Slashdot Mirror
After-School Hacking Special
securitas writes "The NY Times writes about an after-school program that teaches teenagers how to hack, attack and defend systems. There doesn't seem to have been the same uproar as the virus-creation course at the University of Calgary (see previous Slashdot thread), even though the participants in Tiger Team (the name of the program) are younger than the university students."
Sounds like a very interesting program. If someone is serious about system security, this seems like the best way to learn.
I think the program directors argument should qualm any skeptics.
"Some of them grilled us pretty heavily on the concept of, 'Well, aren't you training hackers?' " he said. "I go, yeah. I have a black belt in martial arts. If I wanted to be a bad guy, I could go and hurt people. But I don't do it. That's not the emphasis of the program."
"I can not bring myself to believe that if knowledge presents danger, the solution is ignorance" - Isaac Asimov
Can someone post the google link?
Yeah! Finally we after-schooler AD&Ders have a group nerdier than us to beat up!
Trolling is a art,
I would have loved to go to a highschool offering programs like this. It really would have given me something to do other than being a marching band dork. On the other hand, band was one giant orgy, so maybe its best that I stayed away from computers at that point in my life.
And one time... in band camp... we hacked the white house and asked GWB if he was out of TP.
Little Johny: Hey, Jimmy try this script out. First one is free tell your friends.
If you educate talented kids on how to defend systems you could produce some very valuable assets to the future security community. Learning how to hack goes hand in hand with learning security because you need to have the same level of knowledge as the hackers (preferably better). If they can see the profit potential of using this knowledge for good then they will probably be swayed from the dark side.
After learning how to break systems fom a prominate IDS designer, I can honestly say that I will design much more secure systems myself. Becuase of my age, I don't feel the need to go out and try what we learned on real systems to see if I can cause havoc.
However, I wonder why the adults behind this "after school program" think that kids will have the same degree of responsibility that university students do when learning these things. What is to keep them from going out and writing viruses, unleasing them upon the Internet and generally causing lots of trouble after learning how to "protect" systems.
didn't have any spinny flaming skulls on it, and their wasnt a single biohazard sign anywhere! :(
I severely doubt it's integrity and capability with regard to teaching me the kiddie skillz I need to get by on IRC nowadays!
- DemonShadowHa>0rSpawnNeo
--------------- THERE IS NO SPOON
--------------- HACK THE MPAA RIAA AND AA
The problem with slashdot is that most of its users were bullied and stuffed into lockers as kids!
Timmy: Hi Susie!
Susie: Hi Timmy! Wanna go get a malted milk?
Timmy: Nah, I've got something keener to do.
Susie: What then?
Timmy: I don't think you would get it.
Susie: Come on! We're best friends, right?
Timmy: OK then. I'm gonna go home and hack.
Susie: (pause) Gosh Timmy! You shouldn't hack!
Timmy: Why not?
Susie: Hackers are theives and cost lots of folks money! They're akin to a device that breaks the lock on your house!
Timmy: Aw shucks, you're so old fashioned. I gotta go, see you tomorrow.
[ Susie walks away sadly. ]
[ The next day... ]
Teacher: Rodney?
Rodney: Here.
Teacher: Susie?
Susie (sadly): Here.
Teacher: Timmy?
[ silence ]
Teacher: Susie, do you know where Timmy is?
Susie: I sure do, Mrs. Martin. He went to jail.
[ murmurs from the classmates ]
Susie: He was downloadin' music and stuff, and he got caught. He's really in a darn pickle now.
Teacher: Class, let this be a lesson to you all. Good kids don't hack. If somebody asks you to hack, just say, "I don't hack. That's whack."
NY Times was hoaxed. A yet-to-be-identified prankster took a script for Mary Kate and Ashley action cartoon about an evil-kids hacker school, and submitted it to the Times as a press release.
And now the story is being spread as true!
Best Windows Freeware
It's great to teach others, but without the background, or the teaching of consequenses (I can't spell worth a damn), that could bite the school in the arse.
Why worry? Each of us is wearing an unlicensed "nucular" accelerator on his back.
Sig changed for readability by G.W.
