Katrin Franke led the group that worked on the Tidal data manipulation case. Here she works with guest researcher Erick Armando Hernandez Díaz.

Cybercrime is on the rise. NTNU is on the case.

When investigative reporters from Dagens Næringsliv scrutinized playback patterns in Tidal’s music streaming service, they brought in researchers from NTNU to work on the case. It’s become increasingly common for the university to work with police to solve the growing problem of digital crime.

As society becomes ever more technology-driven and digitized, electronic crime is rising along with it. The Center for Cyber ​​and Information Security (CCIS) works with digital investigations. The centre has the largest Nordic professional group in the field and also plays an important role in the European context.

The NTNU Digital Forensics Group works closely with Norwegian police and other institutions internationally. Illustration photo: Shutterstock

Expertise in digital investigation was exactly what Dagens Næringsliv (DN) was looking for when they were examining playback log files of the Norwegian-developed music streaming service Tidal. DN suspected the streaming service of manipulating the playback numbers for the Beyoncé and Kanye West albums “Lemonade” and “The Life of Pablo.”

“DN analysed 1000 users. When NTNU was asked to examine the playback patterns, we felt that this was too small a sample size to draw any conclusions one way or the other,” says PhD candidate Jan William Johnsen.

“We had to check if there was any legitimate reason for the playbacks. It might be that DN had by chance selected users who had unusual playback behaviour,” he said.

Center for Cyber and Information Security

CCIS is a cooperative body hosted and managed by NTNU. CCIS conducts basic and applied research to improve the prevention, investigation and prosecution of cybercrime and high tech crime. CCIS is part of the Department of Information Security and Communication Technology (IIK).

The NTNU Digital Forensics Group consists of PhD candidates, researchers, professors and investigators. Some members, for example, have the expertise to investigate and extract evidence from hard disks and cell phones. Others have computer science backgrounds and work on linking artificial intelligence to security.

Lawyers with technology legislation as their specialization bring the newest type of expertise to the team. Since NTNU does not educate lawyers, the group collaborates with the Norwegian Research Center for Computers and Law at the Faculty of Law in Oslo, as well as with the Dutch university environment that also takes into account the influence of the law on information systems and communication processes.

Johnsen was the NTNU Digital Forensics Group member who worked with the analyses of the playback logs.

The NTNU Digital Forensics Group is a specialized academic research group at CCIS.

Gemini notes that Tidal rejects and denies the claims by Dagens Næringsliv.

Fraud revealed

The researchers began to analyse the raw data that contained the playback patterns of all Tidal users for a limited period of time. Among other things, the analyses showed that some users had listened to the same song up to 122 times at exactly the same time, if the numbers were accurate.

The completed review revealed more than 320 million fake playbacks of the two albums, distributed among 1.7 million user accounts.

“We used mostly advanced statistical analysis methods to review the playback patterns of all Tidal users. The analysis work began at the end of January and beginning of February. It was a big job and the final report was delivered to DN in April,” says Johnsen.

You can read the report here: Digital Forensics Report for Today’s Business

DN published the article on Tidal’s suspected fraud in May 2018.

The alleged economic gain in the Tidal case was that the artists Beyoncé and Kanye West had been paid too much money – at the expense of other artists who had music in the streaming service.

But even though a lot of money was involved for the artists, it amounts to relatively modest sums in the big picture of cybercrime.

Katrin Franke is a professor at the Center for Cyber and information Security (CCIS). She is head of the NTNU Digital Forensics group. Photo: NTNU

Huge sums

The financial crimes associated with the Internet as a whole involve huge sums.

Studies carried out by other sources, and compiled by the NTNU Digital Forensics Group, show that Norwegian cybercrime results in an annual loss of 0.64 per cent of Norway’s GDP.

This amounts to NOK 19 billion a year – money that does not benefit society.

“Nineteen billion is a lot of money. These are the only the numbers we’re aware of. But in all likelihood the numbers are much bigger,” says Professor Katrin Franke, who coordinates the NTNU Digital Forensics Group.

Gearing up against electronic crime

Franke and her colleagues have as their main motivation to see more money benefit the community from their cybercrime work. At the same time, they want to reduce the risk of damage from the failure or misuse of digitization.

In order to succeed, this special group is working closely with Norwegian law enforcement and other institutions internationally.