Archive | October 18, 2012

AmEx – we will take what you “Like”, and give you what you Love

Indisputably  the case in not a brand new one. However, during my internship last year I performed quite a thorough research on Social Media strategy for Banking and wanted to share this success case. Why? Because it is a very compelling story on how to use Social Media and the data available there to deliver personalized experience.

American Express is well known for its Social Media strategy. Currently, its Facebook page has almost 2.7 mln “Likes”. Furthermore, the company actively supports small business through a number of initiatives such as Go Social, American Express OPEN and probably the most renowned – Small Business Saturday.

On 19th July 2011 AmEx launched Link Like Love program. The idea is simple – connect your American Express card with Facebook and AmEx will deliver tailored coupon-less deals and experiences.

How does it work?

When a cardmember uses the “Link, Like, Love” application on the American Express Facebook page, they will be connected to a personalized dashboard through which American Express will deliver deals, content and experiences based on their Facebook likes and interests, as well as the likes and interests of their friends. Cardmembers can choose the deals they want and then use their card as they usually do without any hassle. American Express sends statement credits to cardmember’s account as they shop online or in stores, without the need to pre-purchase anything, print out or show a coupon at the point of sale.

For example, if a cardmember “likes” Whole Foods Market on Facebook or has “checked in” on Facebook Places they may see a Whole Foods Market deal in the dashboard. Cardmembers can share deals with friends, choose the deals they want and then use their card as they usually do to claim the offer.

Simple idea, huge impact – AmEx case inarguably is a milestone in Social Banking (not only in tailor-made offers offered through Social Media). Companies all over the world are now adapting this program to local markets. In Poland, for instance, personalized Facebook offers will be introduced in December. And what about the Netherlands?


The Dark Side of IT: Researcher Reverse-Engineers Pacemaker Transmitter To Deliver Deadly Shocks

Yesterday, at the BreakPoint security conference in Melbourne researcher Barnaby Jack said in a speech that he has found a way to hack into pacemakers. And the consequences of that are deadly. Anonymous assassinations within 30 feet of the pacemaker seem to be possible. : ‘In a video demonstration, which Jack declined to release publicly because it may reveal the name of the manufacturer, he issued a series of 830 volt shocks to the pacemaker using a laptop. The pacemakers contained a “secret function” which could be used to activate all pacemakers and implantable cardioverter-defibrillators (ICDs) in a 30 foot -plus vicinity. … In reverse-engineering the terminals – which communicate with the pacemakers – he discovered no obfuscation efforts and even found usernames and passwords for what appeared to be the manufacturer’s development server. That data could be used to load rogue firmware which could spread between pacemakers with the “potential to commit mass murder.”

“The worst case scenario that I can think of, which is 100 percent possible with these devices, would be to load a compromised firmware update onto a programmer and … the compromised programmer would then infect the next pacemaker or ICD and then each would subsequently infect all others in range,” Jack said.

Downloading, when is it legal and when is it not?

Inspired by Eric’s personal story on the fine he got from Germany after downloading an music album using Torrents, I figured perhaps there are some people in our class who are interested in the (il)legal side of downloading in the Netherlands.

Stichting Brein
Stichting Brein is a copyright watchdog, representing business from the entertainment industry. For example, they are responsible for the lawsuit against a couple major providers in the Netherlands because the latter refused to block the access to The Pirate Bay website. Brein won the law suit, and formally the website is not reachable in the Netherlands anymore. Fun fact: the Piracy Party (a political movement, a one-issue party trying to preserve the freedom on the Internet) put a proxy on their website through which TPB was still usable. After a speedy judge ruling, they had to take that proxy down as well, but others emerged and recently it came in the news that the block of The Pirate Bay resulted in a very small decrease of downloading from an illegal source: of the group questioned only 25% admitted they downloaded from illegal sources regularly, of which 5% (so 1.25% of the total responds) actually downsized their downloading volume.

