A utility company uses Prolexic to ensure its customers can pay bills online.
An online attack against a “large metropolitan utility company” shows how quick defensive actions can ensure continued customer service on the web, according to a recent case study from Prolexic Technologies Inc., which protects companies from web site attacks.
The problem stemmed from a distributed denial service, or DDoS, attack, which occurs when perpetrators attempt to knock a site offline by sending an overwhelming volume of traffic to it.
Though Prolexic did not immediately identify the utility, it says the attack began Feb. 17, and that the company serves 420,000 electric, 305,000 water and 230,000 sewer customers. The attack resulted in the company’s web site and pay-by-phone automated billing system going down for 48 hours. That meant some 150,000 consumers faced at least a bit of frustration because they could not pay their bills except by going to a utility office, Prolexic says.
“We have a dedicated I.T. team just to prevent this sort of thing, but no matter how well you build your system, there are people out there who will try to break it,” says a utility spokesman quoted by Prolexic. “The good news is that no customer information was compromised.”
Prolexic says that at 11 p.m. on the attack’s second day, the utility enlisted Prolexic to help fight the attack.
The vendor’s engineers conducted a series of technical responses that enabled the utility to connect to Prolexic. Once Prolexic rerouted the site’s traffic through Prolexic servers, which were able to identify and sort legitimate site traffic from the traffic generated by the attackers, the attack was mitigated in a matter of minutes and both the web site and pay-by-phone services were restored, the utility spokesman says. “Prolexic quickly ended what could have been a devastating blow to our customer service and our reputation for reliable service.”
The incident shows the expanding scope of web site attacks, the vendor says.