It System Course EvalAssignment Questions1. How well did the iPremier Company perform during the 75 minute attack? If you were Bob Turley, what might you have done differently during the attack?
2. The iPremier Company CEO, Jack Samuelson, had already expressed to Bob Turley his concern that the company might eventually suffer from a “deficit in operation procedures.” Were the companys operating procedures deficient in responding to this attack? What additional procedures might have been in place to better handle the attack?
3. Now that the attack has ended, what can iPremier do to prepare for another similar attack?4. In the aftermath of the attack, what would you be worried about? What actions would you recommend?Management Topics* Managing during crisis* Managing Disclosure* Risk Management* Corporate SecurityTechnology Topics* Denial of Service Attack (DSA)* DDSA* Hackers* Firewall* Disaster Recovery1. How well did the iPremier Company perform during the 75 minute attack? If you were Bob Turley, what might you have done differently during the attack?
On January 12, 2001, the iPremier Company (the name of the company has beenchanged), a successful high-end web-based retailer, was shut down by a distributed denialof service (DDoS) attack that began at 4:31 AM ET (Eastern Time) and then endedabruptly and mysteriously at 5:46 AM. Bob Turley, the companys CIO and the personresponsible for coordinating response to the problem, was asleep in a New York hotelroom when the attack against the Seattle-based company commenced. He was thusforced to manage the situation from afar, via his cell phone. During the 75-minute event,Turley interacted with Joanne Ripley (operations team leader), Jack Samuelson (CEO),Warren Spangler (VP, Business Development), Tim Mandel (CTO), and Peter Stewart(the companys legal counsel), some of whom injected
nkphere. These two are very much in the midst of the attack and there is absolutely no justification for them not to act. A DDoS attack at 3:15 AM ET and then 7 minutes later, during a lull in the process of responding to the attack, is clearly intentional to further cripple the organization to a state of unspeakable destruction. That was not all. According to the site (not the site which published the original article), a system administrator had blocked a DNS lookup that allowed the internet to take hold at the beginning of the attack (1):
If [the] system administrator was able to restore Internet access to the affected company without causing serious damage, or if the affected company failed to comply with a request for a DNS resolver, then the affected company would be immediately moved immediately to its default service provider.
The site quotes in the article quote the following from the C&C’s response:
Because a DNS resolver was not available until hours, on the first try we had not attempted an attempt. This time we could not determine whether or not the DNS resource was being utilized properly.
“Our customers in other countries and areas are aware that DNS resolvers are not available anymore because they have failed to respond quickly. As a result we have initiated an emergency response to these events and continue to be working with our global network and customer support partners to assist in this situation.”
Despite the DDoS outage, Tim and I are convinced that the attack is deliberate as we’ve never had a DDoS attack, let alone a denial of service attack at the time. We need to fix it so they won’t be so quick to attack our business. While this may be my opinion, I also agree with the CEO’s statement that the company is being completely protected. If they see something like this for them, they will likely go back on their current plan.
To read the entire article, click here.