One of the questions we keep getting frequently from businesses as well as others is why do hackers hack? What do they get from doing damage? Is it just about money? Or ego?
Well, there are numerous reasons why hackers hack a website or an app or even servers. And this is nothing new. In the early days of the internet, hackers hacked websites or took down services just to show they could break a system. So, you could say it was more about their ego or showing off or sometimes just to make a point that something can be broken. These days, it's way more complicated and so are the intentions behind such activities.
So, Why Do Hackers Hack
I am sure you guessed this. One of the most common reasons for hackers to hack is to steal or leak information. This could be data and information about your customers, your internal employees or even private data specific to your business. These are cases where hackers typically go after big targets in order to get the most attention.
Some of the biggest examples are the Ashley Madison hack or the Starbucks app hack. In the Ashley Madison hack, hackers were able to break into the customer database and get access to all the information including many private pictures of popular celebrities. This incident was a big shakeup in the Internet world which also affected private lives of many people.
A lot of times, hackers also steal information in order to assume your personal identity and then use it for something else like transferring money, taking a loan, etc. Such incidents have increased after Internet banking and mobile banking have started to become more popular. With the growth of smartphones and mobile devices, the potential for monetary gain through hacking has also increased.
Many big businesses have fallen prey to this - Sony, Target, Yahoo, Equifax, eBay, HomeDepot, Adobe, to just name a few. Even though there has been a lot of media attention about all the above companies being hacked, most businesses still believe this won't happen to them. By not being proactive about security, you are only putting your data at risk.
Hackers just love to take something down. And then also leave a statement on the website - more on that later. But hackers have successfully taken down many services by creating bots that overwhelm a server with traffic, thus, leading to a crash. It is known as a DoS (Denial of Service) attack and can put a company’s website out of service for a while. These days, there's also DDoS or Distributed Denial of Service attacks which use multiple infected systems to take down a single major system leading to a denial of service.
There are other ways also, like infecting a large network with malicious software inserted onto one computer either through email or otherwise which leads to a chain reaction affecting the whole network.
Server disruption attacks usually have their own personal motive. Mainly, it is to render a service or website useless. Sometimes it can also be to make a point.
Make a Point
The hackers who fall into this category are very interesting. They don't care about money or data. They seem to feel that they have a higher purpose in life. They want to steal information or disrupt your network in order to make a point.
Again, going back to the Ashley Madison hack, the hackers had access to account details of 32 million users but before they made this public, the hackers left a message on the website to inform everyone on what they are done. They also mentioned what they thought about the website and why they thought a service like this was immoral. Here's a screenshot of the message left on the website by the hackers:
This is what everyone usually fears about. We've seen many businesses reach out to us at the stage when they have already been hacked and a hacker is demanding money. Hackers not only hack businesses and ask for ransom but they also try hacking into regular user accounts and try to take advantage of things like online banking, online retail, etc. where financial transactions are involved.
Last year also saw the biggest ransomware attack called WannaCry where millions of computers around the world were hacked and users had to pay a ransom to get back access to their computers.
Driven by Purpose - Hacktivism, Idealism, Political Motives
Many hackers are also drive by a specific purpose. Sometimes, this comes out only when they get caught. Some of them aim to be idealists and take it upon themselves to expose injustice, some have political motives, some simple target the government, and so on. A major example is a hacktivist group called Anonymous who have been popular around the world for challenging and taking down many governments. These hackers can target religious groups, governments, movements, to promote a particular agenda.
Another example of a politically driven agenda was when France was having an election last year. In fact, at the beginning of May, we all got to know that Emmanuel Macron, President-elect for France, had his presidential campaign emails leaked following a hack. Giving the timing of the hack, many speculate that it was done with a purpose – to sway the votes.
And so are the speculations about the US presidential elections when Donald Trump became President.
What Can You Do To Be Safe
Businesses often tend to give it away rather easily because they think they will not be hacked. Some of them also have a reactive nature where they'd only do something once a situation arises. The fact is that hacks happen all the time. They've been happening for years and they've only increased with time. It happens to business and users, all shapes and sizes.
One of the best things you can do as a business is to proactively test the security of all your interaction entities - websites, mobile apps, networks, etc. by performing penetration tests either through service providers or using an automated security testing tool like Appknox. Run these tests on a regular basis and make sure your systems are up to date. Additionally, always keep an action plan ready on what to do if a breach happens. It's always better to be safe than be sorry.