Someone wanting to make a system secure has to make sure every single part of it is secure; someone wanting to break the security need only find one flaw to exploit. This makes the task of implementing cryptography harder. Added to this is the fact that it is far easier to remain anonymous on the Internet than in the 'real' world.
Electronic vandals have graffitied the CIA's website (and the University of York Jiu Jitsu Club's website), as well as interrupting newsgroup messages and mail-bombing various organisations. Many hackers can use newer technology than was used to make the website, or those that are mathematically-trained can invent new procedures for getting access.
Flaws can appear anywhere - Netscape's security was compromised by a bad random-number generator. Bad implementation at any point in the program can lead to security problems, and it is often this poor implementation, rather than the system being used, that causes the worst security flaws. Since testing does not highlight the problems, these difficulties can end up in complete products, which is why they are so dangerous.P
A further problem is human error. One example is the University of York Concert Band who, until it was spotted recently, had a file that allowed any user to enter their e-mail account without a password. This had been written by an eager student who couldn't be bothered to type his password in each time, but it meant that anyone could gain access to the account, and from there gain access to the university's systems. Another example comes from The Code Book - the author, Simon Singh, together with a cryptography expert, encoded the final challenge in the book with RSA and 3DES. Or so they thought. Somehow they both failed to notice that instead of [encrypt with key 1, decrypt with key 2, encrypt with key 1] they had done [encrypt with key 1, decrypt with key 1 (back to normal text!), encrypt with key 2]. Instead of 3DES, they had effectively encoded it with the insecure DES. None of the challengers noticed, otherwise it would not have taken them over a year to crack the code - nearer a few minutes on a very fast dedicated computer!