In a research conducted by Kaspersky Lab, Dmitry Bestuzhev claimed, “When the value of stolen credit cards and other types of credentials are added up, hackers can easily take in $1,000 worth of data from just one hacked computer.”

Quite often I’m asked, “Why do hackers hack?”

I’ve always responded with various examples of how the hackers (cybercriminals) make money. Many often think that it’s just stolen credit cards, however, in the last year, I’ve seen the tide moving away from just credit cards to various other forms.

For instance, do a Google search on “pay per install” and you’ll find an entire underground where people are paid for installing “crapware”. This is software that doesn’t really add any functionality for the end-user. What it does do is provide the people paying the hackers a way to make money from displaying ads or in some cases, for remotely controlling the PC.

Hackers also use infected PCs to send SPAM. Don’t think SPAM sells any products? Do you think that as valued as a compromised PC is to hackers, they’d risk being eliminated if it didn’t produce some return?

Obviously statistics aren’t available for what kind of returns they get. Numerous requests for interviews were all declined by those in the hacker communities.

In addition to stolen credit cards, pay per install and SPAM, Bestuzhev has seen Gmail accounts for sale on Russian hacker forums, with asking prices of$82, RapidShare accounts going for $5 per month, as well as Skype, instant messaging and Facebook credentials also being offered. He recently witnessed one offer to buy a hacked Twitter account for about $1,000. The particular Twitter account had 320 followers.

Now there’s a new Internet Marketing strategy – build up a quick Twitter following then sell it to hackers.

For those who are always wondering why hackers hack, it’s because they make money – lots and lots of money.

As our focus is website security, imagine why they want to infect so many PCs with their drive-by downloads. With so many people having Twitter accounts, is it any wonder why they want your website?

Think about the numbers. If the hackers are willing to pay $1,000 for a Twitter account with only 320 followers, imagine how much they can make off of that. The hackers know numbers. They know that if something costs them $1,000, it must be able to generate at least 10 – 20 times that. It’s all about risk versus reward.

How would you know if your PC is hacked? Would you know if your Twitter or Facebook account were hacked? How many people could be infected from your: Twitter page, Facebook site or website?

I just thought that those of you who follow me on this blog, might want to know.

An educated website owner is the best kind.

Let me know your thoughts or comments on this.

I read recent reports about how the famous actor Johnny Depp died in a car crash – this is a scam!

I guess the cybercriminals didn’t get enough traffic out of luring the soft-hearted to fake “Save Haiti” websites so they created their own high-traffic story.

Oh don’t worry. Unlike many of the cybercriminal schemes where just visiting a website will attempt a barrage of PC infections, this one lures you into wanting to download their “mother lode of infectious code.”

As of Sunday January 24, 2010, the search term: johnny depp car crash, was searched over 13 million times. It was even a trendy topic on Twitter which helped add fuel to the fire.

Like I’ve stated before, hackers or cybercriminals, which ever you prefer, know how the human mind works. They know we initially read a story, then if there’s pictures or better yet – a video, we’re going the distance for the full effect.

If you Google, johnny depp car crash, you’ll see one listing from CNN. This might lead you to believe that this story is true. If CNN covers it, it must be true. However, clicking on the link to the “CNN” story, will take you to a website that looks like CNN, but it’s not.

The site simply whets your appetite for blood and guts.

After reading that story, you’ll probably want to see some of the videos taken of the car crash. Maybe you can see the famed actor dead on the ground or something almost as gruesome. So your next search is for videos of the Johnny Depp car crash.

Many sites were offering those.

Unfortunately, or fortunately, you couldn’t watch the video unless you had the correct video software – and you could download it right there, if you really, really wanted to watch the video.

BAM!

They got you. The video software (codec) wasn’t really going to let you view the video. What it was going to do was let the hacker have access to your PC – whenever they wanted it.

The moral of this story is, don’t believe everything you hear or read. Don’t be a victim of a scam that some cybercriminal has concocted. If some famous person has passed away, watch TV. Go to CNN.com and search for it there. Don’t fall into the bottomless pit of despair by allowing yourself to be lured into one of these scenarios.

Remember, that as a website owner, your site could become infected by something you did online, a story you read, or a video driver you downloaded. That could be more damaging than not being totally up-to-date on whether or not someone famous died.

That’s just my opinion, what’s yours?

Talk about timing. Techcrunch, one of the most popular websites on the Internet with an Alexa rank of 373, was hacked and defaced today.

The timing was incredible because Apple is expected to announce their new tablet tomorrow (Wednesday) and it was certain that Techcrunch would be covering it in detail which would cause possibly millions of visitors to the site.

At first, the defacement contained nothing more than a link to a rapishare download. However, since the original cause had not been determined, the hackers/cybercriminals/defacers had changed the homepage a few times.

Approximately 10 minutes after the first defacement a webpage saying nothing more than, “We’ll be back shortly.” appeared and then a message showing, “What a (f-word) useless hack isn’t it? Bleh” and a link to dupedb.com.

Imagine the potential magnitude of this if instead of a defacement it would have been delivering some new, unfound, malicious payload to every visitor. What if when you tried visiting that site, you saw the infamous, “This site may harm your computer” moniker that Google puts on websites that are considered suspicious?

Surely a site like that wouldn’t be compromised, right? Would you have just switched browsers and gone to the site anyway?

As of this writing, I still haven’t seen any reports on how this happened, but I’ll be following this closely to determine what precautions you may need to take to prevent this from happening to your digital assets.

Many speculations are flying across the Internet. Techcrunch is based on WordPress so many automatically assume it’s a vulnerability there. Others have suspected that since Techcrunch is hosted on Rackspace, who was in the middle of the Aurora attack on Google recently, that it might be remnants of their recent woes.

At this time, nothing is official but I’ll keep watching and let you know what I find…

According to a blog post on Network Solutions website, a few hundred websites were defaced by a file inclusion exploit.

They acknowledged that multiple servers were “hit” with a defacement where the home pages were replaced with webpages containing anti-Israeli graffiti that included graphics of masked gunmen complete with rocket launchers. All this from and a message: “HaCKed by CWkomando.”

As of this writing, many of the sites have been cleaned up and Google searches on that term mostly show people reporting the infection rather than websites that have been hit.

Personally, if it is the result of a file inclusion exploit, then I hardly think it’s Network Solutions fault. It sounds to me to be more like a vulnerability in someone’s code. However, the fact that it affected multiple sites leads me to believe that maybe one site was hit and from there the hackers (cybercriminals) were able to reach other websites on the same server. Then it becomes an administration error which could be the fault of the hosting provider.

I’m not blaming Network Solutions. I commend them for announcing this and working diligently to fix the problem. Too often we work with website owners who have their site blacklisted not due to their fault, but because someone else’s website on the same server has been compromised and the hosting provider just simply throws up their arms and says, “It’s your problem, not ours!”

If your site is hosted with Network Solutions, stay with them and let them help you help yourself. Give them credit for taking control and working through this issue.

They provide a contact for any website owner who has been affected by this: http://networksolutions.com/support/ or on Twitter @netsolcares

Let’s give credit where credit is due. They are not pointing fingers. They are taking control. I applaud them.

Let me know if you agree or disagree.