Cybercasing 2.0: You Get What You Pay For

TitleCybercasing 2.0: You Get What You Pay For
Publication TypeTechnical Report
Year of Publication2018
AuthorsChoi, J., Akkus I. Ekin, Egelman S., Friedland G., Sommer R., Tschantz M. Carl, & Weaver N.

Under U.S. law, marketing databases exist under almost no legal restrictions concerning accuracy, access, or confidentiality. We explore the possible (mis)use of these databases in a criminal context by conducting two experiments. First, we show how this data can be used for “cybercasing” by using this data to resolve the physical addresses of individuals who are likely to be on vacation. Second, we evaluate the utility of a “bride to be” mailing list augmented with data obtained by searching both Facebook and a bridal registry aggregator. We conclude that marketing data is not necessarily harmless and can represent a fruitful target for criminal misuse.


This research was supported by the U.S. National Science Foundation (NSF) grants CNS 1065240 and CNS 1514509. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of any sponsoring institution, the U.S. government or any other entity. 

ICSI Research Group

Networking and Security