Motives

By Martin McBride, 2017-02-18
Tags: none
Categories: none

Why do attackers target websites? What do they hope to gain? There are several common reasons.

Stealing user data

Many websites store user data, which is necessary for normal operation of the website - allowing users to log on, post messages, make purchases, etc. Many attacks seek to access this information, often through SQL injection.

User email addresses can be used for spam and phishing attacks against users of the site. Phishing attacks will often try to persuade users to log onto a fake site. If the attackers have extra information, for example which items you recently purchased, they can use this to make the email seem more convincing.

User passwords allow the attacker to log on to the site as if they were a different user, and post messages, make purchases etc.

Unfortunately, people often use the same username and password for different sites. If criminals obtain your password from somewhere unimportant such as a user discussion board, they might be able to log into your bank account if you have used the same password. This makes password information very valuable.

Payment details such as bank or credit card details give criminals the ability to steal money or make unauthorised purchases.

Shutting down a website

Some attacks have the aim of shutting a site down so that users can no longer access it. This is sometimes simply vandalism, and is sometimes performed by taking control of the web server.

In more serious cases, he aim is to blackmail the site owner, by taking a busy commercial site down at a critical time so that the owners face losing money if the attack continues. More organised criminals like this will often use denial of service attacks.

Hacking the website

The aim is sometimes to alter the front page of a website to contain the attacker's message, often as a protest or for notoriety.

Many websites allow an administrator to update content remotely (for example, Wordpress does this). Anyone who obtains the administrator password in some way can easily perform this attack.

Forum spam

It is quite common for people to place spam messages on internet forums, to act as free advertising for their website or product. This isn't difficult to do, and isn't usually illegal. But if it isn't deleted, it does ruin the forum for genuine users.

See also

Sign up to the Creative Coding Newletter

Join my newsletter to receive occasional emails when new content is added, using the form below:

Popular tags

555 timer abstract data type abstraction addition algorithm and gate array ascii ascii85 base32 base64 battery binary binary encoding binary search bit block cipher block padding byte canvas colour coming soon computer music condition cryptographic attacks cryptography decomposition decryption deduplication dictionary attack encryption file server flash memory hard drive hashing hexadecimal hmac html image insertion sort ip address key derivation lamp linear search list mac mac address mesh network message authentication code music nand gate network storage none nor gate not gate op-amp or gate pixel private key python quantisation queue raid ram relational operator resources rgb rom search sort sound synthesis ssd star network supercollider svg switch symmetric encryption truth table turtle graphics yenc