Monday, February 3, 2014

Major Web Companies expand to Nordic Regions to construct industrial sized data storage centers

While searching the web for articles I came across an article regarding Google and its increasing need for data storage, which I felt directly applies to various topics we have been discussing in class. The article, which I found in the technology section of business week, describes Google Inc's constant increase in demand for data storage. It goes over how major internet companies are expanding their IT capabilities, by building data warehouses internationally, in first rate locations in Nordic regions. The company sunk over one billion dollars in capital, to purchase the rights to use and renovate an old paper mill over seas in Finalnd, with the purpose of using it as a way to store it's User data. The mill is a hydroelectric system, buried about a football field's length beneath the "Lule River", and can produce as much power as a small nuclear reactor.

It only makes sense for Google to want to invest in these powerplants, because as it is these dams, provide an extensive amount of affordable, stable, and eco-friendly electricity. Due to the steady flow of electricity, and natural cooling properties of Finnish Fjords; these power mills make this is the prime location for a web kingpin such as Google, to establish it's power draining data warehouses, by eliminating the constant risk of overheating. Although, Google has officially made their investment, Microsoft is not the only one with their eyes on this prime location. Microsoft plans to spend to expand their range of data centers to support its ever growing cloud services, by investing over 250 million dollars to construct it's own data center in Finland, as a result of it's recent acquisition of Nokia company. After it's acquisition of an already major corporation, microsoft needs additional data centers to store the expansive amount of data it recently acquired, hence their plans to expand to these regions.

The article also mentions how Facebook, has been expanding its IT capabilities over the pasy year, by constructing data centers about seventy miles south of the Arctic Circle. The article states that as a result of its success with international companies, this region under the Arctic Circle has been named "Node Pole", because of the extensive amount of "nodes" (industry term for computer) in the area.  It's wild to realize just how much data goes into sustaining a internet based company such as Facebook or Google in the year 2014. These data centers, are the storage centers that aid in the process of basic application functions, such as processing friend requests, likes, and profile picture changes.

The article proceeds to elaborate, on the history of the internet specifically, on the the location of where data centers used to be established in the past. Initially, data centeres were built intentionally near big cities, or financial capitals around the world; but as the need for data storage grows, so does the size of the data centers that support that need. This explains the current need for the expansion of industrial storage centers on an international level, to compensate for the growing amount of data storage, and cloud storage IT companies require. IT is apparent that, the recent infrastructure being built in the nordic regions, has been the most cost and performance efficient way to support this increase in need for data storage, strictly because Cloud computing has become so popular amongst IT companies. Surprisingly Sweden and other regions welcome the construction openly, the article states how it's military bases have been liquidated, and how the hydroelectric power opportunities, are equally beneficial for both the locals, and the companies looking to expand. In my opinion, I believe with the recent building of these data centers in Europe, these major companies have started a global trend for building cheap, clean, and efficient Data centers to reinforce the constantly expanding world of IT.

Article link:

POS Malware Used to Attack Target was On Sale at a Cybercrime forum

During the last holiday season, 110 million customers' credit and debit card numbers, names, addresses, and phone numbers have been compromised. The attackers stole the data through the use of malicious software that targets Point-of-sale systems. The credit and debit card numbers were collected through the magnetic stripes of the cards when swiped through the machine when making a purchase. The software was made especially not to be detected by the security system. Further investigation has led to an individual under the name "Antikiller" who was selling the software for $2,300 at a cybercrime forum. While the culprit remains unknown, there is however a clue found from a video update of the author of the malware. A link to a Russian social networking site can be seen in the screen.

            Cyber security is such an important yet such a vulnerable thing in today’s technology and internet driven society. As stated in the article, various services used to detect or scan for malware such as ThreatExpert by Symantec and Virustotal by Google, were not able to detect the software implanted into Target’s system at the time that it was implanted. This raises a lot of security issues. If malicious software can now be easily disguised and pass through firewalls of large corporations’ databases, such as Target’s, then many other company’s and maybe even government databases can possibly be breached. It’s frightening and shocking that individuals are able to create such software that surpasses antivirus software and security protocols. Furthermore, if large company’s databases can be breached so easily, this just heightens the insecurity for individuals who use the internet and have personal and financial data stored in their computers.

            One crucial thing in question is which POS system Target is using. The type of system target is using could answer a lot of questions about the malware. It could reveal information that can be helpful to the investigation such as how the encrypted data was gathered and how it was implanted and enabled to gather data. Target, however, has not commented on which POS system they are using. There is a reasonable ground to assume that Target is using the same POS system as many stores in the United States have been traditionally using. If this is true many other retailers’ databases are in danger of being breached.

This whole hacking scenario is a nightmare that has woken up corporations like Target as many other retailers have been breached. Hopefully through the investigations, the culprit can be caught and information can be gathered in order to improve current database security systems. This data breached has cost Target millions of dollars, consumer trust, and credibility. This attack should be seen as a wakeup call in order to improve and constantly update current security systems even more than they already have been because cybercriminals are constantly developing many ways to break into databases and are always developing malicious software.

