While searching the web for articles I came across an article regarding Google and its increasing need for data storage, which I felt directly applies to various topics we have been discussing in class. The article, which I found in the technology section of business week, describes Google Inc's constant increase in demand for data storage. It goes over how major internet companies are expanding their IT capabilities, by building data warehouses internationally, in first rate locations in Nordic regions. The company sunk over one billion dollars in capital, to purchase the rights to use and renovate an old paper mill over seas in Finalnd, with the purpose of using it as a way to store it's User data. The mill is a hydroelectric system, buried about a football field's length beneath the "Lule River", and can produce as much power as a small nuclear reactor.
It only makes sense for Google to want to invest in these powerplants, because as it is these dams, provide an extensive amount of affordable, stable, and eco-friendly electricity. Due to the steady flow of electricity, and natural cooling properties of Finnish Fjords; these power mills make this is the prime location for a web kingpin such as Google, to establish it's power draining data warehouses, by eliminating the constant risk of overheating. Although, Google has officially made their investment, Microsoft is not the only one with their eyes on this prime location. Microsoft plans to spend to expand their range of data centers to support its ever growing cloud services, by investing over 250 million dollars to construct it's own data center in Finland, as a result of it's recent acquisition of Nokia company. After it's acquisition of an already major corporation, microsoft needs additional data centers to store the expansive amount of data it recently acquired, hence their plans to expand to these regions.
The article also mentions how Facebook, has been expanding its IT capabilities over the pasy year, by constructing data centers about seventy miles south of the Arctic Circle. The article states that as a result of its success with international companies, this region under the Arctic Circle has been named "Node Pole", because of the extensive amount of "nodes" (industry term for computer) in the area. It's wild to realize just how much data goes into sustaining a internet based company such as Facebook or Google in the year 2014. These data centers, are the storage centers that aid in the process of basic application functions, such as processing friend requests, likes, and profile picture changes.
The article proceeds to elaborate, on the history of the internet specifically, on the the location of where data centers used to be established in the past. Initially, data centeres were built intentionally near big cities, or financial capitals around the world; but as the need for data storage grows, so does the size of the data centers that support that need. This explains the current need for the expansion of industrial storage centers on an international level, to compensate for the growing amount of data storage, and cloud storage IT companies require. IT is apparent that, the recent infrastructure being built in the nordic regions, has been the most cost and performance efficient way to support this increase in need for data storage, strictly because Cloud computing has become so popular amongst IT companies. Surprisingly Sweden and other regions welcome the construction openly, the article states how it's military bases have been liquidated, and how the hydroelectric power opportunities, are equally beneficial for both the locals, and the companies looking to expand. In my opinion, I believe with the recent building of these data centers in Europe, these major companies have started a global trend for building cheap, clean, and efficient Data centers to reinforce the constantly expanding world of IT.
Article link: http://www.businessweek.com/articles/2014-01-30/scandinavia-draws-consumer-web-data-centers
Monday, February 3, 2014
POS Malware Used to Attack Target was On Sale at a Cybercrime forum
During the last holiday season, 110 million customers' credit
and debit card numbers, names, addresses, and phone numbers have been
compromised. The attackers stole the data through the use of malicious software
that targets Point-of-sale systems. The credit and debit card numbers were
collected through the magnetic stripes of the cards when swiped through the
machine when making a purchase. The software was made especially not to be
detected by the security system. Further investigation has led to an individual
under the name "Antikiller" who was selling the software for $2,300
at a cybercrime forum. While the culprit remains unknown, there is
however a clue found from a video update of the author of the malware. A link
to a Russian social networking site can be seen in the screen.
Cyber
security is such an important yet such a vulnerable thing in today’s technology
and internet driven society. As stated in the article, various services used to
detect or scan for malware such as ThreatExpert by Symantec and Virustotal by
Google, were not able to detect the software implanted into Target’s system at
the time that it was implanted. This raises a lot of security issues. If malicious
software can now be easily disguised and pass through firewalls of large
corporations’ databases, such as Target’s, then many other company’s and maybe even
government databases can possibly be breached. It’s frightening and shocking
that individuals are able to create such software that surpasses antivirus software
and security protocols. Furthermore, if large company’s databases can be
breached so easily, this just heightens the insecurity for individuals who use
the internet and have personal and financial data stored in their computers.
One crucial
thing in question is which POS system Target is using. The type of system
target is using could answer a lot of questions about the malware. It could
reveal information that can be helpful to the investigation such as how the
encrypted data was gathered and how it was implanted and enabled to gather data.
