Cybercasing 2.0: You Get What You Pay For

Jaeyoung Choi, Istemi Ekin Akkus, Serge Egelman, Gerald Friedland, Robin Sommer, Michael Carl Tschantz, Nicholas Weaver

Under U.S. law, marketing databases exist under almost no legal restrictions concerning accuracy, access, or confidentiality. We explore the possible (mis)use of these databases in a criminal context by conducting two experiments. First, we show how this data can be used for "cybercasing" by using this data to resolve the physical addresses of individuals who are likely to be on vacation. Second, we evaluate the utility of a "bride to be" mailing list augmented with data obtained by searching both Facebook and a bridal registry aggregator. We conclude that marketing data is not necessarily harmless and can represent a fruitful target for criminal misuse.

Knowledge Graph

arrow_drop_up

Comments

Sign up or login to leave a comment