User Account

All Pages

Dealing with information technology

Assignment Help Microeconomics
Reference no: EM131038792

DISTRIBUTED DENIAL OF SERVICE ATTACK

Jack Hutchins, president of Aget Clothing, shook his head as he stared at the 1,000-plus page server log from the night before. According to Tim Shelley, Aget's part-time technology support person, the distributed denial of service (DDoS) attack had been 100 per cent effective in shutting down Aget's web services. Fortunately the attack occurred at 1:15 a.m. and lasted only 12 minutes, so that customer impact was minimal ... this time. But Hutchins worried about next time. He had asked Shelley to provide more information about the attack and what they could do about it, and in response had received a stack of books, magazine articles, and white papers dealing with information technology (IT) security.

Hutchins' concerns were well founded, as attested by many recent news headlines: "Computer virus uses Canada Post scam" - "Saskatchewan teen charged with hacking New York City-based website" - "Gambler hit by online glitch unhappy with BC Lottery Corporation response." IT security failures, strike fear into the hearts of technology-savvy business executives who cannot help but wonder, "Will we be next?" A 2009 study by the University of Toronto and Telus Corporation revealed that threats originate from both inside the organization (e.g., unauthorized access to information by employees) and outside (e.g., software viruses), with an average annual loss exceeding $834,000 per firm. DDoS attacks are a particularly debilitating threat, and Canada has earned a notorious reputation in this area thanks to one Canadian teenager.

Canada had developed some notoriety as a source of DDoS attacks. In the year 2000, 15-year-old Michael Calce sat at his computer in Montreal, contemplating which web server to attack next. Three years earlier his best friend had tragically died in a car accident, spawning a sense of powerlessness in the young boy. As he processed his new reality, Calce submerged himself in the dark side of the web, eventually seeking out methods to attack online systems. Says Calce, "With these tools in hand, I began to feel like I was in control of the Internet, rather than the other way around. The sense of power and possibility was intoxicating." From the apparent safety of his alter-ego, "Mafiaboy," Calce launched DDoS attacks on the very largest web companies: Amazon, CNN, Dell, eBay, Yahoo!, and others. His activities rendered the  servers unresponsive to legitimate customers for hours at a time and drew the attention of the financial markets and senior political leaders in Canada, the United States and abroad. Some estimates pegged total damages from Mafiaboy's exploits at Cdn$1.7 billion. The fact that the devastating attacks were accomplished using such inexpensive and ubiquitous technologies as a PC and Internet connection was concerning enough, but that a mere teenager accomplished them was downright terrifying. The authorities eventually tracked down Calce, but only because he bragged about his exploits in some online chat rooms. He was sentenced to a year of probation, restricted use of the Internet and a small fine.

While a DDoS attack may sound technically sophisticated, in fact most are based on a simple and unimaginative idea: the prank telephone call. Imagine a naughty child who picks up the telephone, calls a number at random, makes a joke and then hangs up. To the victim, this single call might be a minor nuisance. If the child calls the same victim several times in a row, the victim might become annoyed at the inane disturbances. However, if the prankster gets 100 friends to call the same victim continuously, legitimate calls would no longer have a chance to get through. The victim's telephone system would have become compromised. Likewise, in a typical brute-force DDoS attack, the hacker may connect with - thousands of software "bots" running on remote Internet-connected PCs (typically compromised using trojan viruses) and instruct them to contact a particular web server at a given time. The server tries to respond to this incoming flood of requests, but it quickly becomes overloaded with the sheer volume of connection requests. Legitimate users have no chance to get through. The hacker can evade capture via "spoofing," i.e., by modifying the return address on malicious data packets. In hacker parlance, the server has been "pwned" (see https://en.wikipedia.org/wiki/Pwn).

Just as technology evolves rapidly, cyber criminal behaviours such as DDoS attacks have become increasingly prevalent and sophisticated, and responding to them remains a challenge and depends on a few key factors. For example, if the content of the incoming DDoS packets is in some way characterizable, it may be possible to filter out (ignore) them and accept only legitimate packets. If the target of the attack is on a particular back-end resource or application, as opposed to the front-end network server, then loadbalancing or authentication techniques may be configured to minimize impact. If the DDoS packets are originating from a constrained geographical locale, a distributed server architecture may be designed to provide localized protection (e.g., duplicate servers in North America and Europe to handle the traffic from those regions).