Target, however, has not commented on which POS system they are using. There is
a reasonable ground to assume that Target is using the same POS system as many
stores in the United States have been traditionally using. If this is true many
other retailers’ databases are in danger of being breached.
This whole hacking scenario is a
nightmare that has woken up corporations like Target as many other retailers
have been breached. Hopefully through the investigations, the culprit can be
caught and information can be gathered in order to improve current database security
systems. This data breached has cost Target millions of dollars, consumer
trust, and credibility. This attack should be seen as a wakeup call in order to
improve and constantly update current security systems even more than they
already have been because cybercriminals are constantly developing many ways to
break into databases and are always developing malicious software.
Cyber
security has become a nightmare with the rise of cybercrime forums, sites that
sell malware, and those individuals that perpetrate attacks. The government
should crack down more and even harder on such forums and perpetrators because
not only are large corporations hurt, ultimately it is the millions of people
with data stolen who are the primary victims.
Source: http://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/
Hotel Company Investigates Data Breach, Card Fraud
The article that I did my reflection on was from the website http://www.govinfosecurity.com/. The article was about a hospitality company called White Lodging Services looking into a possible data breach. Although this case is still in the investigation process, the data breach potentially can impact thousands of credit and debit cars across the nation. Brian Krebs, a security blogger, states, “… patterns of fraud were seen from cards used at Marriot hotels from March 23,2013 to the end of the year.” I thought this article was an important read because it makes people aware of the fraud that is going on in large companies.
This article was interesting because it is very similar to the Target scandal that happened previously this year. It seems to me that the companies who are getting targeted with these cases of fraud are very similar. The companies dealing with these many crises are all very large, with a massive number of customers. For example, White Lodging Services operates 168 hotels and more than 30 restaurants in 21 states, with almost $1 billion in revenue. With this in mind, I believe that the people who are committing these crimes know exactly who to target. My thought is that these hackers attack large companies because they have an enormous amount of information about all of thousands of customers that these companies have.
What makes this specific case very alarming is how the breach took place. Form what I read; the breach appears to have affected mainly gift shops and restaurants within the hotels, not the property management systems at the front desk that check people in and out of rooms. This means that the only people who were affected by the breach were the customers who visited the restaurants and the gift shops within the hotel. What makes things worse is that this investigation is still underway, and God knows what other breaches these hackers were able to complete.
This article is extremely important for people read because it makes them aware of the multiple hackers that can negatively affect them in the long run. It was eye opening to read that a company that does not deal with retail had a breach because it is mostly companies who sell products that this security breach happens to. Kate Cox, a writer for the Consumerist, said it best “And as we keep seeing again and again, if you’ve used a credit or debit card pretty much anywhere, you should be aware of breaches and take steps to protect yourself. A need for vigilance is the downside of convenience, these days.”
http://consumerist.com/2014/02/03/today-in-major-credit-card-breaches-hotels-hotel-restaurants/
http://www.informationweek.com/security/attacks-and-breaches/hotel-company-investigates-data-breach-card-fraud/d/d-id/1113671
http://www.govinfosecurity.com/hotel-company-investigating-breach-a-6463
This article was interesting because it is very similar to the Target scandal that happened previously this year. It seems to me that the companies who are getting targeted with these cases of fraud are very similar. The companies dealing with these many crises are all very large, with a massive number of customers. For example, White Lodging Services operates 168 hotels and more than 30 restaurants in 21 states, with almost $1 billion in revenue. With this in mind, I believe that the people who are committing these crimes know exactly who to target. My thought is that these hackers attack large companies because they have an enormous amount of information about all of thousands of customers that these companies have.
What makes this specific case very alarming is how the breach took place. Form what I read; the breach appears to have affected mainly gift shops and restaurants within the hotels, not the property management systems at the front desk that check people in and out of rooms. This means that the only people who were affected by the breach were the customers who visited the restaurants and the gift shops within the hotel. What makes things worse is that this investigation is still underway, and God knows what other breaches these hackers were able to complete.