            Cyber security has become a nightmare with the rise of cybercrime forums, sites that sell malware, and those individuals that perpetrate attacks. The government should crack down more and even harder on such forums and perpetrators because not only are large corporations hurt, ultimately it is the millions of people with data stolen who are the primary victims. 


Hotel Company Investigates Data Breach, Card Fraud

The article that I did my reflection on was from the website The article was about a hospitality company called White Lodging Services looking into a possible data breach. Although this case is still in the investigation process, the data breach potentially can impact thousands of credit and debit cars across the nation. Brian Krebs, a security blogger, states, “… patterns of fraud were seen from cards used at Marriot hotels from March 23,2013 to the end of the year.” I thought this article was an important read because it makes people aware of the fraud that is going on in large companies.
This article was interesting because it is very similar to the Target scandal that happened previously this year. It seems to me that the companies who are getting targeted with these cases of fraud are very similar. The companies dealing with these many crises are all very large, with a massive number of customers. For example, White Lodging Services operates 168 hotels and more than 30 restaurants in 21 states, with almost $1 billion in revenue. With this in mind, I believe that the people who are committing these crimes know exactly who to target. My thought is that these hackers attack large companies because they have an enormous amount of information about all of thousands of customers that these companies have.
What makes this specific case very alarming is how the breach took place. Form what I read; the breach appears to have affected mainly gift shops and restaurants within the hotels, not the property management systems at the front desk that check people in and out of rooms. This means that the only people who were affected by the breach were the customers who visited the restaurants and the gift shops within the hotel. What makes things worse is that this investigation is still underway, and God knows what other breaches these hackers were able to complete.
This article is extremely important for people read because it makes them aware of the multiple hackers that can negatively affect them in the long run. It was eye opening to read that a company that does not deal with retail had a breach because it is mostly companies who sell products that this security breach happens to. Kate Cox, a writer for the Consumerist, said it best “And as we keep seeing again and again, if you’ve used a credit or debit card pretty much anywhere, you should be aware of breaches and take steps to protect yourself. A need for vigilance is the downside of convenience, these days.”

Preventing the Next Data Breach

Preventing the Next Data Breach speaks about the new precautions companies such as Target are going to take to protect their customers from identity theft and financial fraud. After millions of people had their credit card and personal information stolen from Targets computer systems this past holiday season, evidence that companies can do a lot more to protect their customers has surfaced.  One promising way retailers and banks can reduce the risk of hackers is by replacing their magnetic strips with chip-based cards. Though the switch is costly, chip-based cards are the most promising way to prevent further theft and fraud.
The attacks on Target’s database systems started when a vendor’s credentials where stolen and then used to gain access to the system.  Because customers use cards with magnetic strips rather than chip-based cards, the hackers were able to collect their information from Target’s point-of-sale register. The hackers then collected all credit and debit card transactions from Target’s databases. The most viable decision would be for companies to move away from magnetic strip cards and move toward EMV chip-based cards. If banks started using cards with chips instead of magnetic strips, cards would not have to be swiped at the point-of-sale terminals. Instead, the cards would be dipped into the device and a unique PIN would be inputted to complete the transaction. By using EMV chip-based cards, the embedded microprocessors make it much more difficult to steal information.
Many companies store much more personal information then necessary when customers make transactions. Having this information stored in a clearly not so secure database, makes it easier for hackers to not only steal this information, but also potentially commit identity theft. Security experts say there was absolutely no reason for Target to have stored half of the information they did regarding their customers, specifically their four-digit personal identification numbers, or PINs, of their customers debit cards.
The chip is capable of storing and transacting data in an encrypted, tamper-proof format, protecting the cardholder from any potential security threats. This tamper-proof technology coupled with the required PIN necessary to complete any transaction is the next step to preventing fraud. By replacing the easily duplicated magnetic strips and keeping personal information to ourselves, we could drastically lower our chances of data breaches. These chip-based cards, or EMV cards, are widely used across Europe but have not yet been adopted in the US because many companies do not have the technology necessary to process this advanced way of making transactions. A point that has been greatly emphasized is that the EMV cards are not the answer to stopping fraud but just a step forward it making it much more difficult for hackers to gather or duplicate the necessary information to commit fraud.
This necessary advance in technology should be a prominent concern in all companies throughout the US. By restricting hackers ability to duplicate cards will be a very effective way to lower the amount of credit card theft in the United States. By making it safer to make transactions, companies will benefit from many customers desire to make purchases at stores with safe databases. Companies such as Target will suffer until they make the necessary changes to their databases to protect customers from the threats of online hackers.

Kulkarni, Preeti. "Will chip-based cards succeed in reducing credit card fraud?." The Economic Times. N.p., 22 July 2013. Web. 3 Feb. 2014. <>.
"Preventing the Next Data Breac." The New York Times. N.p., 24 Jan. 2014. Web. 3 Feb. 2014. <>.
Rogers, Kate. "Will We See Chip-Based Cards Earlier than Expected?." Fox Business. N.p., 21 Jan. 2014. Web. 3 Feb. 2014. <>.

