Midterm Question #3

1. Identify the possible risks and threats (eg. virus) that can potentially attack a company with internet connection.

ANSWER:
by Yanet Manzano
Introduction

Over the last ten years, the number of Internet hosts has grown at an accelerated rate; slowdowns and traffic jams are plaguing the information superhighway. Consequently, companies struggle to meet the rising demand for speedy quality service. Unfortunately, the control mechanisms available today are not enough to handle the congestion problem we currently face. When we talk about the causes of congestion today, we have to decompose them into two major categories: one is congestion caused by legitimate traffic, and the other is congestion caused by malicious activities. In this article, we are going to focus on congestion created by malicious activities, specifically Denial of Service (DOS) Attacks.

DOS attacks are much like any other hacking attack, except that the penetration step does not exist. Because of this, most people consider DOS attacks as less of a threat, and therefore do not take enough preventive measures, until they find themselves facing a system shutdown and losses of millions of dollars. According to a CBI/FBI 2002 survey, the highest reported financial losses due to a single DOS attack increased from $1 million in 1998 to $50 million in 2002 [8]. In spite of such evidence, most companies still overlook the relevance of using preventive mechanisms to deal with DOS attacks. We have decided to place the situation in a different light, with the objective to provide a better understanding of the growing damage potential of this type of attack.

We are going to focus on a scenario in which an attacker individually launches his own company. The business would consist of launching DOS attacks against other companies, with profits being equivalent to the financial damages created by the DOS attacks launched. Our attacker starts with the traditional DOS model of one-attacker/one-victim, and then works to develop more sophisticated models that result in more damaging, and therefore more profitable attacks. Through this scenario, we will explore the three largest transformations of a DOS attack, from the traditional model to distributed DOS (DDOS), and to distributed DOS with reflectors (DRDOS). Before we move to trace the development of our attacker, we will explore some of the most famous DOS attacks that served him as inspiration to create his DOS Attack company.

2. Case research and analysis:

2.a Identify one company that had experienced an attacked from the internet.
ANSWER:By Martha Neil

In nearly 20 years as a trial lawyer, Keith Fink has encountered plenty of hardball litigation tactics. But the cyber attacks he has suffered since he began representing former employees of American Apparel in litigation against the company are unique.

"I've never experienced it, I don't know any lawyer that's experienced it, and I'm sure I'm never going to experience it again in my career," he tells ABAJournal.com.

In an apparent effort to discourage and discredit Fink, company employees have launched an Internet attack on his character, as the New York Post reports it has documented in internal American Apparel e-mails.

In an article last week, the newspaper details the cyber campaign it claims the company has launched against Fink, who who has filed multiple lawsuits against American Apparel and its chief executive, Dov Charney, on behalf of various former employees: "According to internal e-mails allegedly written by American Apparel staff and obtained by the Post, company officials are buying Web ads and feeding and building sites that allege a litany of malfeasance by the Los Angeles-based lawyer."

Among the efforts, the Post says, was text inserted into a Wikipedia entry about Fink. In it, as of mid-January, he was described as an "ambulance chaser" and worse. The newspaper also says that at least one website apparently was set up anonymously for the purpose of discrediting Fink, according to the internal American Apparel e-mails.

And, Fink himself tells ABAJournal.com, he believes the company is also responsible not only for this and other website criticism but Internet ads and even a critical—and, he says, factually inaccurate—print ad that ran prominently on Jan. 8 in the University of California Los Angeles campus newspaper, the Daily Bruin. Fink is teaching a class on free speech in the workplace at UCLA.

Although Wikipedia has taken down the critical entry about Fink in the website's free online encyclopedia, other Internet attacks are still up (and can readily be found by doing a name search on Google or another search engine).

Responding to a Post request for comment, American Apparel's general counsel said the e-mails relied on by the newspaper are unauthenticated and declined to discuss the matter further.

The Post article doesn't explain how the newspaper obtained the claimed American Apparel e-mail copies. But Fink says he believes one of the company's 10,000 or so employees has been sending them out anonymously.

2.b Describe the attack.
ANSWER:the newspaper details the cyber campaign it claims the company has launched against Fink, who who has filed multiple lawsuits against American Apparel and its chief executive, Dov Charney, on behalf of various former employees: "According to internal e-mails allegedly written by American Apparel staff and obtained by the Post, company officials are buying Web ads and feeding and building sites that allege a litany of malfeasance by the Los Angeles-based lawyer."

the Post says, was text inserted into a Wikipedia entry about Fink. In it, as of mid-January, he was described as an "ambulance chaser" and worse.

2.c Identify the damages done and the solutions adopted to reverse the damages and to protect the company from future threats.

ANSWER: Fink says he doesn't have time to try to respond to them individually and needs to focus his energies on representing his clients in their litigation against American Apparel.

"They're never going to intimidate or silence me, so … these efforts are all in vain," he tells ABAJournal.com. But, he adds, "I'm going to kick their butt in trial in my cases."