We'll soon see an ABC Afterschool Special about hacking? That'd be hilarious!
The Blaster Master Fighting for Truth, Justice, and Evil Pie since 1979
it's the nytimes like you can believe anything they say...
for their own sake I hope none of these kids or teachers has any family from, ever visited or bought a ticket to, ever browsed a website from, ever borrowed a book about, ever read an unofficial news article about or ever in any way whatsoever has had any connection to, the middle east (except for israel of course).
:-)
I'm still of the mindset that the best way for high school kids to learn things is on their own. No matter what, throughout high school, the most I learned was all on my own time. I didn't have ANY courses in my school about anything related to computers (except a "typing" class), so, in an effort to actually try and challenge myself, I ordered a few books off of Amazon.com, and taught myself C++. And, I think that if I had access to a class that simply taught C++ with proprietary textbooks and software, I wouldn't have appreciated the experience nearly as much.
Trent Polack
www.polycat.net
...in school and already being turned into fully fledged FTGs (Furry Toothed Geeks).
Watch this get shut down the instant some newly initiiated script kiddie hacks the school computer systems and defaces their website... The web's greatest game is free again, www.planetarion.com to sign up!
Tiger team.
Anyone else see visions of the football team, glee club and chess team in an ad-hoc alliance, beating the living shit out of the "tiger team"?
I don't need no instructions to know how to rock!!!!
The more people who know this, the better. If system defense becomes general knowledge, presumably the number of effective crack attempts, etc., will go down. Moreover, if people know how to take advantage of security holes, maybe Microsoft et al. will learn to take security more seriously--there would just be too many people who could put pressure on them.
(Of course, everyone should learn how to use their computer to do simple things first, but that's another story.)
I'm curious where they get their teachers. In order to make this program worthwhile (IE - the kids learn something about security), you would need someone with some significant experience and knowledge.
I know that I was in high school a few years ago, the head netadmin/sysadmin was worse than pitiful, a MS Certification only type of person. The only systems he ever hacked into were those in a computer game. Granted, I did go to private HS, and IT was not at the top of their budget priorities.
Regardless, it brings up a good point of having competent people teaching these types of classes, and how difficult it is for schools feeling the budget crunch to find competency.
We can then hope that industry picks these students up and listens to them. Some companies won't like what the clueful have to say about their software. But every other company in the world needs to hear it.
Friends don't help friends install M$ junk.
Ari Fleischer (holding hands over ears): "What's that horrible noise?"
Server Tech : "I don't know, sir! It started about 3:15 pm - right after school got out..."
Webserver: "We're gonna ZOOM, ZOOM, ZOOMA, ZOOM..."
Everyone will start to cheer when you put on your sailin' shoes.
Were you boys all playing the skin flute?
*sigh*
I can remeber when I used to say I was a hacker and that was a good thing. That was back when hacker was closer to the dictionary, a hacker or hack was someone who worked long hours.
This grumpy old man moment was brought to you by...
Come the revolution, the Bourgeois, Capitalistic, "A PARKING STICKER HOLDERS", will be first against the wall!
Wasn't everyone throwing a fit about N.Korea doing this, in a slashdot article this week?
this program sounds great, teaching kids about security and all, but it would seem to open the school up to potential liabiltiy should one of their students get caught hacking the wrong person's computer. you gotta wonder how closely these kids are screened, or at very least their temperments - potentially training the next set of black hats could be a disaster. it would be a great start for people to learn if they want to get into the security business, but what a shit storm will result if these kids take it too far.
just my thoughts...
That is so hilarious! Unfortunately, when a computer gets involved, people actually do freak. Try here for supposedly true examples. When I opened a PC in front of a teacher, though, she FREAKED OUT BIG TIME. I got her to back off, but still...
There are plenty of people (and dare I say many of them read and post on this very site) with the expertise to teach this kind of material, but who believe that an insecure system is an open invitation to wreak havoc on it. Hiring a responsible teacher is equally, if not more, important than making sure that the right messages are part of the cirriculum.
"Ask not what your country can do for you." --John F. Kennedy
mopping up the sarcasism
It's all fun and games until someone loses the key to the handcuffs.
