Zeroing In On the Internet's 'Evil Cities'

We've sometimes seen malware sources broken down by country; now a Dutch study attempts to increase the resolution of that information. An anonymous reader writes with some bits gleaned from the recently published study (PDF): "Seoul is the most criminal city on the Internet, followed by Taipei and Beijing. When the population of the top 20 cities is taking into account, Chelyabinsk , in Russia, tops the list, followed by Buenos Aires and Kuala Lampur. These results were found by researchers from the from the University of Twente and Quarantainenet, a security company from the Netherlands. The researchers also found that analyzing attacks' origin at the city level [Original, in Dutch] instead of country level reveals interesting findings. For example, the U.S. ranked #3 in the list of the most criminal countries for the reporting period, while no major U.S. city was found among the most evil ones, while only one European city was listed among the top 20 cities, but 8 EU countries were among the most criminal. It was also observed that the list of criminal cities remains stable over a period time and that when the attack type is taken into account, 50% of the most evil cities remains the same."

missing the point

FTFP:

In this work, by originated we mean where the attack came from. We do not consider if there
were other hosts controlling the attacking one

So this is not about criminal activity. It is about "which city has the most zombies".

That information is still useful, but not "most evil"

Dodgy conclusions...

Seoul is likely to be at the top of the list not because it's naturally criminal, but simply because it contains the largest proportion of computers connected to a high speed network. With a large enough botnet it's a bit like a city sized data centre.