Archive

Posts Tagged ‘Social Network’

LinkedIn new Scam: Upgrade free to LinkedIn Premium

August 8, 2012 15 comments

Today, E-Crime Expert encountered a new scam, related to LinkedIn this time.

How it woks:

I received an email on my regular email address which said that because I am a valuable LinkedIn user, they will upgrade my Basic accoun to a Premium one for free, for one month period.

Picture 1

I did not know that this is a scam so I proceeded with the upgrade. After I clicked “upgrade” I was promted to introduce my LinkedIn password. I did so, but nothing hapenned.

Then, I checked my LinkedIn account on a different webpage and still there my account appears “Basic”, so no upgrade done as promised.

Picture 2

Instantly I realize that this is a scam having as purpose the access of your valuable friends database with email addresses, phone numbers, professions, etc. The purpose of this scam is to retrive for free this valuable information that later can be used for identity theft, or spam, or aother related scams.

Action:

if you did upgrade your account, please change your password as soon as possible

If you received this message but did not upgrade yet, please don’t do it.

If you have further questions, please fel free to contact us at: dan@e-crimeexpert.com

Leveraging Social Media in the Workplace & Being Aware of Risks from the Stakeholders’ Perspectives

E-Crime Expert welcomes Fleming Europe as a guest.  Please find bellow their announcements about a very interesting event held between September 27-28, 2012 in Dublin, where E-Crime Expert is invited as a speaker:

“In the corporate world, HR used to be the last to adapt to change. It was mostly because they are the keepers of policy, procedure, order, and the employee. They were though the keeper of the employee only until social media has taken over the world and changed the game in exposure, privacy and data protection.

 

Come to our event and adapt to these changes.

Request the agenda.

SOCIALMEDIAINHRSUMMIT

27 – 28 September 2012, Dublin

 LEARNING/GOALS

By joining us  for the set of the intensive days you will learn about…

Discovering the SECONDINTERNET : the social nature of the web

RETHINKING of TALENT ATTRACTION  in a COST-SAVING WAY

HR Handling Social Media EXPOSURE AND PRIVACY of future and current employees

SOCIAL MEDIA METRICS – Measuring Employee and Customer Feedbacks in the “Cyberspace”

REACHING EXTERNAL AUDIENCES and leveraging WORD-OF-MOUTH MARKETING

SOCIAL MEDIA RISKS to avoid: lawsuits, regulatory violations, security breaches, etc.

ACHIEVING ALIGNMENT with Corporate Goals

TECH-SPOTLIGHTs: Employing Mobile Apps, Social Networks and Collaboration Models in HR

This premier cross-industry HR event is
aimed at Senior Executives responsible for Talent, Recruiting, Knowledge Management, Employee Engagement and Learning, Communication Executives responsible  forEmployerBranding, Internal Communication   andSocialMedia as well as at Data Protection Officers, Privacy Experts and E-crime Professionals!

Benefit from:

–      Award Winning Speakers

–      Getting in touch with the most innovative tools like Geo-Social Talent AttractionandAugmented Realitythat maximize the cadidate experience and the social impact of your company while offering digitalized info about erveything and everybody

–      Keeping the pace with innovation via interactive learning sessions on using social media externally & internally, social media risks and professional development of HR people via social media

–      Becoming a part of executive group of peers discussing different social media strategies and developing future business contacts

–      SPECIAL FEATURE: “Crowd Competence SourcingSession via a built-in UNCONFERENCE

Are you interested in exploring the most ‘viral’ social network issues?

Do you want to seize the opportunity to gain valuable contacts and useful information?

..or you are just curious how the ‘Big Brother’ will become ‘Big Social’?

Request the agenda!

Looking forward to meet you in September, in the Silicon Valley of Europe!

PeterNovak, Marketing Manager, Fleming Europe
Tel: +421 257 272 335  Fax: +421 255 644 490″

peter.novak@flemingeurope.com
www.flemingeurope.com

Police Using Spyware on Suspects’ Computers

October 18, 2011 1 comment

Very interesting Article written by Nicholas Kulish on how police was detected by hackers when installing spyware  on suspects’ computers in order to track them, take screenshots, and turn on cameras and microphones for undetected surveillance.

