mis
Sam321
iPremierCaseStudy.pptxThe iPremier Company: Distributed Denial of Service Attack
By: Robert D. Austin
Presented by: Group 4
Story Time
iPremier Company
Founded in 1996
Web- based company
2017: profit for the company were $20.1 Mil
Sales were $320 mil
Healthy relationship with their customers
Behind the scenes
Management and Culture of iPremier
Management included young people
Highly experienced with high performance reputations
CEO is present in every stage of the hiring process
Quarterly reviews for every employee
“Unsuccessful managers did not last long”
Describe the work force as “intense”
The Technical Architecture of iPremier
Qdata serves as the company’s host for their computer equipment, databases, and internet server
4:39am (Joanne Ripley)
On the phone with Joanne Ripley, the technical operations team leader, they discussed the potentials of what type of attack it may be, considering a DDos attack
With the extent of the attack, Turley and Ripley discussed the worst-case scenarios that may be happening. For instance, if the hackers were stealing company data and consumer credit cards information
Ripley mentioned how the Business Continuity Plan (BCP), used to prepare for this type of technological emergency, was outdated and unreliable
4:39am (Warren Spangler)
Turley then received a call from Warren Spangler, Vice President of Business Development
While Turley was overwhelmed, he wanted to discuss the incident with the Chief Technology Officer (CTO), but remained on the call with Spangler
They discussed whether calling the police should be an option.
4:39am (Tim Mandel & Peter Stewart)
Chief Technology Officer (CTO), Mandel says “Forget about preserving the logs, detailed logs aren't enabled”
Stewart, from legal team advised them shut down, pull the plugs and go dark
Can't risk your pii (personal identifiable information) from going viral
Turley asked how he found out,and Mandel said spangler called and hackers had control of the website,stealing information
Turley says: Spanglers got everyone up
Joanne is at Qdata working on how to fix the problem
She calls in and says: they won't let her in NOC2 to see who is accessing their site, the regular Qdata guy is on vacation in aruba
5:27am
The CEO Jack Samuelson calls and asks Turley if there is a plan being worked on TellsTurley: stock might be affected but not Turley’s concern at the moment, just keep working on the solution and running
Turley calls Ripley, she says: they let him in. SYN is flooded through multiple sites directed at the router that runs their firefall and they should really get a proper fire wall
The attack is coming from 3000 sites, Ripley says he can try to shut down traffic from those sites but every time he shuts one down attacks from 2 others are triggered
Ripley says: the hackers might be using a bot net of enslaved machines
5:46am
Ripley calls again
It stopped the attack stopped
Turley asks what she did, she responded nothing the attack stopped at 5:46am. Said that they can run the site business as usual but recommends to shut down or disconnect. They should run a forensic audit make sure nothing else has happened. Ripley asks if she can reach out to cybersecurity to get them in as soon as possible
5:46am
After being attacked, the company realized they need to consider shutting down or disconnecting from the Internet to prevent from attack again.
However, arguments occur because shutting down will significantly have a negative influence on the stock price. Some argue that iPremier is responsible to its shareholders and there’s no evidence that data has been stolen.
Attack is ranked from week to strong. Namely single source, DDoS, and DrDoS.
Single source: The hackers use one computer to attack the target
DDos: The hackers remotely control many digital devices including cell phones, computers, and some smart devices like thermometers to have conversations with the target.
DrDoS: By using many computers, the hackers remotely control many digital devices to attack the target.
Questions
Post attack, it is shown that iPremier “dodged a bullet” and stopped the attack. Do you think Turley should temporarily shut down and disconnect from the Internet to figure out the breach? Or should they continue the website, until given an “evidence-based” reason?
Why is it important to have multiple emergency protocols and reports instead of one general plan? When should the protocols be updated and trained/re-trained with staff?
As a customer, how do you think of the breach of data? What will do if data breach happens?
If a breach like this occurs, as a customer you would want to know right away. Why is it important for the company and customers to have a healthy relationship?
