National association of realtors®
All "No Limits Live" News >

« Wednesday in Las Vegas - for Association Executives | Main | How is a President Like a REALTOR®? How Can a REALTOR® Be Like a President? »

im in ur network, hacking ur filez

They say (“they” being “Mac McMillan of CynergisTek Inc.”) that cyber-crime is now the most lucrative form of crime, surpassing even illegal drug sales. Hackers go after large enterprises' networks, and sometimes hold those networks hostage, promising to take companies like E-Bay or Amazon.com offline unless a ransom is paid.

There are different types of hackers, from elite hackers who are considered virtually unstoppable, to ‘script kiddies,’ amateurs who download hacking tools from the internet and inadvertently destroy everything they touch.

Serious attacks, however, often follow this pattern:

Fingerprinting
This involves gathering data from public sources, such as Google and internet registration services. Once a hacker has a piece of real information—a contact in the company, for example—they can begin what is called ‘Social engineering.’ Social engineering can involve calling people and pretending to be someone else in order to get sensitive information. Using this data, hackers can determine the best approach to the target.

Scanning and Enumeration
In this step, hackers begin scanning the target network using tools they either write or download from the internet. There are over 50,000 web sites devoted to hacker tools, so they’re not hard to find.

Attack Preparation
This is where the hacker selects the hacking tools they’ll need to penetrate the network, and determines the exact risk factor they will face. The risk, of course, is that they might be discovered and go to jail.

Exploitation
Using their selected tools, they enter the network and stop to see if they have been detected.

Consolidation
Once inside, the hacker begins closing the security holes that allowed them in. They don’t want anyone else entering the system behind them. They also create ‘back-doors,' or places where they can enter the system without being detected. In attacks on personal computers, this is where the hacker—or a program they create—can embed itself in your system for the purpose of awakening and taking control of your computer at a time they specify.

Removing Evidence
Now that the hacker has control. They will begin clearing their tracks. This includes erasing log files and turning off audit features. At this point, a hacker may confidently make a ransom demand, if they are inclined, or they may simply continue to collect your database information in order to sell it to third parties.


Keith Garner of NAR’s Center for Realtor® Technology demonstrated a few of the tools hackers (and legitimate security analysts) use. In seconds, he identified all of the wireless networks in the area (with the option of hacking their passwords and accessing them), and even identified the names of certain people in the room, announcing what phones they were carrying.

A few points to remember--the best defense against attacks is to know what can hurt you, and how it's done.

Posted by Joshua Hunt on November 15, 2007 01:02 PM | Real Estate Business Tips |

Add a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

About This Blog

Experience the information, the atmosphere, and the spirit of the 2007 REALTORS® Conference & Expo.

The No Limits Live blog will keep REALTORS®, REALTOR® association executives, real estate brokers, and others informed about the events and the learnings from NAR’s 2007 annual conference, one of the largest in the U.S.

As the nation’s largest trade association, representing its 1.3 million members, the National Association of REALTORS® is the collective force influencing and shaping the real estate industry, and is the leading advocate of the right to own, use, and transfer real property.

The blog will feature contributions from NAR content editors and the staff of the Center for REALTOR® Technology, as well as selected association executives and leaders. REALTORS® are invited to post their comments on any post.

This blog is provided by the National Association of REALTORS® to provide members and others with information about NAR's annual conference.

NAR disclaims responsibility for any of the content or opinions expressed on this blog, including, but not limited to content or opinions regarding any products or service mentioned on the blog.

NAR disclaims liability for any damages or losses, direct or indirect, that may result from use of or reliance on information contained in the blog.

This blog may contain links to other Web sites operated by third parties. These links are provided as a convenience to access the information contained therein. NAR has not reviewed all of the information on other sites and disclaims any responsibility for the content of any other sites or the products or services that may be offered on or through those sites. Inclusion of a link to another site does not indicated any endorsement or approval of the site or its content.

NAR reserves the right to edit, remove or deny access to individuals or content that it determines to be unacceptable, including, but not limited to, any abusive, profane, rude, defamatory, or anonymous comments.

More >

Categories

Recent Posts

Blogs from NAR

Other No Limits Live Blogs

Industry Blogs

Subscribe To This Blog

  • addtomyyahoo4.gif
  • ngsub1.gif
  • myaol_cta1.gif

  • Enter your email address:

    Delivered by FeedBurner
© Copyright NATIONAL ASSOCIATION of REALTORS®
Headquarters: 430 North Michigan Avenue, Chicago, IL 60611
DC Office: 500 New Jersey Avenue, NW, Washington, DC 20001-2020
1-800-874-6500
License Agreement | Privacy Policy | REALTOR.com | Contact NAR | Report Unsolicited Emails