INFORMATION ASSURANCE AND SECURITY 1

Case Study No. 1

The phone rang, as it did about four times an hour. The first call of the day, from a worried user hoping
Amy could help him out of a jam, seemed typical. The call display on her monitor showed some of the
facts: the user's name, his phone number and department, where his office was on the company campus,
and a list of his past calls to the help desk.

“Hi, Bob,” she said. “Did you get that document formatting problem squared away?”

“Sure did, Amy. Hope we can figure out what's going on this time.”

“We'll try, Bob. Tell me about it.”

“Well, my PC is acting weird,” Bob said. “When I go to the screen that has my e-mail program running, it
doesn't respond to the mouse or the keyboard.”

“Did you try a reboot yet?”

“Sure did. But the window wouldn't close, and I had to turn my PC off. After it restarted, I opened the e-
mail program, and it's just like it was before—no response at all. The other stuff is working OK, but really,
really slowly. Even my Internet browser is sluggish.”

“OK, Bob. We've tried the usual stuff we can do over the phone. Let me open a case, and I'll dispatch a tech
over as soon as possible.”

Amy looked up at the help desk ticket status monitor on the wall at the end of the room. She saw that only
two technicians were dispatched to user support at the moment, and since it was the day shift, four
technicians were available. “Shouldn't be long at all, Bob.”

She hung up and typed her notes into the company's trouble ticket tracking system. She assigned the newly
generated case to the user dispatch queue, which would page the roving user support technician with the
details in a few minutes.

A moment later, Amy looked up to see Charlie Moody, the senior manager of the server administration
team, walking briskly down the hall. He was being trailed by three of his senior technicians as he made a
beeline from his office to the room where the company servers were kept in a carefully controlled
environment. They all looked worried.

Just then, Amy's screen beeped to alert her of a new e-mail. She glanced down. The screen beeped again—
and again. It started beeping constantly. She clicked the envelope icon and, after a short delay, the mail
window opened. She had 47 new e-mails in her inbox. She opened one from Davey Martinez in the
Accounting Department. The subject line said, “Wait till you see this.” The message body read, “Funniest
 INFORMATION ASSURANCE AND SECURITY 2

joke you'll see today.” Davey often sent her interesting and funny e-mails, and she clicked the file
attachment icon to open the latest joke.

After that click, her PC showed the hourglass pointer icon for a second and then the normal pointer
reappeared. Nothing happened. She clicked the next e-mail message in the queue. Nothing happened. Her
phone rang again. She clicked the icon on her computer desktop to activate the call management software
and activated her headset. “Hello, Help Desk, how can I help you?” She couldn't greet the caller by name
because her computer had not responded.

“Hello, this is Erin Williams in Receiving.”

Amy glanced down at her screen. Still no tracking system. She glanced up to the tally board and was
surprised to see the inbound-call counter tallying up waiting calls like digits on a stopwatch. Amy had never
seen so many calls come in at one time.

“Hi, Erin,” Amy said. “What's up?”

“Nothing,” Erin answered. “That's the problem.” The rest of the call was a replay of Bob's, except that Amy
had to jot notes down on a legal pad. She couldn't dispatch the user support team either. She looked at the
ticket status monitor again. It had gone dark. No numbers at all.

Then she saw Charlie running down the hall from the server room. His expression had changed from
worried to frantic.

Amy picked up the phone again. She wanted to check with her supervisor about what to do now. There was
no dial tone.

The next day at SLS found everyone in the technical support busy restoring computer systems to their
former state and installing new virus and worm control software. Amy found herself learning how to install
desktop computer operating systems and applications as SLS made a heroic effort to recover from the attack
of the previous day.

Questions
1. Do you think this event was caused by an insider or outsider? Why do you think this?
2. Other than installing virus and worm control software, what can SLS do to prepare for the next
incident?
3. Do you think this attack was the result of a virus or a worm? Why do you think this?

Reference
1. Whitman, Michael, Principles of Information Security, 6th Ed., 2018