iPremier Case

A story about managing security and trust in the Internet world.

iPremier Company
A HARVARD BUSINESS SCHOOL CASE

The Attack on iPremier

Many unknowns Various concerns Ha emails received every second

Summary of iPremier

Founded in 1996 One of a few web-commerce success stories Sells luxury, rare, and vintage goods online INTERNET RELIABILITY IS CRITICAL!! Fiscal Year 2006 Prots were $2.1 million Sales of $32 million

If You Experienced a Computer Attack, What Would You Do?

So, What Would You Do?

A. B. C.

Ignore the problem, it will go away Implement Disaster Recovery Plan Other, Oh, do we have a plan?

Agenda

Technical Information Firewalls Hackers, Viruses, Worms Attack on iPremier Key Terms and iPremier Network Management and Key Employees Aftermath of Attack Disaster Recovery

How Do Firewalls Work?

A rewall provides a single point of defense between two networks it protects one network from the other Firewalls are frequently used to prevent unauthorized users from accessing private networks connected to the Internet (~5 min.)

What Cant a Firewall Do?

Most rewalls cannot:

Protect a company against encrypted data or viruses Protect against carelessness or employee misconduct Be the only means of network protection

Hackers

Hackers

People who break into a computer system and inform the company that they have done so. They are often either concerned employees or security professionals who are paid to nd vulnerabilities. A security professional invited by Microsoft to nd vulnerabilities in Windows. A person who breaks into a computer system with the purpose of inicting damage or stealing data. An amateur who tries to illegally gain access to a computer system using programs (scripts) that others have written.

Computer Attack Overview

A computer attack is any malicious activity directed at a computer system or the services it provides

Types of Attacks
Virus Use of system by unauthorized individual Denial of service (DoS) Probing of a system to gather information Physical attack of computer hardware

Computer Viruses
Virus: a segment of self-replicating code planted illegally in a computer program, often to damage or shut down a system or network.

A virus that worms its way through either the computers memory or a disk and alters data that it accesses. Worms burrow through and between networks. A virus that attaches itself to seemingly innocent programs. It does not necessarily replicate, but it opens doors so that an attacker can enter undetected at a later date. A virus that is activated or triggered after or during a certain event. This virus usually lies in wait until a specic action is undertaken.

QData

Key Terms

Steady provider of:

basic oor space power connectivity environmental control physical security and high-level management services

Hosted most of iPremiers computer equipment

Colo
QDatas hosting facility close to ofce

Network Operations Center (NOC)

Secured Monitoring Location

iPremier Network

iPremier: Culture

Mix of talented young people Intense work environment Balanced approach to growth and protability Whatever it takes

The Attack on iPremier

4:31 AM: Leon Ledbetter reports the website is locked up, customer support is receiving calls and support has been getting ha emails. 5:27 AM: Joanne Ripley realized shortly after she reached a Qdata console that iPremier was the recipient of a SYN ood from multiple sites that was directed at the router that runs the rewall.

iPremiers Choices

At the time of the attack, pull the plug?

Could lose logging data Only way to assure credit card data is not being stolen

After the attack: rebuild the system?

Would shut down business for, at a minimum, 24-36 hours The only way to be sure

Ending The Attack

Every time Joanne tried to shut off the attacking IP address it would automatically trigger attack from two other zombie sites The emails stopped at 5:46 AM Computer security experts consulted after the attack suggested that the denial of service attack could have been a misdirection tactic, to avert attention from hacking

After the Attack

iPremier instituted several security measures after the DoS attack: Restarted all production equipment File-by-le examination Plan to move to more modern hosting facility Created an incident-response team

Aftermath

Two weeks after iPremier was attacked, the Company received a call from an FBI special agent in Washington, D.C. Over the previous two hours the Companys largest competitor, MarketTop, was experiencing a denial of service attack. The attack was being conducted from inside iPremiers production computing instillation.

This attack proved iPremiers rewall had been penetrated

1.

Implementation of a Comprehensive Rebuild of all Productions Platforms

Open Options

Resistance MarketTop attack could be the full extent of crime Could be seen as the destruction of evidence

2.

MarketTops Potential Lawsuit Against iPremier or its Apparent Role

Open Options

Resistance Negative attention for both companies

3.

Public Disclosure Compromised database serve contained credit card numbers

Open Options

Two Opinions CIO, Bob Turley, wanted to disclose what might have happened. Senior Finance Staff Member, Linda Kliewer, offered a different point of view.

Disaster Recovery Plan: Some Binder

Precautions to take so the effects of a disaster will be minimized in an effort to:

Maintain or Quickly Resume Mission-Critical Functions

Appropriate plans vary from one enterprise to another

Variables to consider:
type of business processes involved level of security needed

What are the Major Concerns?

Legal Aspect Public Relations Impact on Stock Price Customer Privacy Network Security

The End.

What implications do you see for: a. Social Media companies b. Companies using social media systems