, or a small company, that hackers won’t target it. That’s just not so. Most website hacks that we clean up are the result of a vulnerability in common software components shared among many other sites. When a vulnerability is found, hackers create hacking tools to scan for an hack all websites with this vulnerability.
At Schweb, we take regular backups of our clients’ websites. Although restoring a backup of your site isn’t a large ordeal in the case of a hack, the real danger is that your site becomes hacked without you even noticing it, causing harm to your visitors, customers, or your brand.
Some think that their security is so robust that it’s just not possible to bust through it. That’s no so, either. It’s nearly impossible to defend against every conceivable way for someone to break in and a hacker only needs to find a single point of entry.
This begs a series of questions: Who are hackers? What are they targeting? Most importantly, how can you stay safe?
Who Are These Hackers, Anyway?
Hackers are people who often like take things apart and rebuild them. They may enjoy tinkering and learning. They’re curious, intelligent and capable.
Hackers can be teenagers or adults. Some have sophisticated degrees; some are high school dropouts. Some are barely old enough to be in school.
Here are three quasi-famous examples: there was once a 5-year-old named Kristoffer von Hassel who wanted play Xbox. His Dad wouldn’t let him play games with age restrictions so Kristoffer would log in, type in a fake password, and get to the games through a security glitch.
Kristoffer just wanted to play Xbox.
Then, there’s Ryan Clearly and Jake Davis.
The 20- and 19-year-old hacked into government agencies like the CIA, the Pentagon, and the Arizona State Police and flooded the sites with traffic which made them crash.
There’s also DJ Stolen.
The 18-year-old hacked into media mogul’s computers and took unreleased tracks. DJ Stolen then sold the tracks from Lady Gaga and Justin Timberlake, to name a few, and made 15,000 euros selling them.
As you can see through these three examples, hackers want different things and they don’t fit a single archetype.
What Are Hackers Targeting?
All hackers target and exploit vulnerability. They’re looking for the problem of how to get in and they’re looking for tools to beat the defenses or to find ways around them.
In the instance of the site that we were working on in our office, the hacker found a weak point in Joomla, and messed with the data.
Other times, when a site is hacked, it’s defaced.
“Defacing used to be the primary result of a hack,” said Borden. “But now hackers got smarter and try to make money so they’ll make a site that’s filled with Spam links or Black Hat SEO, they’ll disable the site and replace it with a demand for money or the site can get shut down from the web host for sending Spam.”
Hackers aren’t necessarily doing this as a personal attack on any one person or organization; sometimes they’re trying to solve a puzzle with unintended consequences. In our real-life example, hackers exploited a vulnerability in a content management system.
Hackers may be targeting the sense of accomplishment they feel when they crack your computer. Some enjoy the math behind it. Some enjoy outsmarting opponents. Still others feel a rush when they make your computer, server or website do something it was never intended to do. Some aim to steal credit card numbers or Social Security numbers. Some write code to connect social networks with Spam Assassin to look for ladies. Others crack key fobs to open cars and loot them. Sometimes hackers want efficiency. They’ll insert a line of code to bypass having to allow you to accept their friend request, and instead they’ll automatically friend you and everyone you know.
Regardless of the why, the what remains: they target a weak point and get through it.
What Can You Do to Avoid Being a Target?
Most hackers work by installing viruses, denial of services, and phishing.
A virus is a program that users unintentionally install that harms a computer. Viruses can then be spread through the network to other computers, usually through deception. For example, people are tricked into installing fake software. Often, the trick looks like a security update and by the time the victim clicks on the link, it’s too late.
Once installed, the virus can steal and delete files, take over programs and operate the machine even when a user isn’t there.
Viruses can even link up to other computers, create a bot and take down websites. When this happens, it’s called a distributed denial of service. That’s what happened in the case of Ryan Clearly and Jake Davis. This gave hackers the opportunity to overwhelm the websites they targeted with millions and trillions of requests, called a denial of service attack, which crashed the sites.
Hackers have also been known to send Spam to people to trick them into revealing their information. This is called phishing. Hackers are after information and money.
Most times when a computer or system is hacked, it’s not because there was a grandiose plan to set up like a distributed denial of service like the Ryan Clearly and Jake Davis situation.
Most times, in our experience, someone made a mistake. Someone clicked the wrong button. Someone opened the wrong attachment. Someone forgot to make all their passwords different.
What happens when these mistakes occur?
“We had to erase the old site and migrate the content over,” said Borden.
In our real-life example, Cameron Hess, owner and manager of Schweb Design, laid out a new design for the customer. Borden created it in Drupal. My job was to move content from the old, hacked site to the new one.
Borden was pleased when the content was moved.
He sent me a message in Slack and said, “that's a lot of risk avoided with the old content having been on a hacked site.”
The old site was still hacked. We couldn’t unhack it but instead, “once the content is all moved off the site, we can erase it, and in doing so remove the hack,” said Borden.
What Can You Do to Help Your Cybersecurity?
Borden has some hints. He advises others to, “make sure updates are done, make sure backups are happening, and when the site gets hacked, make another backup and contact a professional immediately.”
• Update your website’s content management system’s core versions and plugins regularly. This is a service Schweb Design provides to our clients for all websites. Contact us if you’d like to talk about this.
• Change all passwords. Create a password that’s easy for you to remember but hard for others to guess. A good way to do this is to think of four random, unrelated words and use this as your password.
• Set up two factor authentication.
• If something sounds off from someone who sent you the document, don’t open it.
• Install firewalls.
• Use SSL protocol.
• Notice something suspicious? Call us immediately.