The Top 10 Riskiest US Cities for Cybercrime

Published: 2010-03-23
Last Updated: 2010-03-23 15:41:35 UTC
by John Bambenek (Version: 1)
2 comment(s)

A study by Symantec's Security Response Group and Sperling's BestPlaces was published that indicated the top 10 riskiest US cities for being a victim of cybercrime. The study does have some assumptions that all might not agree with but one of the key points is that the prevalence of "free wi-fi" is a risk factor for cybercrime.

If you think about it, the one thing that makes electronic crime appealing is that it can be done anonymously with few fingerprints. A few years ago I was trying to convince an information security officer at a public institution that there were threats with free wireless internet that he was not addressing.  To demonstrate, I associated myself with the access point and then sniffed all the traffic back and forth. I saw IM conversations, GMail (which by default is all over HTTP but can be forced to HTTPS), Facebook, etc.  Sadly, convenience trumped security (even the few security measures that could have been used at the time and still allow convenience).

Another aspect is that free wireless is an attractive resource for those who want to be anonymous. If you wanted to commit online crime, what better place than a public wireless hotspot with hundreds of people using them that is wide open? For instance, what was believed to be the first arrest for theft of wireless service was an individual who was using an unprotected residential wireless access point to download child pornography from his vehicle in the street.

What does this mean for you? If you are using a public wi-fi hotspot, don't do anything you would mind other people snooping in on or fire up the corporate VPN before you do anything. If you want to shop online, you might want to consider doing that at home. And if you operate a public wi-fi hotspot, track and log all MACs that access your network and monitor outbound traffic for malicious use. 

--
John Bambenek
bambenek at gmail /dot/ com

2 comment(s)

Comments

GMail has defaulted to HTTPS since January.

http://gmailblog.blogspot.com/2010/01/default-https-access-for-gmail.html
Tracking MAC address won't do much except make more work for the admin because they're so easy to spoof. On a public wireless network the users don't have to be within line of sight, anyway, so unless you search every building it's not going to help. Monitoring outbound connections will help gather information that could be necessary later, but remember that SSL cuts both ways.

Diary Archives