Can you train kids to be good ‘hackers’? DefCon hopes so

For the first time a hacking conference in Las Vegas offered a kids track. Spanning two days, the DefCon conference let kids 8 to 16 explore security flaws in computer and gaming platforms they use every day hoping to convince them to be good hackers instead of bad.

The kids listened to lectures from officials at the Department of Homeland Security and the National Security Agency and much more.

From USA Today:

“Wolfgang Kandek, chief technology officer of vulnerability management firm Qualys, brought his son, Filipe, 14, with him to Vegas, to participate in DefCon Kids. Dad came away with these observations.”

“My 14 year old son attended DEFCON this year for the first time and he took part in DEFCON Kids. On Saturday he was in the Social Engineering Capture the Flag (CTF) contest where he was teamed up with another 10 year old participant and had to solve a 6-step scavenger hunt. The scavenger hunt involved decryption of secret messages, collection of information from multiple people on the DEFCON show floor and a good dose of critical thinking.”

“On Sunday he participated in the classroom sessions – at the end his favorites were “When you can remember your locker Combination” by Deviant and “Coding in Scratch” by Chris Hoff.”

“As a parent I loved seeing the interest sparked in my son by the challenges and class interactions. All instructors were extremely competent and focused on the benefits of gaining a real understanding of the technologies involved and when appropriate they discussed the moral and ethical questions involved (i.e. lock picking and social engineering).”

From PC World:

“There is another side to the hacking coin, though. In an “it takes a thief to catch a thief” sort of way, we need people with those same skills, and that same sense of wonder and curiosity–but with better ethics and a truer moral compass. We need hackers who can find the same holes as the malicious hackers, but work to plug them and protect systems and data rather than exploiting and compromising.’

“Cameron Camp, Researcher for ESET, says ‘Young hackers need to be convinced that hacker life is rewarding without going to the “dark side”–that interesting careers are to be had working for the good guys,” adding, “To that end, we see recent efforts from Google and Facebook at providing bounties to incentivize hackers for finding and reporting bugs, not exploiting them.’ “

“The Defcon kids track is an awesome idea. It’s a wonder it took this long to introduce such a concept. I expect the kids track at future Defcon conferences to have greater attendance, and hopefully we will all benefit one day from raising a new generation of hackers.”

About 60 kids took part. Their parents had to be there too.

This is something Walsh would love. He would be totally in!

Would your kid like this type of conference? Do you think you can train kids to be good hackers instead of bad?

48 comments Add your comment

Really?

August 11th, 2011
8:00 am

That’s a great idea for the constant gamer. How to hack into secure sites. Oh yea, won’t that be fun when the military gets hacked, the CIA, etc…..oh I feel so safe…

Now the little fatties who sit in front of video games, have a future.

Father Jane Goose

August 11th, 2011
8:18 am

The little fatties who are gamers have almost no interest in learning how a computer works and operates. Sure, take your kid to Vegas to learn this stuff. Then when the little butter ball bundle of joy hits 15 mom and dad will be “shocked” when Junior hacks into the country club’s mainframe and dad has to settle the dispute by bailing out the little porker. Walsh would love it, awwwww.

Lori

August 11th, 2011
8:31 am

Wow, such hate already and only 2 posts!! Not all gamers are lazy little fatties with no motivation. My nephew was invited to the state championships for a game he plays (yes, they do really have gaming competitions, not just in the movies). However, his is very thin, has an IQ that was considered “unmeasurable” because he’s so smart, is in college studying biochemistry (wants to cure cancer), and is a pretty cool kid. I’m sure he would have loved a convention like this a few years back when he was in that age group. Yes, you can teach hackers to be good. The CIA recruits just those kids of people!

Topher

August 11th, 2011
8:43 am

Anyone every heard of a CEH certificate. People who setup poor network and internet security need to be shown that their laziness effects others lives. And if they didn’t set it up right in the first place or can maintain it correctly they need to be shown where they went wrong.

motherjanegoose

August 11th, 2011
8:49 am

Not me…technology is not my forte…. if I had to be there…it would NOT be happening!

motherjanegoose

August 11th, 2011
8:51 am

@ JATL…I read your post…just what I have been talking about…thanks for sharing.

Jeff

August 11th, 2011
8:54 am

What is the true motive for the hacking? To prove it CAN be done? Ok. But if your true motive is to take something, no. Then again, we’re talking about moden parents and we know how whacko some of them can be. Have you seen videos of parents encouraging and cheering for their childs to fight?

Lori

August 11th, 2011
9:05 am

Jeff, I very seriously doubt that the parents who encourage their kids to fight are the same parents of kids who have the mental capacity to attend a convention of this nature.

jarvis

August 11th, 2011
9:10 am

I’m going to take my son to this conference in 2016. He’ll be 9 by then, and I figure he can make a fortune beating up kids and stealing their lunch money.

