Hacker typing on a laptop

By: Andrew Toney,

The Internet grows every second. Companies collect data from clients and store it on vast online databases, online shoppers trade their credit card numbers for groceries, and grandparents upload embarrassing pictures of their grandchildren on their MySpace pages. Some browsers create accounts on various websites that they may never visit again, leaving sensitive data behind a password less creative than my first-grade niece’s art projects. The Internet is meant for fun right? Much of the information that we share online is relatively meaningless, but, when we do provide sensitive data, we expect the web designers to keep that information a secret, right? So what are we, the consumer, supposed to do when covert criminals smuggle our data into their own hard drives? This blog post explores the expanding cyber-security industry, the protection of our privacy, and the new challenges emerging from our reliance on the Web.

Yahoo Inc. recently reported that 500 million of its user accounts were stolen in 2014, in what may be the largest data breach in the history of the Internet.[1] News has also broken on the Democratic Party’s recent frustration with hackers, who they believe have intercepted Party correspondence for over a year.[2] The most recent instance of online sabotage has come from the largest target of all – the White House. Government officials reported that they were currently “looking into” a cyber breach after a scan of Michelle Obama’s passport was posted online.[3] It would appear that the frequency of cyber attacks has not changed; indeed, cyber attacks are as old as the Internet itself. Rather, the sophistication and devastation of recent attacks has the US government and major companies sounding a call for action.

Many solutions offered by the government thus far have created a game of give-and-take between server security and rights to privacy. A highly contentious bill, the Cyber Intelligence Sharing and Protection Act (CISPA), is currently being debated in Congress.[4] CISPA is aimed at curbing cyber attacks by creating a data-sharing system between private companies and the federal government.[5] CISPA would allow major companies to share sensitive data with the government in order to identify and exterminate potential cyber-threats. Companies who agree to share client data would be free from any legal ramifications stemming from the release of sensitive client data.[6] Opponents of the bill point to the broad language defining a “cyber threat,” contending that an event as small as a spam email could warrant the release of personal information from local to federal authorities.[7] The original form of this bill was shot down in 2012 amid obvious concerns regarding Internet privacy. However, CISPA is making headway in the legislature as cyber attacks continue to threaten sensitive data held by major companies.

Private companies specializing in cyber-security technologies have taken a different route that may reduce such an impact on Internet privacy. An Israeli-based firm, Illusive Networks, is currently developing a system designed to misdirect hackers while simultaneously tracking their movements.[8] The design creates a series of false “doors” that hackers may choose to exploit in an attempt to reach a data payload in a valuable company server. If a hacker chooses the wrong door, then the company can detect the mistake and begin tracking movements on a simulated computer system.[9] The system is ultimately designed to frustrate hackers away from big business databases, but it also allows trackers to understand new methods used by hackers in order to prepare for future attacks. Of course, there is also a possibility that experienced hackers can avoid simulated systems in their infancy, further exposing sensitive company data.

The cyber security industry is experiencing rapid growth and for good reason. Huge companies are being exposed to legal action from their clients due to a lack of data protection, while classified documents held by the federal government are being leaked to the average Joe. The climate of fear surrounding this issue will certainly lead to some change in the near future. Will we allow our legislators to solve this issue for us, or will power ultimately fall to the engineers and programmers in the private sphere?

 

[1] Dustin Volz, Yahoo Says at Least 500 Million Accounts Hacked in 2014, Huffington Post (Sept. 22, 2015, 2:52 PM), http://www.huffingtonpost.com/entry/yahoo-hack-500-million-accounts_us_57e4278ce4b0e28b2b52da7f?section=us_technology.

[2] Ruth Sherlock, Russia Hacked Democratic National Committee Computer Network and Obtained All of its Trump Research, Telegraph (June 14, 2016, 7:45 PM), http://www.telegraph.co.uk/news/2016/06/14/russia-hacked-democrat-national-committee-computer-network-and-o/.

[3] Michelle Obama’s Passport Scan Posted Online in Apparent Hack, Telegraph (Sept. 23, 2016, 12:16 AM), http://www.telegraph.co.uk/news/2016/09/22/michelle-obamas-passport-scan-posted-online-in-apparent-hack/.

[4] H.R. 234 – Cyber Intelligence Sharing and Protection Act, Congress.gov, https://www.congress.gov/bill/114th-congress/house-bill/234/text.

[5] Jordan Pearson, America’s NewCybersecurity Agency Can’t Function Without CISPA, Vice (Feb. 10, 2015, 4:49 PM), http://motherboard.vice.com/read/americas-new-cybersecurity-agency-cant-function-without-cispa.

[6] Id.

[7] Jason Koebler, The New CISPA is Identical to the Old One, but the Political Climate is Scarier, Vice (Jan. 9, 2015, 11:44 AM), http://motherboard.vice.com/read/the-new-cispa-is-identical-to-the-old-one-but-the-political-climate-is-scarier.

[8] Lance Higdon, Cybersecurity Professionals are Using Misdirection to Combat Hacking, Vice (May 2, 2016, 11:33 AM), http://motherboard.vice.com/blog/cybersecurity-professionals-are-using-misdirection-to-combat-hacking.

[9] Id.

Photo Source:

http://uwf.edu/media/cybersecurity/Cyber-Security-(2).jpg