Hacker Attack

A case study of a hacker attack to BookMart

BACKGROUND　INTRODUCTION

BookMart , which was a major online book，movie and CD store based out of Toronto, Ontario, Canada, was struggling to manage a serious breach of company’s information systems. This breach jeopardized both the company’s reputation and its ability to provide service to its customers. It is very urgent to identify how and why this breach occurred, develop an immediate plan to ensure the firm minimized its risk against possible future attacks.

MAIN ISSUES

➢ Problems

• Technology

✓ IT has to be responsible for too many sectors

Lois Fairchild, the Chief Information Officer (CIO), and her IT team were responsible for integrating the variety of IT equipment and platforms, maintaining the point-of-purchase (POP) systems, designing the corporate and catalogue web pages (including the BookMart home page, online technical support pages, customer order pages and BookMart’s own site search engine), enabling the storage, delivery and retrieval of e-mail for their employees and the delivery of e-mail to their customers, as well as developing BookMart’s in-house IT systems (i.e. maintaining the systems and providing end-user training and support to BookMart’s employees, including those who responded to the 24-hour customer support telephone lines). Overall, Fairchild was responsible for overseeing 72 IT personnel, who were only divided into four teams: web development, internal customer support, external customer support and internal maintenance.

✓ The poor semi-private network

Both BookMart’s employees and their customers ultimately had access to the same connected system (due to the semi-private network that connected the private network to the public one), however, BookMart did not have adequate measures to protect its private network from being attacked from public network.

In addition, the internal customer support team did not implement an effective...