Why Hackers Target Large Websites
December 20, 2013 | Chris Ueland
A lot of you that are MaxCDN or MaxCDN Enterprise customers are involved with running a large website or multiple sites. We wanted to create a series of posts that share some of our experience and research to help better understand the motivations for being attacked and providing practical and current tips to protect yourself. As a service provider, we’ve had an inside look into attacks over the years. This article is the first of a several part series that I’m writing with security researcher and journalist Eduard Kovacs from Softpedia. We hope you enjoy them as much as we did putting them together.
YOUR SITE IS A TARGET
Major websites are often targeted by cybercriminals because the information they store or, the sites themselves, can be of great value to the attackers. The websites and systems of high-profile organizations can present an interest to all major categories of hackers: profit-driven cybercriminals, politically motivated hacktivists, and state-sponsored entities. Let’s take them each at a time.
When it comes to cybercriminals that are driven by profit, things are “complicated.” That’s because a hacked website/webserver can be abused in numerous ways, allowing the perpetrators make hundreds of millions of dollars each year.
For example, they can abuse web servers to host their phishing sites, malware, pirated materials, spam websites, and even child pornography.
In addition to hosting files, web servers can also be utilized for relaying spam, click fraud operations, and distributed denial-of-service attacks. DDOS attacks are not launched only by hacktivists. They’re often used by cybercrooks to extort money from businesses.
A compromised website’s underlying server can also be used as a proxy that helps profit-driven hackers hide their trail. A machine’s resources can be of value for mining Bitcoins and solving CAPTCHAs.
Finally, in many cases, major websites store a lot of sensitive information in their databases. Names, email addresses, phone numbers, payment card details, and other financial information can be used by the cybercriminals themselves or it can be sold on the underground market to others.
When it comes to politically motivated hackers, their reasons are usually clear. Whether its Anonymous, LulzSec, the Syrian Electronic Army or any other hacktivist group, they all want to use major websites as a medium for spreading their political messages.
Website defacement archives show that millions of websites have been defaced over the past years to display various types of protest messages against the US government, India, Israel, Pakistan, China and other entities that have caught the attention of a hacktivist collective.
Of course, a majority of these sites belong to small or medium organization and the world doesn’t learn about most of the attacks. However, every once in a while, hackers manage to breach the website of a major private or public organization, sites that are visited by millions of people each day.
The website of many major companies are highly secured, and it’s not easy to deface them. That’s when hackers turn to a clever trick called DNS spoofing (cache poisoning). DNS spoofing involves breaching the systems of a registrar and modifying the DNS records of certain sites so that their visitors are redirected to an arbitrary page.
The New York Times, Twitter, Rapid7, ESET, Bitdefender, Avira, AVG and even Google have fallen victim to such attacks.
In other cases, these hackers are after the data stored on an organization’s severs. Leaked sensitive or classified information can be used by hacktivists to damage a company’s reputation.
What hacktivists rarely think about is the fact that when they leak passwords or financial information online, cybercriminals will most likely copy it and use it for their own profit. Why bother hacking a website yourself when you can wait for politically motivated hackers to provide the data you want free of charge.
When we think about hacker attacks, we usually picture a guy wearing a Guy Fawkes mask or an individual from East Europe typing away at a keyboard, trying to raise awareness of something, or trying to make a profit by tricking unsuspecting users. However, over the past period, the world has come to realize that state-sponsored entities are also an important player in the hacking scene.
Governments organizations are trying to breach the networks of other states for economic reasons, for espionage, or simply to stay ahead of their potential adversaries in the eventuality of (cyber)war. However, governments can also target commercial entities.
Britain’s CGHQ is said to have hacked Belgian telecoms giant Belgacom. The NSA allegedly hacked Google, Yahoo and possibly other giants. Google, for instance, wasn’t happy at all when it learned that the intelligence agency had breached its data centers.