Techmom

August 11th, 2011
9:33 am

I’m all about showing kids what job opportunities are out there and if they know they know they can put their skills to use in a career then sometimes that’s the motivation they need. The key is whether these kids have ethics and won’t be doing more harm than good once they learn to hack.

abc

August 11th, 2011
9:51 am

It’s not that the hackers are so good; it’s that the programmers, developers and engineers are so bad. If they considered secure practices in their development, design and deployment, the obvious holes in security wouldn’t be there to exploit. I think the reason that they aren’t better is that their management pushes them to produce and release on unrealistic schedules — along with incompetence and sloth at all levels. I’ve worked in technology for 20 years, it’s like a live action Dilbert cartoon.

omghax

August 11th, 2011
10:19 am

Jeff and jarvis, the motive for hacking is the same as it is in any serious craft: to understand and solve a series of demanding and interesting problems. There’s the same primal joy in finally working around a security system and seeing your solution in action, just like there is in building your own house, cooking a fantastic meal, or landscaping your own house. The only difference is that instead of houses, hackers build locks, alarms, and keys.

And it’s important that we do build those things, and build them well. Otherwise how can we protect our homes or our bank accounts against casual invasion and burglary? You certainly can’t just hide and cross your fingers that nothing bad happens. A crazed gunman uses a gun to shoot up a school, but cops and park rangers also need them to stop violent crime or and deal with dangerous animals.

I’m guessing you guys aren’t heavily plugged into the tech scene. There isn’t anything wrong with that. Most people don’t need to be. But outsiders often don’t realize that lockpicking and locksmithing both use the same set of skills. The difference is in their upbringing and values, which all comes down to parenting and mentoring. By training children to hack in an organized environment, we can teach them the ethics of the trade at the same time they learn their skills, creating more, better locksmiths – and hopefully, fewer burglars.

Tiger Ochocinco Mellencamp

August 11th, 2011
10:22 am

I read recently about another kid that would have not been spared the derision of the first posters here. this kid spent a lot of time learning how to effectively write code and programs. His interest was so intense his parents got him a a tutor to help him with his skills and he worked really hard at it. The kid’s name was Mark Zuckerberg. By 17 he had written a program that Microsoft had offered him seven figures for and a job. He declined and went to Harvard instead.

So lay off the kids who exhibit an aptitude for computer programming and code writing…they’re not all fat gamers who sit around playing mario bros. And code writing involved in hacking is no game, it on par with learning chess and advanced mathematics. But I imagine the people here who jumped straight to the gamer comparisons wouldn’t spare them any tolerance either.

As far as teaching a good hacker from a bad one…that’s just where morals and ethics from home come from. In college, the professor of one of my accounting classes told us the purpose of his class was to show us every way he could in 4 months to steal from a company so that some day we can spot it when auditing other companies. What we did with this knowledge, he said, was up to us.

Tiger Ochocinco Mellencamp

August 11th, 2011
10:27 am

Anyone ever hear of stuxnet? I for one hope this hacking craze takes off and we have a country full of programmers and code writers who can identify and stop things like this when they eventually land on the doorsteps of our country. The genie is out of the bottle, and this kind of warfare is the future. Ironic that the speculation is that the US and Israel started it.

mom2alex&max

August 11th, 2011
10:28 am

@abc: my husband is on that boat too. He recently told me he can’t even read Dilbert anymore, it’s not funny because it is true. And the deadlines are real. The push these programmers to meet impossible deadlines thus ending with sloppy work.

motherjanegoose

August 11th, 2011
10:31 am

Off topic…but a way to show kids that diligence and hard work can pay off:

http://shine.yahoo.com/event/poweryourfuture/kathryn-stocketts-the-help-turned-down-60-times-before-becoming-a-best-seller-2523496/

To me, this is something I always want my own children to know. We have frequently had the discussion here that when folks look successful, it is more often HARD work mixed in with a little luck vs. LUCK mixed in with a little hard work. There are exceptions!

Sorry for the interruption.

@ Tiger…it is always good to know what your competition is up to and I think today’s topic can also illustrate that to children…right? I am simply not technical.

abc

August 11th, 2011
10:34 am

Stux is a US DoD development, tailored especially for Siemens SCADA systems used by nuclear facilities in Iran. It’s an example of how poorly engineered systems like that can be. Now imagine Diebold ATMs and automated voting machines are 10 times worse. Now imagine that web-based applications with databases — like your supposedly secure online banking — have next to no real security at all. HTTPS can be cracked on-the-fly with stuff you can buy from Sophos or McAfee.

