Hackers earn money with your server
A hacker no longer necessarily breaks into a server, he breaks into a security hole. And this is best done simultaneously on 1,000,000 servers. Fully automated, a few days or even a few hours after the security update came out and the hacker has analyzed or reverse engineered it. He writes himself a robot script that does the work for him. 20-30 % of all web page views today are from robots – and these are not only those of Google and Bing.
So it doesn’t matter that there is nothing usable on the server from the customer’s point of view. It is far too time-consuming for the hacker to check this beforehand.
We had to learn that our customers can only assess the implications and the real danger when they understand why a hacker hacks web servers at all. As a rule, hackers only want to earn money. To do this, it sells server content or rents server capacity to other hackers. Not individually but in bundles of 1,000 to 5,000,000 servers. I have therefore written down 10 reasons why someone uses this hacker service without claiming to be complete.
#1 Customer Data
The actual customer data can be irrelevant. For example, it only stores whether a newsletter subscription is available or not. But a combination of usernames and passwords is always a nice find for hackers. Because he can then try them out on other relevant sites. A Paypal account is hacked because the login data on a hacked website was identical. People use the same password far too often.
#2 Hacking to hack others
One server is used to hack other servers. The aim is usually to make traceability more difficult. For example, if the White House is hacked, the NSA could only see from which computer the hack came directly. In other words, if in doubt, your web server has hacked the White House.
Hackers rent hijacked servers to spread viruses via their websites. In this case, a malicious code is deposited with which the visitors of the pages catch a virus.
#4 DDoS Attacks
DDoS attacks from many hacked servers to a target paralyze web servers or entire networks. It’s like turning off the power. So many requests are generated that the target server can no longer answer them. Overload.
Hackers do this on behalf of a competitor, for example, in order to switch off the shop. This then loses turnover, customer confidence, and Google ranking.
Some automatically hijacked servers are made available via APIs for such attacks.
#5 Viagra Links
The hacker gets money for traffic to his customers’ sites, that is, for the number of clicks.
He changes links for this. Sometimes this happens obviously or very well hidden if for example only a part of the inquiries is shifted. Then the wrong links may be noticed much later.
A hospital came up to us once:
“Somehow there’s something wrong with Google. Whenever we search our site via Google, we find Viagra hints there. But on our side everything is correct.”
With the help of its conquered servers, the hacker makes SEO optimization for its customers. It installs invisibly, for example, Viagra links on the website, which are only visible to search engines. This increases the number of external links to the target server and thus the ranking for his customer’s site. And he’s getting paid.
Trusted servers that send e-mails sell well. The hacked servers generate revenue per minute by sending spam.
For example, a Formula 1 circuit approached us because they always ended up on anti-spam blacklists. They could not send emails because they were blocked.
Instead of looking for the reasons, however, the admin has only bothered to be deleted from these blacklists again and again. In the end, it turned out that several 100 million emails were sent via his server.
#8 Dig Bitcoins
Hackers use the servers in their power to create bitcoins themselves with these server farms: The power consumption of the hacked server increases and its computing power decreases.
#9 Peer-to-Peer to illegal file-sharing services
The hacked server is used to provide illegal downloads/movies.
We used to have a bank that came up to us because her side was so slow. We tested the system on our own servers first, everything was fine.
A network traffic analysis revealed On the server were films of an exchange platform, 95 % of the server space was occupied, 100 % of the bandwidth was used for the films.
#10 Gate exit node
The goal of the Tor network is to make anonymous surfing possible. Everyone can use it for different things – but also not to be prosecuted. The exit point is a weak point of Tor. If someone provides an exit point for the Tor network, they can become the starting point for a criminal investigation. Hackers use infiltrated servers to create exit points that are not made available voluntarily and also have the option of manipulating outgoing traffic.