Case Analysis

The iPremier Company (A): Denial of service Attack
Case 2—2

MIS 606- Management Information Systems

4 December 2012

Summary of the problem

The case presents a specific problem that has taken place in iPremier, a Seattle based company that was founded in 1996 by two students from Swathmore College and had become one of a few success web-based commerce, selling luxury, rare, and vintage goods over the Internet. It was exactly on January 12, 2007, when iPremier Web servers were brought to a standstill. The Web site of the company was locked up; neither employees nor customers can access the site due to a distrusted denial-of-service (DDoS) hacker attack. At that time, the company CIO, Bob Turley, who was recently hired, was out of the town on a mission, and that made the situation even worse. The problem was soon spread reaching the CEO! The shocking finding was the outdated emergency procedures. Eventually after 75 minutes the problem was solved and the main champion in my opinion was luck! Unstructured actions were taken to overcome this attack. The corrective action was taken but still iPremier will need to come up with preventive action for similar situations because this might threaten its existence.

The technology

The case discussed different technologies: distributed denial of service (DDoS) attack, firewall, and information security mainly in case of crisis. DDoS is a type of web attack that seeks to disrupt the normal function of the targeted computer network. This is any type of attack that attempts to make the affected computer resource unavailable to its users (Sticklnad,2010).
[pic]

Source: Sticklnad, 2010

A SYN flood was also discussed, it is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. The last one is a script kiddie in which a person uses existing scripts, code, or other tools illicitly to gain entry to a computer system or network, without understanding the way the tools function or the way the system or network is designed. (Mifflin,2006) or skiddie, also skid, script bunny, script kitty, are individuals who use scripts or programs developed by others to attack computer systems and networks and deface websites. This may include those who do so with a poor understanding of programming or computer networks. (Wikipedia.com).
The team used Microsoft word to analyze the case.

Available information

The whole case covered the stages of the hacking the Website of iPremier and actions that have been taken. Following information were available: - CIO, Bob Turley, who was hired three months ago only was out of the town on a mission and he was coordinating with the team on phone but still the situation was not handled in the best possible way. - iPremier was victim of DDoS attack for 75 minutes on January 12, 2007.
The attack started at 4:31 AM and solved at 5:46 AM and only few customers disrupted - .
.
- iPremier did not have experience or equipments to deal with such attack. - The emergency procedures were outdated and not communicated to the company leading to random actions to overcome the crisis. - Qdata ( hosted most of iPremier’s computer equipment and provided connectivity to the Internet) had outdated technology and a large turnover of staff. - The company was focusing on growth and profits, which made them reluctant to acquire modern facilities. - iPremier had the initiative to move to modern technical facilities, but focusing on growth and profits, cost of these facilities, fear of risk, and the personal commitment to the owner of Qdata kept them reluctant to such movement. - Qdata hosted most of iPremier’s computer equipment and provided connectivity to the Internet. iPremier continued with Qdata although it was battered by the contraction of the internet bubble. - Practicing incident response was deprioritized in the company; simply no one had time for it. - The problem escalation was not controlled efficiently and everyone started spreading it. - iPremier did not use detailed logging software that might give them evidence of what was going wrong during the attack and who attacked them. -

A pre analysis of the case

There are many facts to be considered when analyzing such case. It is important to consider the following: - DDoS attack is made by hackers in order to achieve specific purposes. DDoS attack could happen to any company that does not have enough actions to secure information. - It is not accepted that emergency procedures are not communicated throughout the company and not updated. Information security is the responsibility of everyone. It is expected that every employee knows what to do in these situations. - In case of large and well-known companies, the impact of attack exceeds the efforts to fix and deal with the attack. The most important of all, is the impact on customers and then sales and profits. - To deal with such DoS attack, there are many things needed such as up-to-date equipment, supportive leaders, perfect procedures, and clear distribution of duties and responsibilities. - Proper Firewall is needed to prevent DoS any attack. But firewall alone is not enough as there should be a complete system for protection.