This is the full Article as published by New York Times:

“BERLIN — A group that calls itself the Chaos Computer Club prompted a public outcry here recently when it discovered that German state investigators were using spying software capable of turning a computer’s webcam and microphone into a sophisticated surveillance device.

The club, a German hacking organization, announced last Saturday it had analyzed the hard drives of people who had been investigated and discovered that they were infected with a Trojan horse program that gave the police the ability to log keystrokes, capture screenshots and activate cameras and microphones. The software exceeded the powers prescribed to the police byGermany’s Federal Constitutional Court.

The public condemnation was swift and strong, renewing a national debate into how far the government can intrude into digital privacy. The Frankfurter Allgemeine Zeitung, a major newspaper, called the revelation a “worst-case scenario for data security.” Germany’s justice minister, Sabine Leutheusser-Schnarrenberger, demanded an inquiry into the matter, saying that citizens “must be protected from snooping with strict state control mechanisms.”

Peter Schaar, the federal commissioner for data protection, called for Parliament to enact legislation to put an end to the “gray area” between lawful and unlawful searches and surveillance on computers.

“In my opinion, this kind of infiltration through software is a deeper intrusion and a greater risk than simply listening in on a phone line,” Mr. Schaar said in an interview. “The Bundestag has to decide to what extent something like this is allowed and to what extent it is restricted,” Mr. Schaar said, referring to the German Parliament.

Germans are particularly sensitive to questions of privacy and data collection as a result of their experiences under the Nazi dictatorship, where personal details could be a matter of life and death. As a result, the country has some of the strongest data protection laws in the world, elevating an individual’s right to privacy above any perceived public right to know.

“Now Germans are beginning to recognize that this is a core problem of all people,” said Bernd Schlömer, the vice chairman of Germany’s Pirate Party, a new party that recently won 8.9 percent of the vote in Berlin’s state elections and emphasizes Internet freedom and online privacy issues. He compared the awakening toward the significance of online privacy to the growing awareness of environmental problems in the 1960s and ’70s.

In 2007, Germany’s Interior Ministry announced that it had developed software that could scan the hard drives of terrorism suspects. The Federal Constitutional Court responded the next year with a ruling that limited such incursions and guaranteed “confidentiality and integrity in information technology systems.”

Federal investigators said that they were not using this software, but several states, including Lower Saxony and Baden-Württemberg admitted that they had employed it.

“In essence it is about how we fight crime in a digital age,” said Dieter Wiefelspütz, an expert on domestic security with the left-leaning Social Democrats. Far-reaching computer surveillance “shouldn’t be used for car thieves but instead for the most serious crimes. That has to be considered in the laws,” he said.

Officials in Bavaria have said they had used the spying software to monitor suspects’ e-mails and phone calls over the Internet and have captured tens of thousands of screenshots in cases involving theft, fraud and illegal performance-enhancing drugs.

Officials have denied employing the software’s capability of seizing control of computers’ cameras and microphones, technology that evokes action films.

The debate in Germany is evidence of the degree to which technology has permeated everyday lives, where friendships are made and nurtured on social-networking sites, and photographs and diaries are stored on hard drives. Privacy advocates argue that the difference between what authorities can glean from a telephone conversation and what can be discovered on a computer is as broad as the distance between what one says out loud and what one is thinking to oneself.

“Our private data are our stored thoughts,” Mr. Schlömer said.

Security experts say the German debate over police surveillance of computers and the demands for legislation restricting the practice will increasingly be necessary across the globe as the kinds of communication captured through wiretaps shift more and more to encrypted programs like Skype.

But the software discovered by the hacker group, dubbed “State Trojan” or “R2D2,” after a line of code including the Star Wars robot’s name, can do more than eavesdrop on phone calls. It was the ability to remotely control computers that led to charges from leading politicians that the state had crossed into Orwellian territory.