Legal vs. Illegal
Lots of people talk about ‘illegal downloading’, while this is often not the case. Downloading in the Netherlands is legal when it comes to things like music, movies or TV shows. Uploading, however, is very illegal. Only with software, either uploading or downloading is illegal. So, what is safe to do? Downloading via torrents implies uploading as well (as the aforementioned fine of Eric suggests). So downloading via torrents using a regular client which prohibits you to turn off the ‘seed’-function makes you conduct an illegal activity (sometimes without your knowledge). Downloading via Usenet however, or via websites as RapidShare, MegaUpload etc. is completely legal! Well, that’s a relief!

But wait! Uploading is illegal because it entails the distribution of work you don’t have the (copy)rights of. This also means, if you live in a dorm and your roomy downloaded the latest season of How I Met You Mother, you cannot just copy it from his disk to yours. This would make your roomy conduct an illegal activity: distributing work he or she has no rights of. Of course, this is a theoretical example because who can find out you copied it from your roomy’s computer?

Software is always illegal to redistribute. Although, a recent ruling of a judge makes it possible to resell software, the requirements are that you don’t have the software on your computer anymore. It’s not about making a copy, it’s about literaly handing over the installation discs and license codes to the buyer. If you would ‘resell’ your software by offering it through a P2P network, it is illegal because than the software is duplicated at some point. Strange, but true.

Fines in the Netherlands
Fortunately, in the Netherlands most consumers are left alone. You don’t have to expect huge claims as you can expect in the US (or Germany, apparently), because the internet usage is not monitored (yet). Organisations as Brein are busy trying to get the websites offline offering or indexing illegal, copyright infringing material as music and movies. But to be on the safe side of this beautiful example of the outdated copyright law in the Netherlands: stop downloading with torrents and whatever you do: don’t upload it!


I hope this clarifies a thing or two about the legal issue behind copyright infringements! If you are an exchange- or international student: be glad you didn’t choose for Japan; the maximum sentence of downloading copyrighted works is 2 years, and uploading could get you behind bars for 10!



(Sorry, only Dutch sources)



The Dark Side of IT: Cyber Warfare (pt. 2)


It was a marksman’s job (New York Times, 2011)

Last time I finished my post with telling you about Stuxnet and I think the infographic was quite clear about its capabilities and the treat it poses. However, I want to highlight a few fundamental points here. Never before have we witnessed such a highly specialized and well planned digital attack on an industrial plant. The hardware of a nuclear facility was deliberately sabotaged using software.

So, Stuxnet was a game changer and I’m going to elaborate a little more on why that is. First of all Stuxnet did something completely new (not just one thing I by the way): it targeted industrial systems. To be more precise; it targeted Programmable Logistic Controllers (PLC’s) which are used to control industrial hardware like pumps and valves. These PLC’s also controlled the centrifuges in Iran and a man-in-the-middle attack allowed Stuxnet to alter the centrifuges without alarming the system. Making them break and leaving the operators clueless.

Next to the highly specific target, Stuxnet used over 20 zero day exploits in order to infect the PC’s connected to the PLC’s. This is a huge number, since these exploits are hard to find; they are vulnerabilities that are not yet known by the manufacturers of the software and therefor can do lots of damage (why do you think Windows updates so much…). Stuxnet also used several stolen certificates which let Windows to believe it was software to be trusted. Next to that it had the ability to spread itself through USB and LAN networks, so once in a facility it could expand to other systems without an Internet connection.

These examples indicate how large scale this operation was; it wasn’t just one hacker operating from his basement in downtown Rotterdam, it was probably state sponsored. A lot of clues point to the United States collaborating with Israel, since they had the best motive for this attack combined with the resources. For more on this debate read THIS interesting Wired article.

Sophisticated espionage toolkit (InformationWeek, 2012) 

Another big  game changer popped up this year and is dubbed Flame. This malware is not targeted destroying anything, instead it focuses on espionage. Its source code is even more complex (and large; over 20MB compared to 500KB of Stuxnet) than Stuxnet and acts as a complete espionage package. Once a system is infected, quite in the same way as with Stuxnet, it registers key strokes, monitors passwords, can take screenshots of what you are doing and it records your microphone or webcam without you noticing anything. Creepy huh? Check out this informative (but less nicely designed) movie about Flame.