DNA Errors Found In FBI Database

In a recent article found in the New York Times, “F.B.I. Audit of Database That Indexes DNA Finds Errors in Profiles,” by Joseph Goldstein, talks about errors founds in a national database. The Federal Bureau of Investigation identified nearly 170 profiles that probably contain errors, because of handwriting mistakes or interpretation errors by lab technicians. “The errors identified so far implicate only a tiny fraction of the total DNA profiles in the national database, which holds nearly 14 million profiles, more than 12 million from convicts and suspects, and an additional 527,000 from crime scenes.” Although this situation may sound terrible, the discovery of an error has enabled authorities to recognize new suspects in old cases. “These revelations spotlight how human error can detract from the reliability of the testing process,” said Alan Gardner, the head of Legal Aid’s DNA unit.
Reading about this investigation is terrifying because it is a national database that is used by the FBI. You would think that since it is run by the government there would be no problems or errors. However, realistically there needs to be room for human error as it is a common made mistake. Since lab technicians are the ones that are inputting DNA information, they can still make errors. It is known that the DNA database error is low, because it is the FBI, but the fact that there were errors found, it is shocking. It is also frightening to know that the DNA of criminals is found to be wrong. This shows that not only can major databases crash; they could also provide wrong information, which would result in problems. Since the discovery of the errors, the New York State Police have changed the “search parameters” used to sift through DNA profiles. It seems that there is a problem with the relationship between some of the fields that needs to be cleaned up within the national database. 
There can be many different resolutions on how one can put additional security to assure accuracy. The FBI could conduct two different readings made by different lab technicians to assure that there are no errors when DNA is entered into the database.  For example, after a technician enters the data, the new information needs to be passed on to another lab technician to approve the submission. Peer editing would really not allow room for errors. Another solution is that analysis of the incorrectly entered data should be done and the FBI can put additional security around the fields that were entered incorrectly. I think one of the most beneficial ways that this can be prevented is having daily and weekly reports provided by the FBI system to show all of the new data that was entered. This would ensure for review of new information in the database. Although there were not many errors in the database, it is still a problem. I think that the FBI needs to find a solution on how they can prevent this problem in the future.

Goldsetein, Joseph. The New York Times. 
database-  that-indexes-dna-finds-errors-in-profiles.html.  (24 January 2014).

Cloud Computing Services

Dropbox is one of the most popular cloud computing services. In the article from the, Dropbox was refuting claims that their cloud service had been hacked and attributed the problems to "routine internal maintenance." 'The cloud-storage service went offline on Friday evening for three hours. Just moments before the outage, though, the hacker group The 1775 Sec took to Twitter to state that they were responsible for downing the Dropbox website.' Vulnerability to hackers is an ongoing issue for all cloud computing services. Dropbox’s immediate response to the service issue was the correct thing to do as it calmed the fears of their customers and lessened the impact of the supposed hacker’s intent and message.
Cloud computing is the new go-to in the information technology industry. Large companies and small companies are adapting the use of these cloud services. Popular cloud services like Google Drive, Dropbox, and iCloud are common with major corporations as well as individual users.
The greatest advantage of implementing the cloud to a company is that you have a company that specializes in data storage taking care of your data. A company can spend their time and resources on what they do best, running their company and not worrying about back office tasks such as data storage.  Since all of the data is stored on the cloud, backing it up is much easier than information that is stored on a physical device at the company’s location. Cloud computing is very cost efficient. Lowering costs is something every company looks to do in all departments, implementing cloud computing can drastically lower a company’s IT expenses. Cloud data storage is beneficial in that information can be accessed anywhere, anytime. Most, if not all, of a company’s data is stored on multiple servers across the country or even multiple countries. This provides multiple backups in case a data center suffers a service interruption. The cost for a company to provide the same data storage services for itself would almost always be more than utilizing a cloud services company. 
Security is obviously the largest issue with cloud computing. Since the cloud is solely Internet based, it makes it very susceptible to hackers. A company utilizing cloud data storage is totally dependent on its data storage vendor to keep its data secure. Selecting the most reliable data storage vendor is critical to maintaining company operations. Technical issues are a part of everyday business and when selecting a data storage vendor, it is important to have a service level agreement that will ensure minimal downtime in the case of unplanned downtime. A company should review the internal processes a data storage vendor utilizes when a technical problem occurs. As companies and individuals gain more trust in the security of their data in the cloud, the use of cloud data storage has increased.  A significant challenge for the cloud data storage vendors is security and the unknown intentions of hackers trying to interrupt the safety of cloud computing.
 Companies such as Dropbox can master data storage, backups and retrieval but will face an ongoing challenge to master making their cloud services secure and safe from hackers. Responding quickly to hackers public tweets will downplay their significance in addition to reviewing internal controls to ensure that their systems are secure.

Opam, Kawme. "Dropbox Website Goes Down, Hackers Claim Responsibility (update)."The Verge. N.p., 10 Jan. 2014. Web.

Viswanathan, Priya. "Cloud Computing – Is It Really All That Beneficial?" Mobile 

Devices. N.p., n.d. Web.