May 23, 2016 7:24 AM / by Joshua Ballard
Depending on your site, there are a range of things that a hacker may have been trying to do. This list is by far not exhaustive, but it outlines some of the chief motivations or reasons that a hacker may have.
Generally these motivations come from a financial perspective, though this is not always the case.
You may be surprised to find that there are more ways hacking can make money than simply credit card theft!
Stealing or Accessing Data
One reason that a hacker may target a particular website over another, is if they are trying to steal or access private data. When you hear of large scale hacks on the news, this often the motivation. A recent example would be the hack on the adult site Ashley Madison. In this hack private user data was stolen, which compromised the identity of their entire user base.
When you are trying to assess whether data access was their principle motivation for the hack, you will probably ask yourself the simple question of “what data did they access?”
The reality is, this is not always clear. It can take considerable resources to track the data flow through a website and to see what the hackers may have accessed or removed.
You must operate on the assumption, that all data stored on your website core files will have been compromised.
You will need to determine what data was being stored on your website core files, and act accordingly.
Personal Data (non-financial)
If for example you keep user data on your core website files (aka on your server), such as:
- log in credentials
- email addresses
- other personal information, such as names, phone numbers
Then you will have an ethical responsibility (and in many jurisdictions a legal responsibility) to notify the entire user base of the potential data breach.
This is especially important, due to the fact that any users ‘recycle passwords’ across multiple platforms. Which means that their associated email address and log in password to access your site, may also be their email and log in details for many sites.
If you feel that this is embarrassing, then take a moment to reflect on 2014 when Ebay had to send out a very similar email warning their customer base of the need to update passwords across all platforms due to a hack.
If you are using a 3rd party form provider, or CRM, then there is a very good chance that any user data collected will not have been breached. You will need to contact your form provider or CRM provider in order to validate whether the data would have been vulnerable.
In many cases, the data is captured by a widget on your site, and sent directly to the third party website. You will need to find out if any personal details entered onto an embedded form will have also been saved (temporarily or permanently onto your website core files).
Note: If your website uses an accounts based system, in which a user logs into your backend, then you will definitely need to notify all users of the data breach.
First of all, if you are currently accepting financial data (credit card details) directly onto your own website, and not redirecting to a third party trusted website (paypal, a bank’s payment gateway, and so on) then stop immediately.
I know this does not help you now, as you look down the barrel of potentially having lost credit card details for every customer, but the hard truth is that you realistically should have never been allowing customers to key in credit card details directly onto your website in the first place.
I don’t care if the fees are higher for using external card processors, those higher fees are in place to help pay for complex and expensive security measures to be put into place.
It is now your responsibility to notify EVERY customer that it is time for them to call their bank and cancel their card number. This does not mean send them an email, emails can be missed or forgotten. Call them.
You need to also tell your bank (or whoever it was that you had doing the final processing on the cards) that you have had a security breach. They need to know, and they can help other financial institutions cancel the stolen card details quicker.
Yes, this is embarrassing for you. I can however guarantee that this will be a very steep and sharp learning curve for you.
No, your SSL certificate does not mean you are in the clear.
Just remember, this also happened to the Target retail giant, people may blame you for your negligence, but as long as you try your best to make things right, you may not have lost a customer forever either way, this should not be your primary concern right now.
You may want to consider hiring a PR agency to help get you through this at a later stage, for now you must focus on the task at hand.
Setting Up a Phishing Scheme
I have gone into greater detail further down on how to check for a phishing scheme operating on your website.
In terms of why they would set up a phishing scheme, it is enough to simply say that they are using your website as a means to collect personal and potentially financial data from users. The dynamics are a little different to the methodology involved with stealing the data from your site itself.
In this instance, they are using your website more as a tool, and less as a source.
Using Your Website to Overtly Advertise or Market Their Website or Product
This is pretty straight forward, again further detail can be found below.
In this scenario they have plastered your website with CTA’s (Calls to action) banner ads, and links to their own website or product.
This tends to be pharmaceuticals, adult content, counterfeit designer clothing and a myriad of other products. It changes from hacker to hacker.
You will be able to spot an overt use of your website quite easily just by looking at it.
Using Your Website to Covertly Advertise or Market Their Website or Product
This one is a little different, and is specifically designed to fly under the radar.
If you are not familiar with SEO (search engine optimization) then I will try to outline it in a very simple and quick way.
Google ranks a website (determines the order in which they will be displayed on a results page for a specific keyword) with a very complicated and sophisticated algorithm.
A large factor in this algorithm is measuring the metrics of a website based upon inbound links from another website.
Essentially, if a quality website links to your website, then this helps to tell Google that your website is also quality, and should rank higher. This is similar to the idea that one website vouches for another website.
The problem that a spammer or hacker encounters, is that the website they are trying to rank is generally not a quality website.
In this scenario, rather than do some honest, time consuming and often expensive work, they decide to cheat.
One way they cheat is by forcing entry to a quality website (such as yours) and setting up links that point to their own website.
In theory, this then ‘tricks’ google into making their website more prominent and profitable.
In practice, Google sees exactly what they have tried to do, and then labels the hacked website as hacked.
This could very well be why you are here.
When I first experienced having a website under my supervision being hacked, this is the exact type of hack that they carried out.
I will dig a little further into the nuts and bolts of this, and how you can detect it further down.
Placing Malicious Code into Your Site
If you are here due to a warning that your site may be hacked, then this is potentially not the reason that they hacked you.
Google has a different set of warnings in place for a site that they have detected malware on, including a page in between with a giant red warning sign advising you to reconsider.
If however you have received a malware warning (this will be in your Google Search Console security panel) then the Google resources for hacked sites will be the best resource for you.
The malware may suit many purposes, it can assist in stealing data, gaining additional access around the internet, controlling computers, installing cryptolocking/ransomware software, and much more.
Malware truly is the dark side of the internet.
If malware is involved, then I can strongly suggest you have professional assistance, and make sure that you quarantine your site immediately.
Hacking In Order to Disrupt your Business or Message
I don’t know what your website is about.
Perhaps you sell cookies and glitter, perhaps you vehemently promote hate speech or misinformation.
Maybe you promote or discuss controversial topics, such as eugenics, euthanasia, abortion and so on.
Maybe you promote your own religious or political views.
There are so many ways to make enemies out of ideologies in this world, and the internet has only intensified this in some ways.
You may need to consider that whoever hacked your site was not even trying to make money, rather all they wanted to do was to interrupt your ability to communicate your ideas.
This is also a darker idea in many ways.
There is always the chance that whoever hacked your site had financial motive, but their means of collecting was to gain a higher market share in your shared industry.
Dwelling on this concept will A) not help you and B) take you down the dark path of accusation, paranoia and contemplative retribution.
I personally wasted quite a lot of my time and energy contemplating whether it was perhaps a competitor who had our site hacked.
This thought process leads nowhere positive.
Focus instead on what you need to do now, and how you are going to be better prepared next time.