What actually is compute hijacking?

Computer hijacking refers to a form of cyber attack in which an attacker takes over and controls a computer, entire server or a network without authorization. The aim is often to use the resources of the hijacked system for their own purposes without the legitimate user noticing or being able to prevent this.

How do hackers gain access to the systems they want to take over?

Attackers use targeted vulnerabilities in server software to gain administrative rights and encrypt systems or steal or falsify data. They use these techniques:

  • Brute force attacks: here, attackers automatically try out numerous password combinations until they find the right one. Servers with weak or standardized access data are particularly at risk.

  • Phishing and social engineering: Users are tricked into disclosing access data through fake emails or websites. This method is often the entry point for further attacks.

  • Malware and malicious software: Attackers introduce viruses, Trojans or ransomware onto the server in order to gain control, steal data or encrypt systems.

  • Exploiting software vulnerabilities: Unpatched or faulty software offers attackers a target. Examples include zero-day exploits, SQL injection (injecting malicious code into database queries) or cross-site scripting (XSS).

  • Session hijacking and man-in-the-middle: Attackers hijack active sessions or infiltrate the communication between user and server in order to intercept data or gain access.

  • Attacks with repeatedly used access data: Stolen or leaked passwords are automatically tried out on different systems, as many users use the same access data multiple times.

Once a hacker has gained access to a server, there are various scenarios. These scenarios almost always include further attacks to find out whether there are other weakened systems that may then also be attacked.

What exactly can a hacker do with a stolen server?

There are many well-known examples of servers that have been taken over by attackers.

One well-known example is the Marriott data leak (2018)

Attackers infiltrated Marriott's network via a compromised third-party provider, captured password hashes from privileged service accounts and used pass-the-hash techniques to gain access to the Starwood database containing millions of guest records. The vulnerability remained undiscovered for months.

In the most common cases at present, hackers are after money when stealing or encrypting data. The victims are blackmailed and, in many cases, put in the digital pillory.

Less common are cases that can be traced back to state-supported espionage missions, as in the Marriott case.