The analysis

Analysis of the situation could be done by using different models and concepts. SWOT analysis is used for this case study. Looking at strengths, iPremier is a well-recognized company that operates in the market since 1996. The leader of the company is well qualified. Employees have the ability to communicate easily with their manager at any time and because of this advantage, the problem was solved immediately. The company copes with technological development and utilizes Internet in commerce. Additional strengths were strong management team, balance approach between profitability and growth ,customer focus approach, strong reward and compensation system, discipline and professionalism working environment, and competitive advantage in software development. In spite of these strengths, there are many weaknesses. Not only that there is inadequate firewall, but also emergency procedure were outdated and not communicated. The company did not acquire up-dated equipment and facilities related to information systems and protection. For opportunities, the company could enhance its security procedures and could face any attacks. In addition, it could acquire periodic audit to manage its operations including crisis management. By this way, the company could lead its market by using e-commerce and then could generate more profits and market share. Finally by looking at threats, the attack will badly affect the company's image and might affect its profits and market share. The attack could take place again. At the same time, hackers may develop new methods of attacking.

The solution/recommendations

There are many recommendations to solve the problem. iPremier needs to:
Before incidents occur

- Develop its information security system by itself. By this way, iPremier will develop procedures to guarantee security of information and managing information crisis. This will consume cost, time and effort but eventually will help iPremier to be ready for any new attack. Besides, in-house technology will enable iPremier to build its own systems that are customized to meet its needs and purposes. - If iPremier does not want to build its in-house technology, it can then outsource this activity to a well known, professional and specialized company. This alternative guarantees that iPremier will get secure system developed by specialized information security system but the risks of outsourcing could be the high costs and the expose of confidential information of iPremier to others. - iPremier needs to invest more in IT to enlarge its market share in addition to its needs to develop procedures of information security. This can be done by outsourcing some aspects of information security and doing some aspects in house. As we all know the lag measure of IT, IT profits will show after years form acquiring them. - iPremier needs to protect its data base and make backup in different locations. - Enhance its public relations to rebuild customer confidence and trust in the company. - iPremier needs to document all its procedures and configurations to deal with crises more comfortably. - Develop a Crisis Management Team that includes experienced managers and talented employees, hire chief security officer, and try to practice simulated attacks. - Educate all employees at all levels about security threats and train them to use monitoring software. - They should go for another company other than Qdata

During an incident:
Avoid psychological traps such as groupthink when the CIO focused in reaching the decision (by pulling the plug without knowing the root of the problem) rather than making the right decision.

After an incident: - Examine each file on every computer to be sure that there is no missing data and all files are as they originally installed.

- Rebuild the parts of infrastructure that caused the problem to be sure that its pre-incident state is restored.

Lesson learned

Many lessons are learned from this case: - Different attacks could happen to any company that does not have enough actions to secure information. Therefore, companies should be ready for such attacks. - There should be strong standard operating procedures in case of emergencies. - Information security is the responsibility of everyone, so employees should be trained on how to face crisis. - Periodic audit plan must be in place to ensure efficient operations - Focusing mainly on growth and profit is not the right path to follow. - Avoid cutting costs linked to security of customers’ information - Companies have to acquire up-to-date equipment to lower the risk of crisis - Companies must have a clear matrix for distribution of duties and responsibilities. - Top management support is essential to manage crisis. - Open communications between the managers and employees are essential to manage crisis. - Security should be part of the strategy. - Every company should have crisis management team to overcome the crisis. - Large companies should have qualified PR to handle customers concerns properly. - Remove any personal commitment in business.

References

▪ Jonathan Strickland. "How Zombie Computers Work" howstuffworks. n.p., 2010. Web. 30 Nov 2012.

Sticklnad, J. 2010 How Zombie Computers Work. Retrieved on November 1, 2012 from: http://computer.howstuffworks.com/zombie-computer3.htm"script kiddie." High Definition: A-Z Guide to Personal Technology. Boston: Houghton Mifflin, 2006. Credo Reference. Web. 30 November 2012.