Why real estate is becoming a prime target for hack attacks

The more connected the building, the more prone it is to cyberhacks and data breaches

May.May 09, 2019 12:54 PM

The FBI’s Internet Crime Complaint Center recorded 11,300 cybercrimes totaling nearly $150 million in losses involving real estate frauds last year.

IBM’s X-Force — the company’s ethical hacking team — ran a test in 2016 on a property management firm that oversaw 20 buildings nationwide.

The “white hat” hackers reportedly probed one of the building’s internet firewalls and broke into its management system with relative ease.

Related: Real estate’s surveillance state

“We could have actually turned the heat up, turned off the air conditioning, potentially taking down all the servers,” X-Force research strategist Chris Poulin said at the time. “If you put on your evil hat, there are lots of ways to do bad things.”

Those kinds of scenarios aren’t just hypothetical. Buildings can be prime targets for hacks and other breaches of privacy, while location devices like GPS have aided some recent egregious stalking and assault cases.

In 2017, a group of unidentified hackers held a hotel in Austria ransom during the height of the area’s ski season. The attackers froze the system that makes electronic keys for guests at the Romantik Seehotel Jägerwirt, which paid a surprisingly small ransom in Bitcoin valued at about $1,800.

And last year, a cyberattack exposed the information of 500 million guests at Marriott Hotels’ Starwood chain, which ranked as the second-largest data breach in history — behind a 2013 hack of 3 billion Yahoo accounts.

Some real estate firms are notoriously bad at protecting their data. In recent years the industry has been heavily targeted, according to the FBI’s Internet Crime Complaint Center, which recorded 11,300 cybercrimes totaling nearly $150 million in losses involving real estate frauds last year.

Andrei Barysevich, a director at the Internet threat-intelligence firm Recorded Future, said the majority of property owners he can think of fail the test when it comes to protecting their data.

“Real estate companies rarely know how to protect the data they have in their own possession,” he said. “I assume most landlords have zero experience in data security, beyond maybe the application process.”

Many security breaches in the real estate industry simply happen when someone at a company opens a phishing email, he added. “I’ve seen firsthand how inadequately trained staff in buildings are,” Barysevich said.

Related Articles

(Image by Wolfgang & Hite via Dezeen)

Hudson Yards megadevelopment inspires a new line of sex toys

Cammeby's International Group founder Rubin Schron and, from top: 194-05 67th Avenue, 189-15 73rd Avenue and 64-05 186th Lane (Credit: Google Maps)

Ruby Schron lands $500M refi for sprawling Queens apartment portfolio

Wendy Silverstein (Credit: Getty Images)

Wendy Silverstein, co-head of WeWork’s real-estate fund, is out

Softbank's Masayoshi Son and Jared Kushner (Credit: Getty Images)

SoftBank wanted Jared Kushner to divest from Cadre

From left: Stephen Ross, Scott Rechler, Maryanne Gilmartin, Marty Burger and William Rudin (Credit: Anuja Shakya for The Real Deal)

Unions at bay, but hostility for real estate worse than ever

WeWork bonds sink as bailout delayed, “Diller Island” gets a name

WeWork bonds sink as bailout delayed, “Diller Island” gets a name

The Thurgood Marshall Courthouse in Lower Manhattan (Credit: iStock)

Housing court could get a lot more political under reform plan

(Illustration by Andrea Mongia)

‘Thank God’ for techies: Silicon Valley execs ramp up NYC resi purchases