Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Black Hat

Why Teaching Kids to Hack is a Good Thing

Teaching How to Hack Computers

The More We Understand About How the Bad Guys Operate, The Better off We Will Be…

Teaching How to Hack Computers

The More We Understand About How the Bad Guys Operate, The Better off We Will Be…

I recently had the opportunity to visit Singapore and speak at a variety of IT security events, both big and small, on the subject of modern malware and network-based attacks. The subject matter was fairly dense and the audience was primarily made up of researchers, government policy makers and network security specialists. However, one thing that I noticed was that all of these events included significant numbers of high-school and college students in the audience. This struck me as a particularly smart strategy, even if some of the details went beyond their level of education.

Singapore has recognized that cyber-security skills in particular will be highly strategic for the foreseeable future, and they are taking the effort to teach students about the very real-world challenges in the security landscape. This goes beyond simply teaching students how to be safe on-line; it is also preparing a new generation of cyber-security specialists that will be on the front lines fighting future information attacks. I think this is a good start that could even be extended. I believe teaching offensive approaches to security (a.k.a hacking) is going to become increasingly important for all levels of IT security students and professionals in order to be prepared for modern attacks.

Of course the idea of teaching someone how to hack almost always generates a negative visceral reaction, because the assumption is that you intend to teach someone how to become a criminal. I’m certainly NOT arguing that we raise a generation of cyber-criminals.

However, an understanding of hacking no more makes a criminal than an understanding of karate makes someone use the discipline maliciously. Either skill has the potential to be misused for bad things, but likewise, each skill can also make the student better prepared if and when bad things happen. IT security threats certainly aren’t going away. However, even more important than simply being prepared for the bad-guys, a hacking methodology is simply one of the best ways to learn about technology. Great scientists, inventors and thinkers have always been tinkerers – the people who if given a radio, are apt to take it apart to find out how it works. This is what a great deal of hacking boils down to – learning how a thing actually works based on how it breaks, and how it can be repurposed. In this sense, hacking is simply applied critical thinking about technology and security. Unfortunately, the overwhelming trend is toward less understanding and critical thinking about technology, even while the use and dependence on that technology is increasing.

The past two decades have seen the rise of “consumerization” where technology has evolved to suit the needs of a non-technical consumer and obscure the underlying nature of how it works. The end-user is presumed to be dumb and any technical details should be hidden whenever possible. All that an end-user needs is a basic understanding of what features are available and how to drive the user interface, and in many cases this qualifies as being technical.

A hacker’s mentality is needed in order to provide good security. When the next great product, app or widget pops up that purports to solve a problem and of course claims to be “safe”, a healthy portion of society needs to be able to ask the critical questions about that product. How could it break? How is the data stored? What technologies and protocols does it use? How does it depend on the browser? What information does it need to share? And how could that ultimately be used against me? Without such skills and experience it’s hard for security teams, much less a consumer, to be anything more than a foil for marketing departments… and one more sitting duck for the bad guys to hit.

Along those lines, I’m pleased to see that DEFCON Kids is scheduled to be back again at this year’s upcoming DEFCON event. DEFCON Kids is all about teaching kids about the importance of white-hat hacking – why you need to look for and disclose vulnerabilities, and what you can learn about technology in the process. While this is a good start, it’s also probably pretty limited in scope (it is, after all, a kids event scheduled in Las Vegas in the midst a very non-kids event). However, I think a broad application of this type of education is increasingly important, and one that can be started early. The more that we understand about how the bad-guys operate, the better off we will be.

Related ReadingHelp! I Think my Kid is a Script Kiddie

Written By

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...