It has also been confirmed that Stuxnet and Flame authors worked together on their code. So like I said, only the tip of the iceberg. For those interested in more state sponsored malware and acts of cyber warfare, I suggest you look for ‘Gauss’, ‘Duqu’ and ‘MiniFlame’. The problem here is we do not know how much of this malware is already running and finding the malware is also really difficult. Stuxnet was out in the wild for over a year, Flame for over 3 years, before even being discovered (read more about why this is so difficult from one of my favorite security experts, Mikko Hypponen in Wired). Next to that the malware seems to be modular (the authors must have taken some classes of Innovation Management), which means that different modules like exploits can be used across multiple types of malware, making it really easy to develop new forms of malware for specific purposes.

So, what’s next? What kind of malware is already out there and yet to be discovered? Recently Dutch minister Ivo Opstelten proposed the Netherlands should also start hacking proactively, something other states seem to be doing for years. Are we too late? Makes me wonder where this cyber war will end… TBD I guess.

Like this? Follow me on Twitter!

Let’s Talk Money: Where Should You Work as a Post-BIM Graduate?

As a starter you could probably just take the first job offering. But have you ever wondered which tech company pays best? A study from career site Glassdoor gives an overview of tech companies in the salaries it pays to software engineers. It may not be a real surprise that Google tops the list of tech companies. Google paid its engineers an average base salary of $128,336, with Microsoft coming in second at $123,626. Apple, eBay, and Zynga rounded off the top 5.

Apple must disclose profit margins

Who just spend about 700 euro’s on the new iPhone 5? We might just find out soon how much of that money goes directly into the pockets of the shareholders. If Apple chooses not to appeal the ruling of a US judge it will have to reveal individual mark-up figures for their various product.

This is a side effect of the patent wars that have been going on between Samsung and Appel where this information was used as evidence. In case you lost track of who’s suing who in the mobile world a slightly outdated info-graphic from Reuters to refresh your memory.


Apple insisted that the figures should be considered ‘trade secrets’ but the judge remained unimpressed and ruled against. The original court case where the ‘evidence’ was used did earn Apple over 1bn in damages so it still might all been worth it.


RET – How to track the customer’s journey to purchase

An omnipresent question asked by almost every company: what drives my customers’ attitudes and behaviour? To find the answer a firm will either rely on quantitative data from surveys or qualitative information from focus groups.

However, both kinds of research mentioned are based on customer’s memories of encounters with a company. Since memories fade rapidly and they’re biased, the research methods used are inherently flawed.

MESH Planning, a market research agency has came up with new solution – RET. The objective of RET (real-time experience tracking) is to capture  in real-time the emotional impact the touchpoints have on the customer and therefore provide an overall picture of the customers’ journey towards a purchase.

Why other approaches may fail?

As mentioned before usually in measuring customers’ attitudes towards a product companies apply survey-based market research methods. As they are based on memories – their usefulness is questionable. Ethnographic methods, although based on individual’s behaviour, are intrusive and expensive. A CRM system might provide insight on how customers move between the website and the store, but it won’t be useful in understanding how they (customers) responded to advertising or word-of-mouth reports.

A perfect research method should capture customer reactions immediately without intruding into them and minimize bias. Furthermore, it should be affordably applied to large number of customers. RET may not be aurea mediocritas, but it provides an instant and relatively unbiased feedback from customer. And a growing number of firms is using this approach, among them: Unilever, PepsiCo, HP, Microsoft or InterContinental Hotels.

How does it work?

RET requires a consumer to send text messages on their cellphone every time they come across a given brand or one of its competitors over a period of a month. Complex survey is reduced to four questions including the brand, the touchpoint type (TV ad, friend’s house, etc.), how positive the customer felt about the encounter, and how persuasive it was.

In detail the whole process consists of:

  1. Filling out an on-line questionnaire concerning brand perception, awareness and knowledge at the beginning of the research.
  2. Providing text feedback in form of four-character message over the course of the research project.
  3. Describe in detail the encounters (this step is not mandatory).
  4. Filling out an on-line survey (modified when comparing to the first one) concerning brand perception, awareness and knowledge at the end of the research.

What a company can achieve?

Firstly, the touchpoint impact matrix provides insight on what motivates customers to buy particular brand and how various touchpoints influence customer perception of the product.

Secondly, participation in the survey raises respondent’s awareness of the product and the second questionnaire may unearth the relative changes in respondent’s product perception.