I can relate to this from personal experience.
:-( [we theorized that he learned afterwards that Linux was Haxx0r material, so he banned it, but we'll never know for sure :-) ].
During my high school years, I had been banned for a time from using computers at the school library, only because of my programming knowledge was superior to that of the teacher of Computer class (this was 1994 - the guy even thought the Net was an useless fad!). Rumor must have spread that I could hack a machine by looking at it, or something of the sort, since they didn't want me near a two-meter radius of any terminal. At first I didn't give a damn since I limited my computer stuff to home and that class...
However at some point the professor hired some "security expert" consultant to assess threats to the network, and my name appeared on top of a list of people who allegedly had "hacking tools" in their network space. This was too much (I only used it for school papers, and I could prove it) and I had to go to the professor and threaten to sue for libel. Of course I didn't had to go so far, since the professor apologized, removed my name for the list, and restored my normal access to the library computers. Since then I didn't have any problems (even the librarians asked for help afterwards).
What the moral of this story? Ignorant professors == bad news. If kids are smart enough to want to learn hacking, or programming, then they should allow their creativity to be expressed. Or else you will fall into idiotic situations like what I have lived.
PS: As a matter the fact the professor, much to his credit, at some point offered to create a "Linux club" (1995). However, the college grad supposed to sponsor the club dissapeared after the first meeting... so we never had anything...
The ENIAC Demo Competition
- There signifies location/existence. - "I fucked your mother over there."
- Their is the third-person plural posessive (along the lines of my, your, his, hers). - "They all blew their loads in your mom's skanky twat."
- They're is a contraction of "they are". - "I'd take a turn using your mom, but they're using all her available holes."
Let's put it all together now... " They're shoving their cocks in your mom over there, in the alley."Seriously, this shit isn't that fucking hard. Why don't you try paying a bit of attention to the language we've all agreed on, you fucking retard?
This sounds like the North Korean story from a few days ago, so here are lines from both stories and you can guess which article the students are from:
- "White-hat Hackers" or "Cyber terrorists"
- "hunger stricken" or "fortified with pizza"
- "another weapon" or "band of pickpockets"
- "creating mischief" or "training hackers"
Not a fair comparison, I know. All of the above is out of context.
Esteem isn't a zero sum game
... what a hacker is: http://catb.org/~esr/faqs/hacker-howto.html
if i had a class where i was incuraged to wright code at a young age, dayum! ~you know how dangerous would i be now? :-
This idea is a clever one but will never take off. From what I've heard of Mr. Robinson's company he lacks the expertise in some of the "higher-level" blackhat ideas. I doubt his kids will be able to do much, except maybe bypass a HTaccess file or play script kiddy. If you really wish to teach "hacking" you need experience in the "darkside" as well as the white. Get inside the box, perhaps?
Back when I was a youngster and the very first ABC Afterschool Specials were being aired... for 'commercials' we had such wonderful gems as: "Conjunction Junction What's Your Function", "I'm Only a Bill", and "Lollie Lollie Lollie Get Your Adverbs Here".
What cute little music videos will the new generation bring? Perhaps something along the lines of "Rootkit Randy Goes to Jail", "Virus Vinny He's Such a Ninny" and "You Can't Ride A Trojan Horse" (sung to the tune of Eagles' "You Can't Hide Your Lyin Eyes")???
Good. The more such hacking and virus writing schools will be around the world the less chances Windows will have to survive on the market.
All other OS vendors (including/especially OS teams) are adapting quickly (Apple even abandoned their old crap in a favor of BSD), while Microsoft still sticks to the old mix of DOS and VMS.
Of course the law also will catch up, but that would be really slow. Especially counting the fact that Internet is already international, while the law is not. So, until the law will work we have to live in the anarchy and chaos of hackers, virus writers and, of course, spammers (BTW, not spammer courses around yet?).
I would say, every bad enough guy kills at least two Windows installations: one s/he works on, the other he cracks. The more bad guys the less Windows market share.
I never thought about cyber-bad guys in so good sense. Usually I have to defeat them and thus I hate them. But now I think different (TM).
Does anyone find that I am wrong here?
Less is more !
