The iPremier Company is a high-end online sales company based in Seattle that deals mostly with credit card transactions, involving high end customers with no credit limits. The company had contracted with an internet hosting company, known as Qdata, for the provision of internet security services and monitoring of web sites for customers. In addition to these services, Qdata also provided essential high-level management services for iPremier, including firewall protection services for the company's high end customers. The denial of service attack took place on January 12, 2007 when iPremier's servers were hacked and brought into a stand still. The whole denial-of-service attack lasted for the duration of seventy-five minutes and had detrimental effects to the company's business and its relationship with Qdata, given that the DoS attack originated from within the company's premises. The DoS attack targeted the credit database maintained by iPremier, which contained all credit card information about all the company's high end customers.
The senior managers of iPremier, led by the Chief Information Officer Bob Turley, made the decision not to shut down the systems so as to ensure that there would be a comprehensive rebuilding of the whole production system of the company. The company embarked on a plan to create an iPremier site, using all the equipment available, so as to ensure an up-to-date hosting facility. However, there lacked sufficient emergency procedures that could handle the simple DoS attack on the company's data center. In addition, iPremier's binder was outdated. Also, restarting the web servers had little effect in overcoming the attack, even though such a procedure had little customer impact. The company's IT manager, Bob Turley pulled the plug, shut off the power, and pulled out the cards out of their sockets, in a bid to prevent loss of critical credit card information. Shutting down the traffic from the attacking addresses was a knee jerk reaction, given that there was no intrusion, except for script kiddies who targeted the firewall systems of the company.
During the attack, the company should have pulled the plug, given that this is the only way customers' credit data could not be stolen. In the first few minutes of the attack, iPremier should have rate limited its routers, so as to prevent its servers from being overwhelmed. Filters should also have been added to the routers so as to drop packets from the potential sources of attack. Bob Turley should also have ensured that the lower ICMP, SYN, and UDP flood drop thresholds were set so as to mitigate the potential adverse effects of the Denial of Service attack.
Jack Samuelson had earlier indicated that there existed inadequate operating procedures in responding to the seventy-five minute DoS attack as the Company's CEO. The current operating procedures were unable to determine the extent of the damage of the firewall intrusion. In addition, it was not possible to determine if customer data would be stolen. The systems failed to track the source of the attack with regard to where the 'Ha, ha, ha' emails, received by the support personnel, originated. The company's night shift staff were not competent enough about the network monitoring software. In order to better handle the attack, the management should have ensured that it had complete control of communications. The attack should have been analyzed in a more detailed manner, incorporating all of the key decision makers, including a legal counsel before taking a critical course of action.
After the DoS attack, iPremier put in place a number of security measures that were aimed at making the company prepared for any future attacks. After the incident, iPremier restarted all of its production equipment, created an elaborate and well-staffed incident response team, and planned to move its headquarters into a modern hosting facility. Other recommendations that iPremier should have adopted included re-visiting its choice of the colocation partner. Qdata had a small number of qualified staff and had difficulties in retaining experienced staff. In addition, iPremier's colocation partner had little investment in advance technology, thus making it susceptible to such malicious attacks. The management of the company should have put in place elaborate remote access systems for its network security team. The company should also have implemented procedures for handling public relations and legal issues, measuring downtime costs, risk assessment, and filing complaints with the appropriate authorities. In order to prepare for future attacks, iPremier should practice a simulated attack and institute a third-party periodic security audits. In addition, it's important that a recovery plan be designed and documented by the company so as to mitigate future system attacks.
In the aftermath of the DoS attack, the biggest worry would be the business implications of the cyber-attack on the company. The web servers of the company will be unavailable to iPremier's legitimate customers. In addition, the incidence would result in bad reputation for the overall business of the company, leading to loss of customer goodwill, lost customers, and legal issues in the instance of loss of critical customer data. Additionally, iPremier's stock price would suffer a downward spiral in case the information about the attack leaks to the media. In order to prevent these adverse business implications for iPremier, the company should hire a good Chief Security Officer and educate the users about threats and securities that may face the company in future. In addition, iPremier should purchase and install more sophisticated and technologically-advanced firewall systems and cryptography systems for sensitive data.