Any success stories? PepsiCo recently used RET to fine-tune its re-launch of Gatorade in Mexico, repositioning the brand around sports nutrition. Thanks to RET the company discovered that experiences in gyms and parks (seeing posters or seeing other people drinking Gatorade, for instance) were twice as effective in shifting brand attitudes as similar encounters elsewhere.

For further details I recommend HBR September 2012

Coca-Cola Freestyle, the role-your-own device from Coke!

Coca-Cola Freestyle, the role-your-own device from Coke!

In 2009 Coca-Cola came up with a soda dispenser they would like to call “the most sophisticated soda fountain ever made”. The Coca-Cola Freestyle. This machine can produce (post-mix) more than a 100 different Coca-Cola drinks while being the same size as a normal Coca-Cola soda dispenser. And not only that, it can send realtime data on customer preferences back to Coke HQ so they now exactly who drinks what where. Pretty cool right? 

However, this machine offers more. If you watch the demo video you will see that it is possible to mix your own Coca-Cola drinks. And with over a100 flavours inside, the possibilities are endless. Coke Freestyle is also a roll-your-own device completely playing into the trend of broadening consumer choice. It is easy hyperdifferentiation: Coke is not going to create the offer, it is letting the consumer create what it needs! Coke has slowly started rolling out this machine and in 2012 it was introduced in the UK. We can expect it in Europe late 2013!

So, what’s your secret recipe?

The Dark Side of IT: ‘Who to blame? Students or employees’

I believe everyone has had some experience with phishing mails. In short, phishing mails are links which, if clicked on, will redirect the user to the website you think you will go to. This is of course a fake site, which asks you to log in or to register. This is the information the ‘phishers’ are after. Bank account logins, personal data, passwords to company servers and so on, are sometimes given.

How do phishers make money? Well, the most obvious way is when they have the bank account logins. Phishers will most of the time sell this information to hackers. Which will steal a large sum of money of the bank account by automatically transferring the money to other bank accounts over and over again until they are untraceable. Recent development is that small amounts of money are stolen from bank accounts on a more frequent basis, let say a monthly amount of 7,95 or 12,15. Which are less detectable by the account holders, since most of them are more focussed on larger amounts. Turning to the police for such an amount will most probably not result in the extensive chase anyone would be hoping for. But even for banks it’s hard to track down who transferred the money. Buying the hackers more time, before all the jig puzzle pieces are place together by the bank and all alarm bells are finally ringing.

On 30th of August this year we all received an email of the ‘computer emergency response team’ (CERT) of Erasmus. It warned us on recent phishing activities in our school email system. But why would hacker try to phish for our student login? This is another method of making money. When a phisher gets access to the student or employee account of the user, he can then sell this information to spammers. Not to spam this account, but to send spam from these email accounts. Making use of the enormous server of the University sending thousands of emails to others. Making it impossible for third parties to trace down the spammers.

In a recent research report of cisco the threat of phishing activities on social media are growing by the day. As cisco states it; ‘the ‘stupidity’ of user will be tested more often’. Less technology advanced users are most of the time the once giving out their personal logins. In the report is also stated that ‘phishers’ normally evaluate how successful an attack was. On the 13th of September we received an email of CERT again, phisher had tried us once more…. Was the previous attack successful? Which groups within Erasmus gave away their information? Why, if they were successful, would they then come back?

What do you think? How can we protect ourselves from phishing? Do you think CERT should protect us or should we make users of a system less ‘stupid’?

The Era of Touch

I came across a blog on Computer Weekly, which says the user interface is now the touch user interface, which is becoming really true. Soon, there won’t be a lot of laptops anymore with keyboards, everything is going to be a touch screen. Like the author of the blog says: ‘How many times have you spent a while using your tablet and/or smartphone and then sat at your laptop as you instinctively touched the screen expecting to be able to perform an action? We have reached a point then where the user interface has become the touch user interface.’