“People have some idea of the risks they face online from criminals,” said Mikko H. Hypponen, the chief research officer at F-Secure Corporation, an Internet security firm based in Helsinki, Finland. “I don’t think they really know exactly the same methods are used against them by governments, that Germany, France, the United States could be doing this.”

Analysts, as well as the hackers who discovered the software, said the programming was amateurish. “We were surprised by how bad the quality of the code was,” said Frank Rieger, a spokesman for the Chaos Computer Club. A team of about 10 people analyzed the software for the group before they announced the results.

The hackers said that the program also left the computers open to further malicious attacks, the equivalent of the police’s leaving the back door of a house open after searching it.

Still, the program falls short of what the most sophisticated hackers, organized criminals and other thieves of credit card and banking information have at their disposal”.

Note: Copyrights and credits for the full article go to: New York Times and Nicholas Kulish.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Users’ rights in regards to their privacy and personal data

October 17, 2011 2 comments

In the previous blogs, E-Crime Expert presented to its readers the technical features of the Internet, Social Networking Services, applications, mobile devices, in order to help the user identify the privacy risks in regards to these new technologies. Furthermore, the social implications, history and development of these new technological development were also provided. The goal of this blog and posts it is to help users protect their privacy and personal data. Along with better protection that can be achieved by knowing the risks, technical features, social impact and popularity, another important way to protect privacy and personal data it is to enforce the legal rights.

For this reason, E-Crime Expert brings a new series that presents the European legal framework in regards to privacy and personal data in order to make its readers aware of their legal rights and better protect those legal rights.

Current EU regulatory framework concerning private information and personal data

1. Charter of Fundamental Rights of the European Union

 

 

The Charter of Fundamental Rights of the European Union hereafter CFR is part of the Lisbon Treaty.

The CFR unifies under a single document, rights enclosed under different EU laws, and International Conventions. “The scope of this Charter is to provide legal certainty for EU citizens by making fundamental right clearer and more visible”.

Under Chapter II: Freedoms, the right to protection of personal data is granted for the first time separately, autonomous from other rights or freedoms such as privacy, or privacy of correspondence (mail).

Article 8: Protection of personal data

1.     Everyone has the right to the protection of personal data concerning him or her.

2.     Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.

3.     Compliance with these rules shall be subject to control by an independent authority”.

As this Article reads, data protection means the right of a person to know which data were gathered in regards to her person, how the data are used, aggregated, protected, and where the data are transmitted. Every person also has the right to have access to her own data and to modify the data. Data protection values are not essentially privacy related ones as they are separately addressed under Article 7 (privacy) and respectively under Article 8 (data protection) of the Charter of Fundamental Rights of the European Union. Both privacy and data protection are two distinctive fundamental rights.

The granted rights of the CFR are underlined in its Article 52 (2):

“Rights recognised by this Charter which are based on the Community Treaties or the Treaty on European Union shall be exercised under the conditions and within the limits defined by those Treaties”.

Nonetheless, the CFR does not come in the form of the legislative power of a Directive which should be implemented by each MS until the ought effect or equivalent is reached, but MS should carefully consider this Charter when they implement EU Law or take National Court Decisions. This Charter represents the foundation for the regulatory provisions discussed in the next posts, in order to protect the fundamental rights and freedoms of natural persons with regards to storage, processing, access, manipulation of their personal data.

Here it is a list with the worldwide Data Protection Authorities contact details: click here.

Stay tuned for the next post that will present the Directive 95/46 (aka Data Protection Directive).

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Did you know about the Charter of fundamental rights of EU?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Cloud computing and the Internet part II

October 13, 2011 1 comment

As announced on yesterday’s post “Cloud computing and the Internet part I, E-Crime Expert is posting the second part on cloud computing.

In addition to the methods in which Cloud computing is delivered, there are different types of the cloud computing which include: public cloud, hybrid cloud and private cloud.

Public cloud which is when a service provider offer services such as application usage, development or storage of data, to anyone on the Internet.

Hybrid cloud is when a business uses some applications in house and some provided by an external provider such as storage of data, etc.

