Why and how do systems get broken into?

This is hard to answer definitively. Many systems which crackers break into are only used as a means of entry into yet more systems; by hopping between many machines before breaking into a new one, the cracker hopes to confuse any possible pursuers and put them off the scent. There is an advantage to be gained in breaking into as many different sites as possible, in order to "launder" your connections.

Another reason may be psychological: some people love to play with computers and stretch them to the limits of their capabilities.

Some crackers might think that it's "really neat" to hop over 6 Internet machines, 2 gateways and an X.25 network just to knock on the doors of some really famous company or institution (eg: NASA, CERN, AT+T, UCB). Think of it as inter-network sightseeing.

This view is certainly appealing to some crackers, and certainly leads to both the addiction and self-perpetuation of cracking.

As to the "How" of the question, this is again a very sketchy area. In universities, it is extremely common for computer account to be passed back and forth between undergraduates:

"Mary gives her account password to her boyfriend Bert at another site, who has a friend Joe who "plays around on the networks". Joe finds other crackable accounts at Marys site, and passes them around amongst his friends..." pretty soon, a whole society of crackers is playing around on the machines that Mary uses.

This sort of thing happens all the time, and not just in universities. One solution is in education. Do not let your users develop attitudes like this one:

"It doesn't matter what password I use on _MY_ account,
after all, I only use it for laserprinting..."

- an Aberystwyth Law student, 1991
Teach them that use of the computer is a group responsibility. Make sure that they understand that a chain is only as strong as it's weak link.

Finally, when you're certain that they understand your problems as a systems manager and that they totally sympathise with you, configure your system in such a way that they can't possibly get it wrong.

Believe in user education, but don't trust to it alone.