Good lord, was everyone's band experience like this? I wonder what the demographic overlap is that causes high school marching bands to always turn into oversexed free-for-alls. Not that I minded that, of course. :)
There also seems to be an obsession with Monty Python humor in marching bands. Hmmm...
-1, "1337" speak
While many adults want to shelter our children from anything that may harm them, I would advocate teaching children (at an appropriate age) how to responsibly make use of dangerous tools. These would include using a firearm, various contact sports, martial arts, chemistry, computer security, and so on. Of course, there are morons who will mis-apply their karate or hacking skill, but then there will be many more trained peers to counter them.
If everyone is equally stronger and more knowledgable, the entire system is stronger. The world cannot be populated with softies who leave security to the "experts".
- James
I remember when being a hacker involved a tree and an axe.
The Kruger Dunning explains most post on
here you go
you haxored their assignements? l33t!!! i'll bet you get hella chixors!
black hat haxors are so fucking cool i just pissored my pantsors!
Uhh, I think he meant haxor. I guess this interview was conducted over the phone. I know fact checkers are not computer people... but why not let a computer person read the article before printing it? What not-so-benign mistakes are being slipped into your governmental overlords' newspaper diets?
I absolutely hate the word "hacking" when used in the media. Its my experience that the people who use the word usually dont know what they're talking about. The person teaching this course is a security analyst, so Im somewhat skeptical of his knowledge in the subject. I work in a wireless information networks lab where most of the people here have hundreds of patents under their belts and too many PhDs to count. Its funny how the people here (one who actually was a founder of the sparc linux project) dont consider themselves "hackers" and when asked what one is the common response is "its a buzz word to discern people with and without a clue".
I have the strong suspision that all this after school program is doing is showing kids how to play with libpcap based programs and how to use nmap. If thats what qualifies a person to be a "hacker" then we're all in trouble.
Anyone have any contact information? I am actually interested in pursuing something like this in my area. Give the teens something to do this summer.
---
It was a book to kill time for those who liked it better dead.
hee hee (with apologies to Schoolhouse rock)
}} c0NjUNCT1oN JUNCT10N, Wh4T'$ y0Ur phUnction?
hOOkIN9 Up WORd5 aNd PhR4s35 4ND CL@u5e5.
}} C0nJuNC+10n junc+1oN, H0w'5 THAt Func+10n?
1 90+ THREE pH@voRIte C4r5
+H4t 93+ M05+ 0pH My J08 D0N3.
}} CONjUNC+1on juNctiON, WH@t'5 +h3ir PHunCt1On?
1 go+ "4nD", "bu+", 4ND "Or",
+hEy'll 93+ j00 Pr3Tty faR.
"aND":
+H@T's @n @DDi+Iv3, liKe "+hI5 @ND Th@t".
"BU+":
th4t'5 50R+ 0F +h3 OPPo$1+3,
"nO+ +HIS *8uT* TH4+".
4Nd +hen Th3RE'S "or":
O-R, wh3n j00 H4Ve 4 chOIcE liK3
"Th15 0r +H4t".
"4nd", "But", 4ND "0r",
G3+ J00 pR3++Y pHAr.
No, reelly I don't!
why couldn't they start this in canada? I'd love to go in that kind of program
Err... um no all marching bands are not like that... In fact while I've known several I've never seen one like that... Maybe you should try linking location? That might be a better guess for the similiarity...
we are all invisible unless we choose otherwise
At least college students are (hopefully) smart enough to want to learn something serious about computers. With highschool kids, 95% of them would be content with having a button saying "break into someone's system" that would do just that. However, we hope that in our nation's universities, students are taking the computer classes because that is the field they would like to go into, and as such they will refrain from doing stupid things. My college offers a security class, but there is no way to take it before at least your 4th semester in school, and AFTER you know C++, Java, Assembly language, and have the department approve you. And they don't teach you how to hack either. Sure you will come out of the class knowing how to break into some systems, but the focus of the class is not on cracking, but securing a network or a computer. The kids in NY public schools are just going to become script kiddies. We have enough of those already.
I was just at my highschool editing some video things and the top computer teacher asked me how to use the format command in DOS, he didn't know what it would do. I also had to install computer equiptment for him. When I was there a couple of years ago I didn't take any computer courses and I still had access to the entire network. Teachers don't know what they're doing, they teach word processing and that's about it.
has more dents than your head.
:)
Go away if you know what's good for you.
retrorocket.o not found, launch anyway?
Well the obsession with Monty Python humor is valid, but the orgy experiance never happend in my marching band, except for some reported debachery that happend in the (mostly male) drum line.
Now drama, that was where the orgys were happening at my school, atleast according to many independantly verified reports.
Can I Play With Madness?
Let us spread amoung the population more script kiddies, more DoS attackers, more clubies!!! ./el8h4x0r.sh and to hide all their scripts in the ./.../ directory tree!
LETS TEACH THEM HOW TO RUN
Yes, H4x0rv1ll3 H1gh sch00L will be a great place for all!!!
*folds arms and gives an approving grin*
If anyone has any questions about the Tiger Team, I am on the Board of Directors and would be glad to answer them.
Heh, marching bands, helping ugly people get laid in high school since 1903.
I'm the big fish in the big pond bitch.
How can you effectively teach these kiddies not to use their knowledge for performing illegal activities? Will ethics be included in this course? Do you have a course syllabus you would like to share?
I don't necessarily see a problem with this. How many 'white hat' do the same things every day in test labs and for clients? This could be good career training for them. However, I've observed kids often view hacking, etc as something cool to do, without thinking of the consequences. While they're running this program, they should be teaching ethics and legality. Otherwise these kids might take this program as a license to hack.
--
Luck is just skill you didn't know you had.
For those who are interested, the Information Security Foundation website is at www.isfound.org. Be gentle, it is not a large machine. You might have better luck with the Google cache. It can be found here
Is the curriculum available to others so that they can implement the program elsewhere?
...you'd be if you'd had a class that taught you to spell.
Most likely, the teacher involved with a program like this is the defacto 'resident tech' of the school, being the one-person network admin/troubleshooter/etc. Having a face and personality assosciated with 'The Admin, my Enemy' can give a whole new perspective to the 'up-and-coming' hacker. This can be good or bad ('y'know, X isn't so bad, maybe I shouldn't target the school' vs. 'Oh, I -hate- that fscker, time to bring on the hurt'), but at least it can bring up the point that there's a real PERSON behind that box they're hacking. If done right, clubs like this can help cultivate the 'old-school hacker mentality' by having in-depth discussions of ethics, legalities, etc.
We live in a world where 'morals' are generally defined by social groups. If a kid getting his feet wet is exposed to nothing but script kiddies and their sites, just guess which way he's most likely to turn out...
There's no wrong way, to eat a Rhesus...
How does a chemestry teacher teach kids not to make bombs. How does a physics teacher teach kids not to make projectile weapons. How does a music teacher teach kids not to make rap music.
--- If the bible proves the existence of God, then Superman comics prove the existence of Superman.
That's PBS's Cyberchase, and yes, it gives hackers a bad name.
GROGGS: alive and well and living in
We have all the students sign an agreement, we teach 2 class sessions on ethics, one session on laws, and frequent anti-hacking reminders between classes.
Any student who engages in unlawful use of a computer, during classes or outside of classes, faces immediate expulsion from the program.
Not at the present time. This is our first run through, and we do hope to take the program national in the near future.
How does can an effective teacher control the use of the knowledege she/he places in the hands of adolesents?
Your analogy is wrong, this is more closely like a chemistry teacher teaching how to make bombs, a physics teacher how to make projectile weapons, and a music teacher how to make rap music.
If this class was about computer security then your analogy would hold true.
Could someone please provide the NYT no-account-required-to-look-at-our-pages hack?
This is my sig. There are many like it, but this one is mine.
username:anonymoose1 password:aaaaa
You should use AdiumX on your Mac.
And to commence feeding: your comment on hacking experience being bad is totally groundless: I wouldn't trust an architect who couldn't tell me the points in a building vulnerable to bombing, and I wouldn't trust a sysadmin who didn't have at least a basic knowledge of hacking techniques.
