Valdosta Daily Times

Community News Network

October 9, 2013

Teens hone hacking skills in contests

WASHINGTON — Computer-savvy teenagers are testing their skills in cyber-contests designed to teach them how to protect the government and private companies from hackers.

The events are sprouting up across the country under the guidance of federal officials who are keen to boost their agencies' computer-defense forces and high school teachers who want to prepare their students for high-paying IT jobs.

At Baltimore's Loyola Blakefield prep school, a team of students meets twice a week after classes to practice for the Maryland Cyber Challenge, which is being held this week at the Baltimore Convention Center. At the event, they'll have to debug viruses from their computer and defeat mock attacks by cybercriminals played by IT professionals.

"They work together as problem-solvers, and they really like the challenge," says Steve Morrill, the school's director of technology and coach of the cybersecurity team.

The contests include "Toaster Wars," an online hacking game sponsored by the National Security Agency, and CyberPatriot, a national challenge that has grown from nine teams in 2009 to more than 1,200 this year.

During the final round of the 2013 competition, staged last March at the Gaylord National Resort at National Harbor in Maryland, Kevin Houk and five classmates sat in a darkened room, huddled around a monitor and looking for any sign of attack. The teenagers, who at the time attended Marshall Academy, a program that draws students from public schools around Fairfax County, Va., were trying to prevent "black hat" programmers from activating hidden viruses in the students' computer network. The Marshall group had to protect its servers from outside intrusions and defuse ticking time bombs that may have been lurking inside.

"It's a lot like gaming, because you don't know what's going to happen," said Houk, who took computer classes at Marshall Academy. "You always have to keep on your toes."

Now a freshman at Penn State University, Houk hopes to become a cyberwarrior, someday protecting corporate or national assets and information from foreign invaders or meddlesome hackers. "Cyberwarfare is the war of tomorrow, and we don't have enough soldiers on the cyber battlefield," he said. "I just want to be one of those."

The Pentagon's Cyber Command is planning to expand its cyberwarrior force from 900 to nearly 5,000. But there's a hitch: Applicants must have exceptionally clean records. That means no arrests or expulsions for hacking into school computers or shutting down Web sites.

While students are taught advanced computer skills during the lead-up to these cyber-contests, they also receive training in computer ethics, according to Scott Kennedy, assistant vice president and principal systems engineering manager at SAIC, a defense contractor and computer security provider based in Northern Virginia. So serious are contest organizers about fair play that some students have been kicked out for getting into other teams' computers or defacing Web sites.

Houk and other students interviewed at the Gaylord contest say they know the line between a white hat and a black hat.

"We are trained in offensive security, or ethical hacking, but we do know how to monitor a network like a school and watch all the traffic going through," Houk said. "And if it's encrypted, we do know how to break that."

The advisor to Marshall's team calls himself a "gray hat," someone who knows the good and bad sides of cyberwarfare and security. Ryan Walters said he got into trouble as a young man for hacking into computers without permission and was given a choice by a judge to either go to jail or join the military.

"I joined the Air Force," said Walters, who now runs TerraWi, a small start-up specializing in security for mobile devices. "Six months later, I was doing cyberdefense for the military. I became very good at what I do because I understand how the bad guy thinks. I went from black hat to gray hat. I could never be a white hat."

Walters, who has more than 60 students enrolled in his after-school cyberdefense program at Marshall, said he teaches his students "the black-hat mentality; I'm not teaching them how to be bad guys."

Morrill, the Loyola Blakefield coach, also is concerned that some of the skills the students are learning could cause damage.

"I tell them: 'You guys better be on the good side, and you can earn a good living,' " Morrill said. "If we approach students at a younger age and instill those values, the country is going to be better off."

Walters says revelations about leaks by Edward Snowden about the NSA's domestic surveillance programs forced him and other teachers to revamp their lesson plans. In fact, during the summer, two of his students worked at Washington area defense contractors as systems administrators, the type of job that Snowden once held, albeit not with the same access to classified data.

"I teach that it's a bad thing" to leak, Walters said.

The growing interest in cyberdefense contests for young people comes at a time when Pentagon officials are warning about computer attacks from China and other nations.

And it's not just the government that is vulnerable. Utilities, power companies, tech firms, banks, Congress, universities and media organizations all have faced attacks in the past few years. In August, the Web sites of several news organizations, including The Washington Post, were hacked by a group calling itself the Syrian Electronic Army, which supports Syrian President Bashar al-Assad.

"The threat has evolved so quickly," said Diane Miller, director of information security and cyber initiatives for Northrop Grumman, which is a lead sponsor of the CyberPatriot contest. "It really has created a sense of urgency."

Northrop Grumman has hired 40 former CyberPatriot participants, including four who are working in the company's cybersecurity control center. "I tell the students that it's a position of trust," she said.

While most experts agree that introducing young minds to advanced computer skills is a good thing, some worry that the efforts need to be more broad than deep. They say that training a few highly skilled cyberwarriors is less important than having lots of people with adequate knowledge on how to avoid getting hacked.

"There's this tendency to go for the cream of the crop," said James Lewis, senior fellow at the Center for Strategic and International Studies and author of a recent study on computer security vulnerabilities in U.S. firms. "The debate is 'Do you need a team of computer special forces, like Navy SEALS or cyber-ninjas? Or something more like regular forces?' "

Other security experts say that computer defense skills aren't the weak link in the cyber-espionage game. It's the little everyday mistakes that cause problems — giving your password to a colleague or leaving your laptop in a cab, airport or coffee shop, according to Fred Cate, director of the Center for Applied Cybersecurity Research at Indiana University.

"We need people trained not just how to write code for stronger protections," Cate said, "but also systems to guard against human behavioral attacks."

1
Text Only
Community News Network
  • Screen Shot 2014-04-22 at 4.42.47 PM.png VIDEO: Leopard attacks crowd in India

    A leopard caused panic in the city of Chandrapur when it sprung from the roof of a house and charged at rescue workers.

    April 22, 2014 1 Photo

  • The top 12 government programs ever

    Which federal programs and policies succeed in being cost-effective and targeting those who need them most? These two tests are obvious: After all, why would we spend taxpayers' money on a program that isn't worth what it costs or helps those who do not need help?

    April 22, 2014

  • In cuffs... 'Warlock' in West Virginia accused of sexual assault

    Police in West Virginia say a man claiming to be a “warlock” used promises of magical spells to lure children into committing sexual acts with him.

    April 22, 2014 1 Photo

  • Cats outsmart the researchers

    I knew a lot had been written about dogs, and I assumed there must be at least a handful of studies on cats. But after weeks of scouring the scientific world for someone - anyone - who studied how cats think, all I was left with was this statement, laughed over the phone to me by one of the world's top animal cognition experts, a Hungarian scientist named Ádám Miklósi.

    April 22, 2014

  • McCain 1 House Republicans are more active on Twitter than Democrats

    Your representative in the House is almost certainly on Twitter. Your senator definitely is. But how are they using the social network? Are Democrats more active than Republicans, or vice versa? Who has the most followers on the Hill?

    April 22, 2014 1 Photo

  • Do your genes make you procrastinate?

    Procrastinators, in my experience, like nothing better than explaining away their procrastination: General busyness, fear of failure, and simple laziness are just a handful of the excuses and theories often tossed around. Now researchers from the University of Colorado Boulder have added another option to the list: genetics.

    April 21, 2014

  • Do White Castle prices tell us anything about the minimum wage?

    The paper looked at how many delicious steamed sliders the minimum wage has been able to purchase over time. The point is that as it notes, in 1981, the $3.35 minimum could buy a whole dozen. Today, at $7.25, it could purchase just 10.

    April 21, 2014

  • VIDEO: Moose charges snowmobile, flees after warning shot

    While snowmobiling in New England, Bob and Janis Powell of Maine were charged by a moose and caught the entire attack on camera.

    April 21, 2014

  • Can Hillary Clinton rock the cradle and the world?

    What's most interesting to contemplate is the effect becoming a grandmother will have on Hillary's ambition. It's one of life's unfairnesses that a woman's peak career years often coincide with her peak childbearing years.

    April 21, 2014

  • Smartphone kill switches are coming

    Smartphones need kill switches. It's a relatively easy solution to the pricey (and irritating) problem of smartphone theft. But who would have thought that the big carriers would team up with Apple, Google, Microsoft, Nokia, Samsung and lots of other manufacturers to voluntarily begin adding the technology by July 2015? The cooperative spirit! It makes so much sense!

    April 18, 2014

Top News
Poll

Given the amount of rain recently, what's your favorite “rain” song?

Singing in the Rain
Purple Rain
Have You Ever Seen the Rain?
November Rain
Rainy Night in Georgia
Other
     View Results