As Hutchins pondered the attack, he felt decidedly unsettled about the state of his firm's IT security. True, since enabling the online sales channel five months ago, revenue had grown by $1.2 million or four per cent. And yet, a major security breach that resulted in the shutdown of systems or theft of customer data could do irreparable damage to the firm. Perhaps the company should retreat from  online sales and return to emphasizing traditional retail approaches.

DISCUSSION QUESTIONS

1. Did Calce's punishment fit the crime?

2. How much computer expertise do you believe is required to launch a DDoS attack today?

3. Hackers clearly pose a threat to online business such as Amazon and eBay since, if their servers are inaccessible, the companies' business activity can be interrupted. Why should traditional (non ITfocused) businesses pay attention to hacker threats?

4. Should Hutchins retreat from doing business online?

Reference no: EM131038792

Questions Cloud

What is the fasb codification system : What tools can be used for financial statement analysis? What do these tools tell you about financial performance? What kinds of business decisions can be made using these tools?
What is this black in black popular culture : What is this "Black" in Black Popular Culture---Stuart Hall. "Coltrane Live at Birdland". "Characteristics of Negro Expression---Zora Neale Hurston
Imagine a product or service : Assignment: Imagine a product or service that you want to sell internationally. Tell me what it is and list three countries where you want to start your efforts. Give me the reasoning why you chose these three countries. Total length 40-80 lines i..
What does the balance sheet tell you about the company : What information is provided in the statements that will assist you in making these business decisions? What information is not provided that could assist in managerial decision making?
Dealing with information technology : But Hutchins worried about next time. He had asked Shelley to provide more information about the attack and what they could do about it, and in response had received a stack of books, magazine articles, and white papers dealing with information te..
What you have learned about natural selection : Consider what you have learned about natural selection and mutation concerning health issues like TB and head lice, and apply it to pesticide use and farming.
What are some non-financial performance measures : What are some business decisions that managers could make? What tools will they use to make recommendations regarding these business decisions? Why? How will they measure the success of their recommendations?
Does management''s assessment of the financial condition : Does management's assessment of the financial condition agree with your assessment from the Financial Statements Paper Part I? Explain your response. Support your answer using trend analysis, vertical analysis, or ratio analysis.
What is the only direct evidence of a defendant mens rea : Different levels of blameworthiness are indicated by different types of intent. Ignorance of facts and law _____________ create a reasonable doubt that the prosecution has proved the element of criminal intent.

Reviews

Write a Review

Microeconomics Questions & Answers

  Illustrate how fiscal policy can close contractionary gap

In the diagram use aggregate demand and short-run ag- gregate supply curves to show an economy at a short-run equilibrium, with a $0.5 trillion contractionary gap when potential output is $9.5 trillion. Identify the equilibrium point and price lev..

  Daw the consumers budget line under assumption that real

consumers typically pay a higher real interest rate to borrow than they receive when they lend by making bank deposits

  Define japanese imports into the united states

Quotas imposed on Japanese imports into the United States tend to: penalize both U.S. consumers and Japanese consumers. benefit both U.S. consumers and Japanese consumers.

  Explain exchange in the economy

Exchange in an island economy.robin and terry are stranded on a deserted island and consume two products, coconut and fish. In a day, robin can catch 2 fish or gather 10 coconuts, and terry can catch 1 fish or gather 1 coconut.

  Determine how many golf carts you need

What has happened to the level of desired consumption and why? Be sure to refer to the substitution effect in your answer! Be specific with numbers

  Simple keynesian model

Using an aggregate supply diagram and aggregate demand or model of the economy, graphically explain and discuss the short-run and long-run effects.

  Does labor exhibit diminishing marginal product

Question: Q = AKaLb when b= 0.2 and A,a,b > 0 - Does labor exhibit diminishing marginal product. Show your work.

  Show that the trs is fx/fy

If the company decides to reduce slightly the amount of A that it buys then it must buy additional B in order to maintain a constant level of production. The technical rate of substitution TRS of B for A tells how much additional B to buy per unit..

  Interpret the estimated demand function for one-month

You have just started work for a small company, FitCo, that develops private fitness clubs in small towns. FitCo buys or leases a local hotel or motel, then renovates to provide a gym, swimming pool, sauna, Jacuzzi, and a small café where patrons can..

  Knowledge of economic theory

Knowledge of economic theory to describe how these policy responses were expected to reduce the health hazards of alcohol consumption in the community.

  Explain how will you arrive at pricing decisions for the

for this project you are required to create a fictitious business and describe your industry costs market type pricing

  Herfindahl index of market concentration

We draw any general conclusions about the relationship between market concentration on the one hand and price, profit, or total welfare on the other?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd