He then gave specific instructions
on how to exploit the company??™s network and connected systems. Problems could
have been avoided if the company had simply changed usernames, passwords, and configuration
parameters, but they didn??™t. During the FBI investigation, it was observed that
the former employee infiltrated American Eagle??™s core processing system that handled
online customer orders.He successfully brought down the network, which prevented customers
from placing orders online. This denial-of-service attack was particularly damaging
because it occurred from late November into early December??”the height of the
Christmas shopping season for the clothing retailer. The company did notice the intrusion
after some time and made the necessary adjustments to prevent the attacker from
doing further damage; however, significant harm had already been done.
One problem with this kind of case is that it is very difficult to prove howmuch actual
financial damage was done. There was no way for American Eagle to prove how many
customers were turned away when trying to access the website, and there was no way to
prove that they were going to buy goods if they had been successful at accessing the site.
This can make it difficult for companies injured by these acts to collect compensatory
damages in a civil action brought under the CFAA.
Pages:
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112