This article is extremely important for people read because it makes them aware of the multiple hackers that can negatively affect them in the long run. It was eye opening to read that a company that does not deal with retail had a breach because it is mostly companies who sell products that this security breach happens to. Kate Cox, a writer for the Consumerist, said it best “And as we keep seeing again and again, if you’ve used a credit or debit card pretty much anywhere, you should be aware of breaches and take steps to protect yourself. A need for vigilance is the downside of convenience, these days.”
http://consumerist.com/2014/02/03/today-in-major-credit-card-breaches-hotels-hotel-restaurants/
http://www.informationweek.com/security/attacks-and-breaches/hotel-company-investigates-data-breach-card-fraud/d/d-id/1113671
http://www.govinfosecurity.com/hotel-company-investigating-breach-a-6463
Preventing the Next Data Breach
Preventing the Next Data Breach speaks about the new precautions
companies such as Target are going to take to protect their customers from
identity theft and financial fraud. After millions of people had their credit
card and personal information stolen from Targets computer systems this past
holiday season, evidence that companies can do a lot more to protect their
customers has surfaced. One promising
way retailers and banks can reduce the risk of hackers is by replacing their
magnetic strips with chip-based cards. Though the switch is costly, chip-based
cards are the most promising way to prevent further theft and fraud.
The
attacks on Target’s database systems started when a vendor’s credentials where
stolen and then used to gain access to the system. Because customers use cards with magnetic
strips rather than chip-based cards, the hackers were able to collect their
information from Target’s point-of-sale register. The hackers then collected
all credit and debit card transactions from Target’s databases. The most viable
decision would be for companies to move away from magnetic strip cards and move
toward EMV chip-based cards. If banks started using cards with chips instead of
magnetic strips, cards would not have to be swiped at the point-of-sale
terminals. Instead, the cards would be dipped into the device and a unique PIN
would be inputted to complete the transaction. By using EMV chip-based cards,
the embedded microprocessors make it much more difficult to steal information.
Many
companies store much more personal information then necessary when customers
make transactions. Having this information stored in a clearly not so secure
database, makes it easier for hackers to not only steal this information, but
also potentially commit identity theft. Security experts say there was
absolutely no reason for Target to have stored half of the information they did
regarding their customers, specifically their four-digit personal
identification numbers, or PINs, of their customers debit cards.
The
chip is capable of storing and transacting data in an encrypted, tamper-proof
format, protecting the cardholder from any potential security threats. This
tamper-proof technology coupled with the required PIN necessary to complete any
transaction is the next step to preventing fraud. By replacing the easily duplicated
magnetic strips and keeping personal information to ourselves, we could
drastically lower our chances of data breaches. These chip-based cards, or EMV
cards, are widely used across Europe but have not yet been adopted in the US
because many companies do not have the technology necessary to process this
advanced way of making transactions. A point that has been greatly emphasized
is that the EMV cards are not the answer to stopping fraud but just a step
forward it making it much more difficult for hackers to gather or duplicate the
necessary information to commit fraud.
This
necessary advance in technology should be a prominent concern in all companies
throughout the US. By restricting hackers ability to duplicate cards will be a
very effective way to lower the amount of credit card theft in the United
States. By making it safer to make transactions, companies will benefit from
many customers desire to make purchases at stores with safe databases.
Companies such as Target will suffer until they make the necessary changes to
their databases to protect customers from the threats of online hackers.
Kulkarni, Preeti. "Will chip-based
cards succeed in reducing credit card fraud?." The Economic Times.
N.p., 22 July 2013. Web. 3 Feb. 2014.
<http://articles.economictimes.indiatimes.com/2013-07-22/news/40727841_1_sbi-cards-chip-based-cards-emv>.
"Preventing the Next Data
Breac." The New York Times. N.p., 24 Jan. 2014. Web. 3 Feb. 2014.
<http://www.nytimes.com/2014/01/26/opinion/sunday/preventing-the-next-data-breach.html>.
Rogers, Kate. "Will We See
Chip-Based Cards Earlier than Expected?." Fox Business. N.p., 21
Jan. 2014. Web. 3 Feb. 2014.
<http://www.foxbusiness.com/personal-finance/2014/01/21/will-see-chip-based-cards-earlier-than-expected/>.
DNA Errors Found In FBI Database
In a recent article found in the
New York Times, “F.B.I. Audit of Database That Indexes DNA Finds Errors in
Profiles,” by Joseph Goldstein, talks about errors founds in a national
database. The Federal Bureau of Investigation identified nearly 170 profiles
that probably contain errors, because of handwriting mistakes or interpretation
errors by lab technicians. “The errors identified so far implicate only a tiny
fraction of the total DNA profiles in the national database, which holds nearly
14 million profiles, more than 12 million from convicts and suspects, and an
additional 527,000 from crime scenes.” Although this situation may sound
terrible, the discovery of an error has enabled authorities to recognize new
suspects in old cases. “These revelations spotlight how human error can detract
from the reliability of the testing process,” said Alan Gardner, the head of
Legal Aid’s DNA unit.
