CVS. Anthem. Internal Revenue Service.

The list of recent big-name companies and government agencies that have experienced data breaches goes on—and the odds are good that your personal information was compromised this year.

As of September 1, 2015, the Identity Theft Resource Center reported 533 known breaches for the year, exposing more than 140 million records to potential fraud. (To compare, for all of 2014, there were 733 breaches affecting 85.6 million records.) “We’re seeing at least one major data breach a week,” said Eric Griffith ’92, features editor for PC Magazine.

Learn more about distributed denial of service attacks:

“If you trust your information to a giant corporation or a government agency, you’re taking a gamble,” Griffith said. “But what choice do you have?”

It’s not just the number of breaches that has people like Griffith on high alert; it’s also the disparate methods and motives. “The Obama administration has basically said we’re in a fullblown cyberwar with countries like North Korea and China,” he said. The hack on Sony Pictures last winter and the attack on the government’s Office of Personnel Management in June are prime examples.

On a personal side, consumers could find themselves a target simply for holding a particular opinion. Said Griffith: “It’s a world where all it takes is someone out there with a grudge and a little bit of skill—and not much skill at that.”

Ithaca alumni are working on the front lines, in roles that pit them against hackers trying to steal data—or suppress free expression. “Everyone should be able to have their voice heard on the Internet,” said Marc Howard ’11, a computer science engineer with Google’s Project Shield, which protects human rights groups, news outlets, and other websites from certain forms of digital attacks.

Learn more about Project Shield:


Awareness is key. “People are getting numb to it. They don’t think it’s going to impact them—but it could,” said Griffith. And much of the burden to safeguard our data still falls on us. As hackers turn to more sophisticated tactics—like spoofing free Wi-Fi hotspots to gain access to data on users’ laptops and smartphones— it’s important not to be blasé about cybersecurity. “We’ve all learned about Nigerian princes,” he said. “Probably not many people fall for those emails anymore. But people can’t just go on the Internet and trust everything they see. You can’t click every link that comes to you.” 

Below: the Digital Attack Map that Marc Howard's team developed.

Click on the words 'Digital Attack Map' below to view complete map.

MAPPING THE ATTACKS

In mid-July, computer monitors in Howard’s Google office in New York City offered a glimpse of realtime cyberhostility: streaming lines composed of colored dots crisscrossed the globe, indicating different kinds of Distributed Denial of Service (DDoS) attacks targeting and stemming from different countries. On that particular day and moment, there were large attacks leveled at sites in 16 countries, including the United States, Canada, and France, and unusual activity aimed at entities in Gibraltar, New Zealand, Qatar, and others.

The map underscores that digital attacks are taking place constantly, even if they rarely make the news.

“These attacks are happening literally all the time,” said Howard. “Websites around the world are subject to illegal censorship every day, and this will continue unless we, as a world, make a radical change in how we react to crimes on the Internet.”

Howard first became interested in engineering as a child. “Building things has always been a passion of mine,” he said. To him, Ithaca College seemed like a natural fit because he could get hands on experience right away—which he did, combining his computer science major and aspects of his physics, history, and psychology minors for projects.

Among them was a study on how people interpret email and a software application to help psychologists reach a diagnosis based on symptoms and other indicators from the first meeting. “Ithaca was a place where I could get stuff done,” he said. “That was a big draw.”

After graduating in 2011, Howard went to Columbia University to get a master’s degree in computer science and decide on his next step, which turned out to be launching a startup called InteractAble. As his fledgling business’s chief technical officer, Howard created tablet games to help kids who have been diagnosed with autism learn social skills.

He jumped to Google in 2014, joining the Google Ideas team, whose projects focus on protecting freedom of expression and access to information. “I get to write software that helps protect people from digital attacks,” said Howard. “But the scope of the team is larger than that. Anything I can think up that can help keep people informed and free to express themselves—we can make it happen.”

Google’s Project Shield is is part of that protection, keeping human rights groups, independent news organizations, and hundreds of other sites safe from attacks. Shielding these groups is both easier and more effective than trying to catch hackers in the act for potential prosecution.“[Catching hackers] is difficult, very political, and requires legal authority that many organizations do not have,” said Howard.

Google’s teams identified some sites as needing protection; others have reached out for help. Many are abroad.

“You can imagine if you’re in a place that’s having a lot of conflict and you’re blogging or reporting about the things that are going on that the powers don’t want to get out, they’ll take down your site using digital attacks,” he explained. Howard and his team are working to prevent that, he said, “so that hopefully the world opinion of what’s going on can be as informed as possible.”