Private cloud is when a provider offers cloud computing solutions, but on a private infrastructure network. A business does not want its employees files to be accessible for example on a public cloud and so it rents/buys a private cloud that no one else except that business has access to.

Besides the usefulness of cloud computing solutions, there are questions regarding how the Data Protection Directive applies to this situation? How the personal data of users is dealt with, stored, accessed, manipulated, and processed by the cloud-computing providers. A unique characteristic of cloud computing is that data is floating around from server to server located within the EU or also outside the EU for example to India, the US, etc. Part of someone’s data could be at the same time in the EU and India, on different servers.

There are some questions regarding cloud computing in Facebook’s. Facebook provides services to its clients such as: storage of information (e.g. pictures, videos, profiles, personal data, etc.), application access (e.g. Facebook Places or other applications where the user should agree with the access of that particular application to her personal data), or infrastructure for sending messages, invitations, updates, and posting comments which all deal with private information and data. Everything is done on the Facebook’s platform, which could host the users’ personal information on different servers inside or outside the EU.

The question is who has access to users’ personal data when uploaded and processed on Facebook? According to EU Data Protection Directive (DPD) the users have the right to know which personal data is stored and processed in regards at least to the online marketing advertisers that could be granted access to that data for advertising purposes, profiling, and delivery of targeted advertising. In addition, when a user delete her Facebook account, this operation is not done in real time, it has a delay and the account basically is not deleted but becomes inactive. For example, I ran a search under my name, and some entries showed pictures from my Facebook account that I deleted in the past. This shows that even if the users want to delete some information concerning his person, it would be still available on the Internet.  Furthermore, some entries generate pictures or names of my friends on Facebook by associating them with my Facebook account friends’ list.

In other words, even if a user asks for all of his personal data provided on Facebook to be removed, this most likely would not happen. Facebook claims that some users’ personal data would not be available to any other user on Facebook, but some personal information and data will be kept for technical reasons (such as to provide service to other users which are inter-connected with the account that was deleted).

Regarding the compliance with the EU DPD, it is not clear which rules and regulations could apply to cloud computing, as the cloud concept itself is “volatile” (continually changing). Cloud computing is subject to multiple jurisdictions as the information is moved from one server to another or is stored on different servers located in different geographical areas. Kumaraswany and Latif scholars asked: how does moving the private information to the cloud impact the current privacy compliance requirements?  Is information kept on the server, in the cloud or in a data center? These are questions that momentarily have no answer, at least in regards to how Facebook deals with, makes accessible, stores, and “floats” the users’ private data.

Who has the technical capabilities, jurisdiction and access to verify whether Facebook complies with these requirements?

For how long is the users’ personal data stored on its servers, cloud or in data centers?

According to the EU DPD, the user owns her personal data, but when this data is transferred and stored outside the EU, does the user still own her data?

How could a user enforce her right in this case?

If Facebook had provided the answers to these questions, there would be more transparency and less tensions regarding how users’ personal data is dealt with. The burden of proof regarding that the personal data is dealt with, stored, processed, and made available according to the EU DPD, falls on the provider’s shoulders, at least on an informal level when users are questioning more and more how their privacy is protected.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Do you think that cloud computing is a threat to privacy? Do you think that cloud computing is “out” of jurisdiction?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Cloud computing and the Internet part I

October 12, 2011 1 comment

From the same series that aims to contribute to a better understanding regarding why privacy and personal data are so vulnerable in relation to the Internet and its adjacent services/platforms today, E-Crime Expert shows in two different posts (today and tomorrow), what cloud computing is and how it works.

According to Forrester, “Cloud Computing is buying Information Technology (IT) capacities and utilities as need for a utility provider”. Cloud computing is the IT capabilities delivered as an internet-based service, software or IT infrastructure by a service provider accessible through the Internet protocols and accessible from any terminal (e.g. computer or smartphone). These services could be accessible through pay-per-use, pay-as-you-go or the provider could support it from the revenue generate by advertising (e.g. Google docs). One of its main characteristics is customer self-service, which means that the customer needs no assistance in uploading, modifying, accessing her files, applications, documents, etc. It is accessible anytime and anywhere, and has instant scalability.

Cloud computing is delivered under three forms: software as a service (SaaS); Infrastructure as a service (IaaS) and Platform as a service (PaaS).

Software as a service is when someone needs, for example, to create a word document; the person goes on Google docs where the word processor is located and creates the document without having Microsoft Office installed on her computer. The document is created on the server by having access to Google docs, which is a software being used as a service.

Infrastructure as a service is when a business, for example, does not have the technical capabilities to store all its information in house and they need to store and access it on a server. That server is the host that provides service in storing the data. That service rents the infrastructure (e.g storage medium) to the client.

Platform as a service is when the provider offers facilities for application design, development, testing, computer coding or hosting. For example, GoDaddy is a platform service provider as it offers website hosting services to its clients. Another example related to this research is Facebook, which provides the platform for its clients to upload photos, videos, play games, send messages, etc.

Stay tunned for the second part of this blog tomorrow.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Did you know what cloud computing is? Do you realize that already you are using it?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Targeting and profiling users on the Internet for advertising purpose

October 11, 2011 1 comment

From the same series that aims to contribute to a better understanding regarding why privacy and personal data are so vulnerable in relation to the Internet and its adjacent services/platforms today, E-Crime Expert shows how targeting and profiling users on the Internet for advertising purpose it is done.

In order to sell advertising, the Social Network Services (SNS) need traffic and also to know what their users preferences are. As similar to TV or Radio advertising, where the commercials are addressed to a certain group of people based on age, sex, needs, preferences (i.e. milk, beauty products, cars, clothes), online advertising has the same goal. But because online the audience is much broader and the target is reached very fast, sometimes in real time, the advertising is offered or delivered differently and it opens huge potential exposure to the audience. In the case of TV advertising, companies provide advertisements and after the post-advertisement sales are monitored for a certain period of time to determine if the commercial clip was effective and reached its target audience.

The audience for TV advertising is established by market studies and questionnaires were the subjects are interviewed in person, anonymously and they have the opportunity to refuse to participate. In the case of online advertising, the profiles of the audience’s preferences are established mostly by the users’ behavior.

Also online and offline advertising are directly connected to the market shares in terms of revenue generated from advertising. In December 2008, according to Mary Meeker from Morgan Stanley publication’s chart named: “Media Time spent vs. Ad spent Out of Whack”, the traditional media which includes TV, radio, and newspapers it is accountable for 8% of the users’ time (in the US) but receives 20% of the advertising money when the online media (the Internet) is accountable for 29% of the user time (in the US) but receives just 8% from the advertising money.

These numbers will balance out between them in the coming five years but in order for the appropriate revenue to be reached and counter-balanced to reflect the real market situation, more online advertising will be generated and produced which implies different ways of approaching and delivering the advertising in order to meet the target (the customers).

More behavioral advertising could be generated along with better user profiling. For example, a user wants to buy something from an online store (which often are advertised or connected to SNS); the user logs in, and first he is presented with the options related to his previous purchases and shopping history on that particular online store. For example, someone shops for Nike shoes, and all the online options are related to the Nike brand based on his previous shopping history. By predicting the user’s preferences based on his shopping history, it is not always accurate because it could be the case that he uses a shared computer where his father regularly uses it, and their personal preferences are totally opposite. Providing a user with products or services based on his shopping history is called targeted advertising. This new type of advertising (i.e. targeted advertising) is seen on SNS and is based on users’ behavior, search history and preferences. However, it is not always the case that the subject’s behavior and search history lead to the subject’s preferences (e.g. the father uses his son’s computer).

The users are monitored for their web browsing history in an attempt to sell them specific products or advertising based on their known preferences. The question, which comes from this model of advertising, could be more complex in terms of: how can someone else’s personal preferences be used for targeted advertising without their acknowledgment?

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Do you feel monitored on the Internet? Does it ever happened to you to be surprised by the advertisng you were delivered on a particular site? Does the advertising changes to you when you are in a different location?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

%d bloggers like this: