Dealing with information technology

Assignment Help Microeconomics
Reference no: EM131038792

DISTRIBUTED DENIAL OF SERVICE ATTACK

Jack Hutchins, president of Aget Clothing, shook his head as he stared at the 1,000-plus page server log from the night before. According to Tim Shelley, Aget's part-time technology support person, the distributed denial of service (DDoS) attack had been 100 per cent effective in shutting down Aget's web services. Fortunately the attack occurred at 1:15 a.m. and lasted only 12 minutes, so that customer impact was minimal ... this time. But Hutchins worried about next time. He had asked Shelley to provide more information about the attack and what they could do about it, and in response had received a stack of books, magazine articles, and white papers dealing with information technology (IT) security.

Hutchins' concerns were well founded, as attested by many recent news headlines: "Computer virus uses Canada Post scam" - "Saskatchewan teen charged with hacking New York City-based website" - "Gambler hit by online glitch unhappy with BC Lottery Corporation response." IT security failures, strike fear into the hearts of technology-savvy business executives who cannot help but wonder, "Will we be next?" A 2009 study by the University of Toronto and Telus Corporation revealed that threats originate from both inside the organization (e.g., unauthorized access to information by employees) and outside (e.g., software viruses), with an average annual loss exceeding $834,000 per firm. DDoS attacks are a particularly debilitating threat, and Canada has earned a notorious reputation in this area thanks to one Canadian teenager.

Canada had developed some notoriety as a source of DDoS attacks. In the year 2000, 15-year-old Michael Calce sat at his computer in Montreal, contemplating which web server to attack next. Three years earlier his best friend had tragically died in a car accident, spawning a sense of powerlessness in the young boy. As he processed his new reality, Calce submerged himself in the dark side of the web, eventually seeking out methods to attack online systems. Says Calce, "With these tools in hand, I began to feel like I was in control of the Internet, rather than the other way around. The sense of power and possibility was intoxicating." From the apparent safety of his alter-ego, "Mafiaboy," Calce launched DDoS attacks on the very largest web companies: Amazon, CNN, Dell, eBay, Yahoo!, and others. His activities rendered the  servers unresponsive to legitimate customers for hours at a time and drew the attention of the financial markets and senior political leaders in Canada, the United States and abroad. Some estimates pegged total damages from Mafiaboy's exploits at Cdn$1.7 billion. The fact that the devastating attacks were accomplished using such inexpensive and ubiquitous technologies as a PC and Internet connection was concerning enough, but that a mere teenager accomplished them was downright terrifying. The authorities eventually tracked down Calce, but only because he bragged about his exploits in some online chat rooms. He was sentenced to a year of probation, restricted use of the Internet and a small fine.

While a DDoS attack may sound technically sophisticated, in fact most are based on a simple and unimaginative idea: the prank telephone call. Imagine a naughty child who picks up the telephone, calls a number at random, makes a joke and then hangs up. To the victim, this single call might be a minor nuisance. If the child calls the same victim several times in a row, the victim might become annoyed at the inane disturbances. However, if the prankster gets 100 friends to call the same victim continuously, legitimate calls would no longer have a chance to get through. The victim's telephone system would have become compromised. Likewise, in a typical brute-force DDoS attack, the hacker may connect with - thousands of software "bots" running on remote Internet-connected PCs (typically compromised using trojan viruses) and instruct them to contact a particular web server at a given time. The server tries to respond to this incoming flood of requests, but it quickly becomes overloaded with the sheer volume of connection requests. Legitimate users have no chance to get through. The hacker can evade capture via "spoofing," i.e., by modifying the return address on malicious data packets. In hacker parlance, the server has been "pwned" (see https://en.wikipedia.org/wiki/Pwn).

Just as technology evolves rapidly, cyber criminal behaviours such as DDoS attacks have become increasingly prevalent and sophisticated, and responding to them remains a challenge and depends on a few key factors. For example, if the content of the incoming DDoS packets is in some way characterizable, it may be possible to filter out (ignore) them and accept only legitimate packets. If the target of the attack is on a particular back-end resource or application, as opposed to the front-end network server, then loadbalancing or authentication techniques may be configured to minimize impact. If the DDoS packets are originating from a constrained geographical locale, a distributed server architecture may be designed to provide localized protection (e.g., duplicate servers in North America and Europe to handle the traffic from those regions).

As Hutchins pondered the attack, he felt decidedly unsettled about the state of his firm's IT security. True, since enabling the online sales channel five months ago, revenue had grown by $1.2 million or four per cent. And yet, a major security breach that resulted in the shutdown of systems or theft of customer data could do irreparable damage to the firm. Perhaps the company should retreat from  online sales and return to emphasizing traditional retail approaches.

DISCUSSION QUESTIONS

1. Did Calce's punishment fit the crime?

2. How much computer expertise do you believe is required to launch a DDoS attack today?

3. Hackers clearly pose a threat to online business such as Amazon and eBay since, if their servers are inaccessible, the companies' business activity can be interrupted. Why should traditional (non ITfocused) businesses pay attention to hacker threats?

4. Should Hutchins retreat from doing business online?

Reference no: EM131038792

Questions Cloud

What is the fasb codification system : What tools can be used for financial statement analysis? What do these tools tell you about financial performance? What kinds of business decisions can be made using these tools?
What is this black in black popular culture : What is this "Black" in Black Popular Culture---Stuart Hall. "Coltrane Live at Birdland". "Characteristics of Negro Expression---Zora Neale Hurston
Imagine a product or service : Assignment: Imagine a product or service that you want to sell internationally. Tell me what it is and list three countries where you want to start your efforts. Give me the reasoning why you chose these three countries. Total length 40-80 lines i..
What does the balance sheet tell you about the company : What information is provided in the statements that will assist you in making these business decisions? What information is not provided that could assist in managerial decision making?
Dealing with information technology : But Hutchins worried about next time. He had asked Shelley to provide more information about the attack and what they could do about it, and in response had received a stack of books, magazine articles, and white papers dealing with information te..
What you have learned about natural selection : Consider what you have learned about natural selection and mutation concerning health issues like TB and head lice, and apply it to pesticide use and farming.
What are some non-financial performance measures : What are some business decisions that managers could make? What tools will they use to make recommendations regarding these business decisions? Why? How will they measure the success of their recommendations?
Does management''s assessment of the financial condition : Does management's assessment of the financial condition agree with your assessment from the Financial Statements Paper Part I? Explain your response. Support your answer using trend analysis, vertical analysis, or ratio analysis.
What is the only direct evidence of a defendant mens rea : Different levels of blameworthiness are indicated by different types of intent. Ignorance of facts and law _____________ create a reasonable doubt that the prosecution has proved the element of criminal intent.

Reviews

Write a Review

 

Microeconomics Questions & Answers

  Explain what you would do in situation integrate elements

describe what you would do in the situation. integrate the elements of reasoning andor intellectual standards to show

  Discover the nash equilibrium or equilibrium of this game

In a two-player one shot simultaneous move game, each player can choose strategy A or strategy B. If both players choose strategy A, each player earns a payoff of $400. If both players choose strategy B, each player earns a payoff of $200.

  Graph gary''s demand function for candy

a) Graph Gary's demand function for candy given that PS =5 and his income is 20. Thegraph should have demand on the vertical axis and PC on the horizontal axis.b) If PC =1, what utility does Gary achieve?c) Using the utility derived in part (b) and P..

  Investments in career development do not give organization

for the statements below you are to write two answers. one answer should agree with the statement the other should

  Outline the key features of the travel cost method

The problem related to Economics deals with the key features of Travel Cost Method for valuing benefits. Travel Cost Method is mainly used to assess the benefit value associated with the ecosystem or any site for recreation.

  Develop a choice table for interest rates

Using the current specification, resurfacing a road will cost $1.5M initially, need $120k in annual maintenance and need to be resurfaced every 10 years. A proposed new specification is expected to be more resistant to wear.

  How economic concept of price discrimination is implemented

Show how the economic concept of price discrimination is implemented in the airline industry and reflected in airline pricing.

  What do you expect to happen in the long run?

What do you expect to happen in the long run?

  What is the meaning of market equilibrium

What is the meaning of market equilibrium? Explain why everyone is not satisfied with a particular equilibrium point and discuss a benefit and a cost of raising the minimum wage to $10/hr. from its present $7.25/hr.

  Economy was on the verge of an expansion period

According to the Wall Street Journal, merger and acquisition activity in the first quarter of 2004 rose to 5.3 billion- an investment level not seen since the second quarter of 2001. Approximately three fourths of the 78 first quarter deals occurred ..

  Calculate the cheating firm profit when it deviates

Calculate the cheating firm's profit when it deviates from the cartel agreement. Calculate the non-cheating firm's profit under this scenario. Show your work

  Draw diagram illustrating situation using the ad model

Draw a diagram illustrating this situation using the AD/AS model. In your diagram make sure you include the LRAS, the SRAS, the AD, and the initial equilibrium aggregate price level (P) and the initial equilibrium aggregate output level (Y).

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd