iPremier Case •
A story stor y about managing security and trust in the Internet world.
iPremier Company A HARV HARVARD BUSINESS BUS INESS SCHOOL CASE C ASE
The Attack on iPremier •
Many unknowns Various concerns
•
“Ha” emails received every second
•
Summary of iPremier •
•
Founded in 1996 • One of a few web-commerce success stories • Sells luxury, rare, and vintage goods online • INTERNET RELIABILITY IS CRITICAL!! Fiscal Year 2006 • Profits were $2.1 million • Sales of $32 million
If You Experienced a Computer Attack, What Would You Do?
So, What Would You Do? A. B. C.
Ignore the problem, it will go away Implement Disaster Recovery Plan Other, “Oh, do we have a plan?”
Agenda •
•
•
Technical Information • Firewalls • Hackers, Viruses, Worms Attack on iPremier • Key Terms and iPremier Network • Management and Key Employees • Aftermath of Attack Disaster Recovery
How Do Firewalls Work? •
•
A firewall provides a single point of defense between two networks— it protects one network from the other Firewalls are frequently used to prevent unauthorized users from accessing private networks connected to the Internet (~5 min.)
What Can’t a Firewall Do? Most firewalls cannot:
•
•
Protect a company against encrypted data or viruses Protect against carelessness or employee misconduct
•
Be the only means of network protection
•
Hackers
Hackers •
• •
•
People who break into a computer system and inform the company that they have done so. They are often either concerned employees or security professionals who are paid to find vulnerabilities. A security professional invited by Microsoft to find vulnerabilities in Windows. A person who breaks into a computer system with the purpose of inflicting damage or stealing data. An amateur who tries to illegally gain access to a computer system using programs (scripts) that others have written.
Computer Attack Overview
A computer attack is any malicious activity directed at a computer system or the services it provides
Types of Attacks
• •
Virus
•
Use of system by unauthorized individual
•
Denial of service (DoS) Probing of a system to gather information Physical attack of computer hardware
•
•
Computer Viruses Virus: a segment of self-replicating code planted illegally in a computer program, often to damage or shut down a system or network.
A virus that “worms” its way through either the computer’s memory or a disk and alters data that it accesses. Worms burrow through and between networks. A virus that attaches itself to seemingly innocent programs. It does not necessarily replicate, but it opens doors so that an attacker can enter undetected at a later date. A virus that is activated or triggered after or during a certain event. This virus usually lies in wait until a specific action is undertaken.
Key Terms QData
•
Steady provider of:
• • • • • • •
•
basic floor space power connectivity environmental control physical security and high-level “management services”
Hosted most of iPremier’s computer equipment
“Colo”
• •
QData’s hosting facility close to office
Network Operations Center (NOC)
• •
Secured Monitoring Location
iPremier Network
iPremier: Culture •
Mix of talented young people
•
“Intense” work environment
•
Balanced approach to growth and profitability
•
“Whatever it takes”
The Attack on iPremier
4:31 AM: Leon Ledbetter reports the website is locked up, customer support is receiving calls and support has been getting “ha” emails.
5:27 AM: Joanne Ripley realized shortly after she reached a Qdata console that iPremier was the recipient of a SYN flood from multiple sites that was directed at the router that runs the firewall.
iPremier’s Choices At the time of the attack, pull the plug?
•
•
Could lose logging data
•
Only way to assure credit card data is not being stolen
After the attack: rebuild the system?
•
•
•
Would shut down business for, at a minimum, 24-36 hours “The only way to be sure”
Ending The Attack
Every time Joanne tried to shut off the attacking IP address it would automatically trigger attack from two other “zombie” sites The emails stopped at 5:46 AM Computer security experts consulted after the attack suggested that the denial of service attack could have been a misdirection tactic, to avert attention from hacking
After the Attack •
iPremier instituted several security measures after the DoS attack: • Restarted all production equipment • File-by-file examination • Plan to move to more modern hosting facility • Created an incident-response team
Aftermath
Two weeks after iPremier was attacked, the Company received a call from an FBI special agent in Washington, D.C. Over the previous two hours the Company’s largest competitor, MarketTop, was experiencing a denial of service attack. The attack was being conducted from inside iPremier’s production computing instillation.
This attack proved iPremier’s firewall had been penetrated
Open Options 1.
Implementation of a Comprehensive Rebuild of all Productions Platforms
Resistance • MarketTop attack could be the full extent of crime • Could be seen as the destruction of evidence
Open Options 2.
MarketTop’s Potential Lawsuit Against iPremier or its Apparent Role
Resistance • Negative attention for both companies
3.
Open Options
Public Disclosure Compromised database serve contained credit card numbers
Two Opinions • CIO, Bob Turley, wanted to disclose what might have happened. • Senior Finance Staff Member, Linda Kliewer, offered a different oint of view.
Disaster Recovery Plan: “Some Binder” Precautions to take so the effects of a disaster will be minimized in an effort to:
•
Maintain or Quickly Resume Mission-Critical Functions Appropriate plans vary from one enterprise to another
•
Variables to consider:
• • • •
type of business processes involved level of security needed
What are the Major Concerns? • • • • •
Legal Aspect Public Relations Impact on Stock Price Customer Privacy Network Security
The End.
What implications do you see for: a. Social Media companies b. Companies using social media systems