Well, if someone is determined enough, they don't need to be a true hacker at all. Google takes care of most of their problems, if they know what to search for. md5 was a good hash a while back, but if it's unsalted, it's simple to find a cracking site, type in the hash, and then you have some poor person's password. The tricky part is getting the actual hash, that is usually done via MySQL injection. That is where someone acesses your db and runs a "command line" type of query through your db. I'm not going to go into specifics, but if you do want a page on how to prevent this kind of attack I will post a link.
http://www.tizag.com/mysqlTutorial/m...-injection.php
Also, to any mods that do look at this, if that link somehow violates any rules, please remove it and accept my apologies. I need to get over and read the rules sometime >.>
As for an ISP monitoring a spike, it's more of a large mountain of increased bandwidth. If you try a DoS attack over a sustained period, the ISP will see that your bandwidth has spiked, and then they will see that you are sending data, rather than receiving it like you would in a download. As for the bank, the bank I go through manually changes my password for my online account every 7-10 days, it consists of 8 letters, a mix of upper/lowercase, and 4 numbers, all mixed up. When any transactions occuring over a day are made online, they then call my cell phone and notify me. I don't know if your bank does something along those lines, but my bank is fairly safe. But, if you go to goole and type in "Russia DDoS Estonia" you will get a whole bunch of results where what I just said wasn't the case. If you want to further your scope of intelligence on the matter, I suggest you read a few of those reports.
@technogeek
Honestly, the most common way to find an IP is through 3rd party clients, such as ventrilo, game servers, ect. I know that sounds retarded, but I assure you it's true. You can also get someone's IP based upon records on forums, although with dynamic IP's, those silly changing things, you would have to scan a whole IP range to find the correct target. You ask why people hack, that is an amazing question. That's kind of like asking why Racism exists. I can't answer that, people hack for different things. There are two different kinds of hackers, at least in my mind. There are those that intend to do damage, and then there are ones like myself, which I dub ethical hackers. People whom hack to extend there knowledge about a system, or even the virtual world, or to defend themselves and friends against other bad hackers. Hacking started out honestly enough, it was just the modification to a program, a game even. Look what it has become today, you can't say credit card theft, or identity theft, without hacking in that same sentence.
Also A VNC connection is much like a remote desktop connection, you can modify, and create/delete files on a system with a VNC server running. Most web servers do have VNC running for remote access for their webmaster/admin's, and sometimes have passwords EASILY brute-forced by an dictionary brute forcer.
Unsolved 
