The iPremiere Co.

D i s t r i b u t e d D e n i a l o f S e r v i c e A tt a c k

By: Ayesha Zahid & Umama Munir

 About iPremiere Co.
• An e-commerce business selling luxury, rare
and vintage goods;
• Held market leader position and enjoyed
great profits over the years;
• Most payments through credit cards. High-
end customers;
• Competitive advantage was variety of goods,
attractive website, and after sales service.

Add a footer 2

About the company (contd.)
Management & Culture
• The company started with young people
and a group of experienced managers;
• Focused on recruiting with high
performing individual with CEO
supervising the interviews;
• Quarterly performance reviews;
• “whatever it takes” attitude.
Add a footer
FR
Technology Architectural
• The management of its technical
architecture was outsourced to Qdata;
• Qdata provided most of their computer
equipment and connectivity to the
Internet;
• iPremier did not have the ability to
access to their data center at Qdata
immediately.
• Long-due plans of moving computing to
internal facility.
3
 FR
The Attack
• The iPremiere servers were attacked on January 12th 2018 at 4:31
and it lasted for an hour;
• According to Joanne Ripley, technical operations team leader, it
was a sophisticated DDoS attack and intrusion was a possibility;
• Bob Turley was most concerned if customers’ credit card
information was stolen;
• An emergency procedure was not being readily available – no
DRP or IRP;

Add a footer 4
 FR
What is a DDoS attack?
• Denial of service is a form of attack on the availability of some
service.  In the context of computer and communication security, the
focus is generally on network services that are attacked over their
network connection;
• It is designed to disable a network by flooding it with useless traffic. To
launch a DDoS, a hacker might first compromise multiple personal
computers by installing Trojan horse programs that allow the hacker to
control these computers remotely. Then the hacker would use the
compromised or “zombie” computers to send continual stream of
traffic to a Web server. This stream not only disrupts the real traffic at
the Web site, but it ultimately crashes the server, which tries to
respond to the excess traffic
Add a footer 5
 FR

Add a footer 6
 FR
What they did?
• Announced about the attack publically;
• Implemented new security measures but Ripley’s suggestion to stop web
operations for a while to investigate the case was not opted as it wasn’t
proved if firewall was penetrated;
• It was decided to build a new website which would be more secure and
shift to that so operations are not halted;
• Turley was still concerned and Ripley wasn’t too happy to wait for new
website;
• Two weeks later, a close competitor experienced same kind of DDoS attack
and it was from inside of iPremier co. facility;
• This attack proved that firewall was penetrated.
Add a footer 7
 FR
Problems at hand
1. To implement Ripley’s suggestion or not?
2. How to handle situation between iPremier and MarketTop?
3. To disclose the information publicly that customers’ credit card
information might be stolen?

Add a footer 8
 FR
Mistakes
• The biggest mistake was when Joanne Ripley decided to keep the servers online
instead of pulling the plug at the time of attack.  This decision allowed the attackers to
later penetrate the firewall and compromise the servers holding credit card data;
• A poor contingency and communications plan resulted in the wrong actions and a lack
of communication between team members;
• iPremier relied too heavily on QData resulting in numerous difficulties during the
attack;
• The system had a near nonexistent firewall and iPremier had no access remotely which
led to very limited information about the attack.
• No risk plan therefore company could only react.

Add a footer 9
 FR
Recommendation
• iPremier could have taken different steps such as shutting down the servers
immediately;
• A communications plan during a crisis can lead to faster results;
•  A course of action during certain planned risk scenarios can lead to faster and more
appropriate decisions during an attack;
• Moving the system to a reputable hosting provider with a world-class infrastructure
and support rather than Qdata and choose redundancy planning and testing;
• Hiring experienced IT personnel;
• Bring computing facility in-house so there would be no obstacle in accessing it
anytime.

Add a footer 10
 FR

Any questions?

Add a footer 11