This Week in Cybercrime: Jay-Z and Samsung Face the Music Over Data Privacy Violations

Can They Beat the Rap?

The musician Jay-Z, who famously rapped about having “99 Problems,” is dealing with the one-hundredth: a complaint (.PDF) filed with the U.S. Federal Trade Commission last week by the Electronic Privacy Information Center (EPIC) alleging that the “Magna Carta Holy Grail” smartphone app he and electronics giant Samsung released this month for use on Samsung Galaxy Nexus handsets demands access to considerably more information than should be necessary for users to enjoy the album of the same name. Think the NSA is keeping tabs on you? Among the “massive amounts of personal information” and “substantial user permissions” cited in the EPIC filing are the ability to: change or delete the contents a phone’s USB storage; autonomously pull down data from Internet; view the Wi-Fi or network connections the phone is using; see who users call and when; and get up-to-the-minute details of the handset’s GPS and network-based location.

“EPIC is asking the FTC to have Samsung suspend distribution of the app until its privacy concerns are addressed and the app falls in line with the Consumer Privacy Bill of Rights the Obama administration laid out in the spring of 2012,” says a story at Kaspersky Lab’s Threatpost.

As if those demands aren’t bad enough, the brain trust behind the app thought it would be fair to trade the ability to download Jay-Z’s latest hip-hop record in exchange for users’ Twitter or Facebook credentials as well as the right to post on their behalf to create social media buzz.

For its part, Samsung says the EPIC complaint is without merit. “We are aware of the complaint filed with the FTC and believe it is baseless. Samsung takes customer privacy and the protection of personal information very seriously,” a Samsung spokesperson said on Wednesday.

EPIC, for its part, is hoping that the data privacy precedents set by the FTC in in cases such as one it settled with Path, a social networking app that was accused of snatching users’ address book information without permission, will rule the day.

Stock Exchange Systems Under Increasing Attack

An India Times article reports that more than half of the world’s stock exchanges faced cyber attacks last year. And the prognosis for what they’ll see from cyberthieves is likely to only get worse. So says the 2012-13 Cyber-Crime Survey jointly conducted by the International Organization of Securities Commissions (IOSCO) Research Department and the World Federation of Exchanges. "A majority of exchanges (89 percent) view cyber-crime in securities markets as a potential systemic risk," the report said. And though the financial exchanges have set up systems and tools for preventing and detecting cybercrime, an IOSCO staff working paper published this week admitted that cyber-crime is already targeting securities markets' core infrastructures. "At this stage,” said the paper, “these cyber-attacks have not [harmed] core systems or market integrity and efficiency. However, some exchanges surveyed suggest that a large-scale, successful attack may have the potential to do so." In the words of Batman's sidekick Robin: Holy market crash!

Cybercops on Patrol

Elsewhere in India, the government wants local police to be able to deal with cybercrime as capably as they handle thefts or assaults that occur on the street. According to a report Tuesday in The Hindu, the Data Security Council of India (DSCI) says it has already helped train 22 000 police officers to deal with cybercrime. The group, an independent self-regulatory organization set up by National Association of Software and Services Companies (Nasscom) says it’s ready to train more officers to look into criminal activity in the digital realm. 

"Mobile users will be vulnerable to cybercrime as more financial transactions and bookings are done through their devices," DSCI CEO Kamlesh Bajaj told The Hindu. Bajaj says that the Cyber Crime Investigation Program, which has been used to equip officers from state governments, the Central Bureau of Investigation, North East Police Academy, and Indian Defense with the skills to perform investigative tasks such as forensic analysis on smartphones, will be rolled out at training facilities in each of India’s states and territories.

Photo: Joseph Okpako/Getty Images

Related Stories

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Contributor
Willie D. Jones
 

Newsletter Sign Up

Sign up for the ComputerWise newsletter and get biweekly news and analysis on software, systems, and IT delivered directly to your inbox.

Advertisement
Advertisement