This also reminds me of the Youtube movie ‘A Day of Glass’ which shows us how the future could be with all the current technologies and the new technologies that will be developed, but how real is it in our era? Do you believe that these kind of technologies will evolve  that fast, that they become affordable for people with an average income in the next 20 years? When do you think you will have a house of glass and work in a futuristic glass environment (or don’t you think you will?), where everything works with touch screens and your wafer-thin phone is connected to the touch screen devices in your house or workplace?  An intelligent agent is talking to you, wakes you up and gives your schedule for the day. We all know Siri is already making the first steps to be anybody’s ‘personal assistant’ and the fact that so many people are using smartphones and tablets is really making this future more credible for us.


Amazon’s Whispercast Sneaks Into Schools

Amazon’s new Whispercast technology could make e-textbooks commonplace, saving students’ backs, saving parents money, and making it much easier to provide the most current information for coursework. There are a few things to iron out though: Are teachers going to have to learn to be IT administrators? And who’s on the hook when a student loses or damages a school-supplied device?

The days of lugging books back and forth to school could soon be in the past, as Amazon on Wednesday announced a new initiative for schools and business customers that features a scalable online tool for deploying Kindle devices and Kindle content.

Whispercast for Kindle provides a single access point to easily purchase and distribute Kindle books and documents for educational, marketing and employee incentive programs. In addition to this content being usable on Kindle devices, it could be used with free Kindle reading applications for the Apple iPad and iPhone, as well as Android devices, Windows Phones, PCs and Macs.

“Hundreds of thousands of students around the world are already reading on Kindle,” said Amazon Kindle Vice President Dave Limp. “Today, we are announcing Whispercast, a free, scalable solution for school and business administrators to centrally manage thousands of Kindles and wirelessly distribute Kindle books as well as their own documents to their users. Organizations can also design Bring Your Own Device programs at school or work using personally owned Kindles, Kindle Fires, and other tablets using the free Kindle reading applications for receiving content.”

Will this be the way of teaching in the future? will there be any real books left?

The Dark Side of IT: Cyber Warfare (pt. 1)


SPOILER ALERT! A movie is present, so no need to actually read this stuff. Although I would strongly recommend you do, since the you might learn a thing or two.

As I promised yesterday I present to you a first blog about the dark corners of information technology, which are usually better left untouched. I kick off with a banger; cyber warfare. The biggest thing to happen to this dark side in a long time. But what exactly do we mean by cyber warfare? It doesn’t even sound that bad, does it?

Thinking about cyber warfare I immediately thought about the movie WarGames (1983). In this cold war SciFi flick a teenage hacker gains access into an US army supercomputer (called WOPR … ) and while believing he is playing a game it turns out he almost starts WOIII. Although this plot may sound a bit cheesy, the movie is really spot on and worth your precious time. In fact a must see for all new BIMmers!  A little screenshot to convince you (if this brings back childhood memories, please do comment):


Big Brother is watching you! (George Orwell, 1949)

Another thing that directly comes to mind is George Orwell’s 1984. A visionary novel from one of the best SciFi writers ever. Written in 1949 it shows a future that is ruled by government surveillance and mind control by a totalitarian regime. This is where the famous Big Brother statement comes from which is becoming more present every day. Just think about the presence of Google online or the cameras which are now installed in the M-building (where we have our IS exam this coming Monday).

But this was all Science Fiction, right? Yes, we thought it was. But it seems the real world is catching up rather quickly. It all began in January 2010 (well, probably more around the 1950s, but I won’t bore you with history today) when the International Atomic Energy Agency (IAEA) inspected the nuclear facility of Natanz. They found out that physicians were swapping centrifuges at an incredible high rate, which indicated serious problems with the reactor.

The most complex malware ever written (Wired, 2011)

It took until June of 2010 to find out that the reason for these repairs lied in a computer virus, which became known as Stuxnet. This virus was specifically designed to target the Iranian nuclear program and had effectively brought damage to its facilities. For most security experts it was immediately clear that the game had changed, the first massive act of cyber warfare (made publicly) was a fact.

Since I have noticed you like videos I decided to add one explaining Stuxnet in great detail. It is actually really informative!

I’ll stop here and will elaborate more on Stuxnet in pt. 2. In there I will also focus on the current state of cyber warfare where I show that Stuxnet is just the tip of the iceberg. Big Brother really is watching you and maybe even with your own webcam. Click here to read pt. 2!

Like this? Follow me on Twitter!