Well I don't think Google can always identify a hacked site. I've often seen sites that were obviously hacked ranking high in Google's SERPs. In fact I recently saw a site about a particular rare tree species ranking number 1 for the species name but Google had given it a SERPs page title of "Cheap Viagra".

I used to try to report these cases to google via their feedback link, but when I would check back weeks later, nothing had been done to correct the problem.

Over the course of Summer one of the shared servers got compromised where several sites that I have not worked on for quiet sometime got themselves some nasty spam pages created with in file system. The host had no clue(they never do) how that had happen.

But the way I found out was thru Google search - there was a message in SERP - This site might be compromised.

So what I have done is set up a scheduled task which runs every 3 minutes and scans the file system for last modified date in every directory/file within each site. If the LastMod Date is greater that the specific date that I know of I would get an automatic email immediately.

I have asked the Host to disable ALL Server Side functionality that I do NOT USE.

For example: This one particular Site was written in ColdFusion, but the host offered PHP, Perl and ASP technologies as a part of the Package. So that was disabled. For the DB, the general user now has only READ rights on tables, inserts and updates are done by a different DB user that has access only to 2-3 tables.

It takes short time to set it up, but it takes much much longer to get the site cleaned up.

I don't use GWT, I don't think I will.

No, Google can't always identify a hacked site, but some hacks only show up in Google.

WMT alerts are good, and if you're signed into Google while using search or other Google services, you'll see a little orange alert box in the upper right corner of each Google page.

An e-mail alert could be useful, too. It could simply say "We've detected that your site has been hacked. For more information, see our message to you in Google Webmaster Tools."

I check that about every six months or so (heartburn otherwise). Meanwhile sites are locked down (hopefully! keep working at that!)

Last time I got hacked due to the Wordpress Rev Slider plugin debacle, Chrome browser alerted me to the infestation with a big red warning notice before the page even loaded. That works for me.

A site I was involved in up to 18 months ago has been neglected since, and now has the "This site may be hacked" warning on Google.
I was able to do some unofficial investigation to confirm there hasn't been any hack. However, I can see how an algo evaluation might conclude there could be a hack, the site really should be taken down.

So in this case Google is wrong, but the warning is justified imo.