Reading about this investigation is
terrifying because it is a national database that is used by the FBI. You would
think that since it is run by the government there would be no problems or
errors. However, realistically there needs to be room for human error as it is
a common made mistake. Since lab technicians are the ones that are inputting
DNA information, they can still make errors. It is known that the DNA database
error is low, because it is the FBI, but the fact that there were errors found,
it is shocking. It is also frightening to know that the DNA of criminals is
found to be wrong. This shows that not only can major databases crash; they
could also provide wrong information, which would result in problems. Since the
discovery of the errors, the New York State Police have changed the “search
parameters” used to sift through DNA profiles. It seems that there is a problem
with the relationship between some of the fields that needs to be cleaned up
within the national database.
There can be many different
resolutions on how one can put additional security to assure accuracy. The FBI
could conduct two different readings made by different lab technicians to
assure that there are no errors when DNA is entered into the database. For example, after a technician enters the
data, the new information needs to be passed on to another lab technician to
approve the submission. Peer editing would really not allow room for errors.
Another solution is that analysis of the incorrectly entered data should be
done and the FBI can put additional security around the fields that were
entered incorrectly. I think one of the most beneficial ways that this can be
prevented is having daily and weekly reports provided by the FBI system to show
all of the new data that was entered. This would ensure for review of new
information in the database. Although there were not many errors in the
database, it is still a problem. I think that the FBI needs to find a solution
on how they can prevent this problem in the future.
Goldsetein, Joseph. The
New York Times. http://www.nytimes.com/2014/01/25/nyregion/fbi-audit-of-
database- that-indexes-dna-finds-errors-in-profiles.html.
(24 January 2014).
Cloud Computing Services
Dropbox is one of the most popular cloud computing services. In the article from the TheVerge.com,
Dropbox was refuting claims that their cloud service had been hacked and
attributed the problems to "routine internal maintenance." 'The
cloud-storage service went offline on Friday evening for three hours. Just moments
before the outage, though, the hacker group The 1775 Sec took to Twitter to
state that they were responsible for downing the Dropbox website.' Vulnerability to hackers is an ongoing issue for all cloud computing
services. Dropbox’s immediate response to the service issue was the
correct thing to do as it calmed the fears of their customers and lessened the
impact of the supposed hacker’s intent and message.
Cloud
computing is the new go-to in the information technology industry. Large
companies and small companies are adapting the use of these cloud services.
Popular cloud services like Google Drive, Dropbox, and iCloud are common with major corporations as well as
individual users.
The
greatest advantage of implementing the cloud to a company is that you have a company that specializes in data
storage taking care of your data. A company can spend their time and
resources on what they do best, running their company and not worrying about
back office tasks such as data storage. Since
all of the data is stored on the cloud, backing it up is much easier than
information that is stored on a physical device at the company’s location. Cloud
computing is very cost efficient. Lowering costs is something every company
looks to do in all departments, implementing cloud computing can drastically
lower a company’s IT expenses. Cloud data
storage is beneficial in that information
can be accessed anywhere, anytime. Most, if not all, of a company’s data is stored on multiple
servers across the country or even multiple countries. This provides multiple backups in case
a data center suffers a service interruption. The cost for a company to provide
the same data storage services for itself would almost always be more than utilizing
a cloud services company.
Security
is obviously the largest issue with cloud computing. Since the cloud is solely
Internet based, it makes it very susceptible to hackers. A company utilizing cloud data storage
is totally dependent on its data storage vendor to keep its data secure. Selecting
the most reliable data storage vendor is critical to maintaining company
operations. Technical issues are a part of everyday business and when
selecting a data storage vendor, it is important to have a service level
agreement that will ensure minimal downtime in the case of unplanned
downtime. A company should review the internal processes a data storage
vendor utilizes when a technical problem occurs. As companies and individuals
gain more trust in the security of their data in the cloud, the use of cloud
data storage has increased. A significant challenge for the cloud data
storage vendors is security and the unknown intentions of hackers trying to
interrupt the safety of cloud computing.
Companies
such as Dropbox can master data storage, backups and retrieval but will face an
ongoing challenge to master making their cloud services secure and safe from
hackers. Responding quickly to hackers public tweets will downplay their
significance in addition to reviewing internal controls to ensure that their
systems are secure.
http://www.theverge.com/2014/1/10/5297310/dropbox-website-goes-down-hackers-claim-responsibility
Opam, Kawme. "Dropbox Website Goes Down, Hackers Claim Responsibility (update)."The Verge. N.p., 10 Jan. 2014. Web.
Viswanathan, Priya. "Cloud
Computing – Is It Really All That Beneficial?" About.com Mobile
Devices. N.p., n.d. Web.
Subscribe to:
Posts (Atom)