That's it. I'm no longer part of Team Sanity.
We've released a statement outlining our position. Happy Reading...
No sig for you.
That's true, but not for the reasons you put forth.
So, until the law will work we have to live in the anarchy and chaos of hackers, virus writers and, of course, spammers (BTW, not spammer courses around yet?).
The law will no more catch up to cracking than it will catch up to murder. It will always be possible.
The more bad guys the less Windows market share.
That does not follow. It only takes a few malicious people to screw the M$ monoculture. The more knowledgable people there are, the fewer people will use M$. I don't see this place creating bad guys, I see it teaching people skills they can use one way or another.
A security plan involves the follwoing things:
While other schools are teaching dummies how to use VB script, this one will learn why they should not.
Friends don't help friends install M$ junk.
Um.....yes..........Who thought up the name "Tiger Team"? And did they consider the social consequences in a High School environment?
Buy Steampunk Clothing Online!
Weird because all of them I have known were just like that. I never was in marching band but I had a lot of friends that were and my girlfriend (different school) was at one time. I heard more crazy sex stories from them than any of my other frineds. It does make sense though. There are girls and guys traveling together and staying in hotels together. Then when I went to college it was the same thing. One of my friends from high school went to the same college (state school) that I did and it was the same thing all over again. I met some kid on my floor who was in band and he always had a new band girl on his arm. They may be dorks, but they've screwed a lot of other dorks!
Time makes more converts than reason
Act your age, it must have been George Sr.
Not
G. W.
Come on, give me a break.
These must be Tiger Beat Teams
---teet? A teet hacker? COOL, I can't code but I got that 7337 action down way back in high school, I can reach around a girl and one handed undo them ^&*(!!#@ bra straps slick as you please. I get "root" then, well, at least usually. Now I am an important member of the elite hacking community. Where's my 90 grand job now?????
I took a modern dance class once at the local community college. ALL girls except moi. My beer guzzling buddies were razzing me serious heavy until I reminded them of this particular datum: "dozens of graceful and very physical sweaty girls in little skimpy outfits, and I get to hang out with them and pick them up and swing them around and stuff" then they STFUed about it.
Good Question. Andy Robinson, the originator of the program thought up the name. A lot of time was spent considering the social consequences in high school. In many ways, the kids attracted to the program are already less socially active with many high school peers, because they are into computers. We hope this environment actually helps them learn teamwork because it requires a lot of interaction among the team members.
I seem to find the less people tend to do their research, the more ridiculous they sound on Slashdot.
Perhaps people decided not to bother going to the ISF website?
Today, I set up an Apache server and beat the bloody hell out of it. Throught this, I learned new things and applied the lessons. When the other team gets to hacking the Apache server, I'm going to learn something that I didn't know existed.
Perhaps over-reliance on the New York Times (which, as most now know, isn't a very reliable source) tends to give people a demonized or skewed image of what the whole program is trying to accomplish.
Oh, and a note to the AD&Der's: As a teenager with built up rage and paranoia, I could devour your miserable soul, after taking a +10 elixer and Pills of Sleepless Nights (No-Doz).
Love and kisses,
-Dave C.
He may be a crazy right-wing lunatic, but at least he's OUR crazy right-wing lunatic.
it's the word "virus."
Good Question. Andy Robinson, the originator of the program thought up the name.
Just to clarify Frank's post, I didn't originate the term "Tiger Team." It has been used for some time to describe the "red team" in both physical and electronic security evaluations.
Andy
From the NYT
"Working as two teams, the teenagers play a virtual game of capture the flag, trying to crack the other team's network and do damage while defending their own. An honor code keeps them from creating mischief outside their labs."
If you screw around outside on your own time you might not get to play with your friends. This is the only threat that gets my 14 year old son moving.
The guy teaching the course has a computer security company of his own so I bet he is a great role model for future "white hats."
Read the info and make useful comment.
If you can't find the contact info on your own, you're unqualified. I mean, sheesh.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Do you think frosted flakes are g-r-r-r-reat?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Hello again Erik. Don't worry, your secret about your sexuality is safe with me. I won't tell anyone that Erik Rucker likes little boys.
See you at church.