I own and operate about 20 web site properties for myself and for friends and family and have done so for the last 3 or so years. And for the first time in that period, I have been hacked…. twice….Ouch. And although it has been a major headache to figure out how to clean out my sites and then prevent them from being hacking again (read: days of boring work skimming through lines of code for injections, endless blog post reading and 10’s of calls to Godaddy), in the end I can sort of say it was worth it, sort of. Now at least I have experience with the subject and without any significant negative consequences other than a week of my life gone to digital heaven. The experience also made me think about hacking, it’s culture and how it might be used in a more positive way. Let me explain a little.
The first hack, which affected about 5 of my WordPress properties, was pretty clever I have to say. Some how they injected a bit of code on a bunch of my files (mainly the htaccess files), which caused traffic to my site to re-route to a series of different websites. The hackers probably made a penny or two each time one of my visitors landed on one of these other sites (through affiliate revenue). The hack was even more devious because they only redirected visits to my site that came through referral sources, like google – not if anyone went directly to my site. This made it so I did not even notice the hack for a couple of days. Like I said, pretty clever, holding back on the short term profits for a possible longer term payout.
The second hack, which was much harder to clean up, was less “sophisticated” and made me think deeper – since the reasons for doing it made less sense. Basically, they infected many files on my site, so many that it brought the whole site down. When you went to the site, it was just a white screen “of death”. None of my admin screens were available and without doing a ton of repair work or the luck of having just backed up my files, I was probably going to have to throw out the site all together. And I presume that the goal of this hack was to do just that.
But why? The person who initiated the hack was not even able to see my face. A pissed off, disappointed face that I guess he could maybe imagine all his victims having? Maybe, the guy or women, who created this script is simply evil and just has an appetite for faceless doom and destruction without recognition? But after pondering it for a while and talking to some people, I think these types of attacks originate from a different mindset.
The mindset, whether right or wrong, is that if it can be hacked – it should be. Despite the negative implications of this montra such as my hacks, there are obvious benefits for this type of thinking and both the private and government sectors have been capitalizing on it for years. Large corporations such as Apple or Microsoft routinely hire these types of people to intentionally hack their operating systems prior to launch. This way they can identify the holes and fill them before the real launch.
I started to think about what it might look like if you took the “if it can be hacked, it should” mentality out of the tech world and placed it into other areas that tend to not be as precise. One area I thought of would be – New Legislation Hackers. These people would take a proposed law and try to hack it in anyway possible to either bring it down or use it to their own unintended benefit. For example, if we had had Legislation Hackers as we were deregulating many of our banking laws – we might have had a less severe financial collapse (I know that is debatable, but I am using it here for dramatic effect).
Now I am not advocating everyone taking on this mentality in everything we do. I do however see that there are potential benefits – at least during prelaunch phases of projects of all varieties – in having the hackers mentality. I just wish I didn’t have to have my sites hacked to figure that out!