As security conscious as I am, my debit card still got ripped by a waiter using a portable scanner. He sold the information to another guy who bought $800 of food from campusfood.com — and then had it delivered to his address! He even paid his T-Mobile bill with it. The bad guys aren’t necessarily the smarter ones, in fact, they are most often not that bright, and that includes black hat hackers.

MomsRule

August 11th, 2011
10:36 am

omghax and Tiger both expressed what I was thinking much better than I could. Well stated.

Tiger Ochocinco Mellencamp

August 11th, 2011
10:42 am

@mjg……unless I’m in vegas or playing the home poker game I stick to what my dad always told me…”luck is when preparation and opportunity cross paths”.

Tiger Ochocinco Mellencamp

August 11th, 2011
10:45 am

@abc…Stux was never “officially” claimed by DoD, was it?

motherjanegoose

August 11th, 2011
10:49 am

@ Tiger…I agree!

We have known lots of people who look at success and say,
“they are so lucky!” Perhaps but they probably worked their fannies off to get there.
I frequently have people tell me, “You are so lucky to be able to do what you want to do!”

HAHA…most anyone can do what they want to do but not everyone can get paid to do it.
OR NOT…I am working THREE days this month and also only getting paid for THREE days.
Good thing I saved some of my money. Things are picking up in the fall…hoorah!

I admire anyone who has a passion for something and will see it through to success, no matter what the obstacles. Even the topic today would perhaps require hard work and passion to be a success and if a child has the fortitude to do it legally, then that is amazing!

jarvis

August 11th, 2011
10:54 am

omghax, I was just making a joke. I don’t condone bullying the intelligent….or the unintelligent for that matter.

JATL

August 11th, 2011
10:54 am

Actually we have a friend who was at this conference and who makes a nice living as a “good” hacker for a major computer corporation. There is a future in it! I don’t like the situations of pasty kids who are allowed to game 24/7 either, but an interest in gaming and technology is okay! It may turn into a career your adult child loves (and is paid well for -keeping them out of your basement!). And no, this friend of ours is no “fatty” but is a well-rounded individual as far as interests go.

abc

August 11th, 2011
10:55 am

As with most all state-sponsored espionage, nobody’s going to officially claim responsibility. It was ours, though. While the specific exploits it employed were blocked by code mods, it demonstrated that SCADA systems can be hacked such that things like critical power grid components go haywire while the control modules that are user interfaces show that everything is working fine. Our grid is vulnerable, too. Stuxnet targeted uranium enrichment systems, causing centrifuges to become broken.

shaggy

August 11th, 2011
10:58 am

I really don’t understand the gamer thing as a lifestyle. However I must agree with Tiger that we definately need the smartest nerds we can muster, if we are to defeat the rest of the world’s nerds….and they ARE coming for us. The Insurgent nerd. The militant nerd. The “I just want to kill Americans” nerd. They ALL really exist.

So, if Theresa’s kid is the greatest hacker nerd of all times, got his inspiration from DEFCON, and heads off disaster for us all. I am ALL for it and would personally hug him for doing it.
This world is dangerous, and getting more so as time goes by…..

Wayne

August 11th, 2011
11:09 am

I recently read in Discover, at least I think it was in Discover, where there are whole towns geared towards ripping you off.

I get constantly asked how come I got this virus/malware – I thought you said I was protected. No, what I said was you are reasonably protected. If there are scores of folks out there that are looking to ‘break’ your computer so they can make a buck, they are going to win.

I also wonder why these folks can’t use their power for good. I know. I answered my own question in the above paragraph.

jarvis

August 11th, 2011
11:16 am

I think there is a secret virus programming department at McAfee. Their job is to keep the company necessary.

shaggy

August 11th, 2011
11:39 am

Does anyone really rely on McAfee anymore? Kaspersky or TrendMicro Titanium here. I like something that is actually supported in today’s timeline, not 1998.

Uncle Jane Goose

August 11th, 2011
11:54 am

Outside of carnal relations, women really are not good for much. Can you imagine living with these women who post on this blog?

MomsRule

August 11th, 2011
11:55 am

Jarvis, I’ve thought the same thing about McAfee and others! LOL

JJ

August 11th, 2011
12:04 pm

Hey Uncle Jane Goose, without us women, you wouldn’t be here.

Techmom

August 11th, 2011
12:41 pm

Unfortunately McAfee is great at selling their services to large corporations. I’d hate to see the bill my company pays annually for 26k laptops.

jarvis

August 11th, 2011
12:46 pm

@Techmom, I agree. I work for my third large employer. All 3 have used McAfee.

jarvis

August 11th, 2011
12:48 pm

@JJ, the same could be said to women about men, no? And we do most of the work in that. :-)

shaggy

August 11th, 2011
1:21 pm

jarvis,

“And we do most of the work in that.”
I spend about 50% of my fun time working and the other 50% being “worked”…when I bring home precious metals, it’s 100% being worked.

JJ

August 11th, 2011
1:39 pm

@jarvis – EXCUSE ME??????? Men do most of the work in that…..oh no you didn’t……..

Wayne

August 11th, 2011
1:42 pm

We use McAfee here. Mostly because it was cheap when we got it years ago and it’s centralized. Cost a super-huge bundle to change over. We checked. In my side business, I use MS Security Essentials. No bloatware (McAfee, Symantec, etc.) here. Although I do use Corporate version of Symantec in smaller sites, but only AV, no other junk allowed.

It’s amazing the lengths that bad guys will go to get your information. I’m on the fence about the Defcon thing. I like the idea to get kids more involved in how it all works, and they can hear from objective (mostly) folks about the powers of good vs. evil. But I think it’s bad as some kids might look at it as a way to make some money going the bad way.

I could just be spouting off and rambling.

Or, Tiger and motherjane...

August 11th, 2011
2:11 pm

…as many of my old coache used to say, “luck is a significant by-product of preparation – the better prepared you are, the luckier you get”……

HB

August 11th, 2011
2:22 pm

I agree, Wayne, and can’t make up my mind about it either. I think it’s possible to give kids too much info. There’s was a study a while back about DARE that I think was kept kind of quiet — it showed that 10 or 15 years later, kids that went through the program were more likely to have abused drugs. Seems the program peaked their curiosity about drug use and it’s raised questions about how much detailed information about drugs should be presented to kids. I wonder if this might fall into the same category and if there are better ways to cultivate interest in building the skills needed for this type of work than presenting it as becoming hackers for the greater good.

Wayne

August 11th, 2011
2:27 pm

@HB: there ya go. That’s what I was rambling about…

Tiger Ochocinco Mellencamp

August 11th, 2011
3:00 pm

@HB and Wayne…while we’re at it…I can’t disagree strongly enough.

Should we discourage our children from pursuing athletic excellence because of the allure of performance enhancing drugs to get even better? Should we shield them from chess because Bobby Fischer was the biggest jerk to ever walk the earth? Hold off on sex education until after they’re already really interested because the knowledge might pique their interests?

Maybe I’m the odd man out here, but I believe our job as parents is not to deny our kids knowledge but rather allow them to embrace and cultivate knowledge in a responsible way. Now granted, there are age appropriate times for some things, but overall, I believe when kids begin to show interest in something, I think that is the time to address it….not ignore it for fear of what “might” happen.

Jeff

August 11th, 2011
3:08 pm

Maybe I made the wrong link between burglary ad hacking. I was thinking stealing within a computer. Yes, parents who raise their kids to fight probably aren’t mentally capable of being programmers, etc. The point I was making was the intent of the hacker themselves.

And, yes, you can do the textbook (haha) best at parenting and your child can still turn out to be a criminal. But you do your best with a good conscience.

HB

August 11th, 2011
3:59 pm

Whoa there, Tiger. Who said anything about holding off completely on teaching certain subjects, ignoring interests, or discouraging excellence? I just think sometimes we sometimes tell kids too much too soon. I came through school a few years before DARE, but similar programs were starting, and for the life of me, I can’t figure out why they told us as much as they did. We had entire programs, often presented by police officers, where confiscated paraphanalia was brought in for show and tell, we were told what drug each piece used for, and how it was used in an effort to warn us against drugs. Really? Is that the best way to “warn” a 10-year-old? By showing them lots of drug-related toys? I think kids can be warned about the dangers of drugs without an “as much knowledge as possible” approach.

By the same token, I’m just not sure that a broad “hack for good” message is the best way to go about this when talking to kids. It may be ok (like I said before, I haven’t made up my mind), but I wonder if kids could be encouraged to develop these types of skills without it being blatantly presented at a conference as “how to hack computer systems, but please don’t do it for the bad guys”.

Tiger Ochocinco Mellencamp

August 11th, 2011
4:22 pm

@HB..I think we’re going to have to agree to disagree on this one. I think I just have a different take on it.

HB

August 11th, 2011
4:45 pm

Fair enough. :)

longtimelurker

August 11th, 2011
7:55 pm

Devil's Advocate

August 12th, 2011
12:41 am

People bring stereotyping and politics into everything. By the logic of some here, teaching a kid how IT security works will make him an evil hacker the same way as a parent teaching a kid how to shoot a gun will make him a cold blooded killer. Stay ignorant America while the rest of the world hacks you daily…

Hey Kids, Come to Defcon!- IPLJ

August 12th, 2011
2:53 pm

[...] new generation of hackers, but will these kids turn into good hackers or bad hackers? Read about it here, here, here, and [...]