Hacker High School

Can schools teach computer security without turning kids into cybercriminals?

5 min read

Teens often explore the world by tinkering with it. How can you channel that impulse and turn it into real engineering? Send them to Hacker High School.

It’s not a real school, of course. The Institute for Security and Open Methodologies (ISECOM), a nonprofit technology research organization based in New York City and Barcelona, uses the allure of hacking to teach kids computer security through an open-source curriculum. "I’m trying to make students resourceful," says Institute managing director Peter Herzog. "We don’t spoon-feed them."

Herzog knows this firsthand. As a child, he was a self-trained hacker. Even his toy cars didn’t go unhacked—he once put a solar panel on one. In 2001, following stints as an engineer for Intel and IBM, Herzog applied his do-it-yourself ethos to launching the Institute. It grew out of the Ideahamster Organization, an online community of engineers with a tongue-in-cheek name for the people responsible for innovation.

After disseminating their own security solutions, the group began a certification and training program for businesses, schools, and government agencies that’s been used by organizations as large as Wal-Mart and the U.S. military. The group’s Open Source Security Testing Methodology Manual OSSTMM) is now a widely used standard, particularly in South America and Europe. Its adoption brought to light a similar need at the educational level. "A lot of young people had no clue about what hacking really was," Herzog says. "For us, it’s about really deeply understanding something operationally so you can manipulate it the way you want to."

Herzog launched the Hacker High School curriculum in 2004, with funds from ISECOM and fees from OSSTMM certifications. Despite its name, the program is designed to be used by elementary and middle schools as well. Over 100 schools around the world are already on board. The goal was to equip kids with the means to defend themselves against ID theft, malware, and other online attacks.

The group worked with an academic partner, La Salle Ramon Llull University, in Barcelona, as well as the open-source community online. Jaume Abella, a professor of engineering at La Salle, says Hacker High School is an effective way to both attract students into the field of computer security and educate them about the line between legal and illegal hacking. "We teach them to be careful," he says.

Rather than function as a textbook course, HHS stresses exploration and innovation. "A lot of computer science classes make students look up answers themselves," Herzog says, "but if you know what you’re looking for, you’ll only find what you expect." To participate, teachers need Internet-connected computers and the HHS lesson plans, which are available for free online. The syllabus begins by introducing students to the concept of ethical hacking and continues with such topics as ports and protocols, attack analysis, and digital forensics. The entire coursework—a dozen lessons in all—can be completed in as little as six weeks.

Exercises test students’ understanding of the material on multiple levels. A lesson on e-mail security, for example, teaches students to identify the level of cryptography used in their own messaging program. That same lesson may also ask them to contrast opposing views on technological openness from Phil Zimmermann, creator of the Pretty Good Privacy software (better privacy through better cryptography) and science fiction author David Brin (computers have killed privacy; get over it). For a lesson on malware, students go online to find examples of boot sector, polymorphic, and macro viruses. They must also determine how Code Red, Nimda, and other famous worms exploited software vulnerabilities.

Students investigate problems on a test network that HHS has created. Herzog built it himself out of a motley collection of personal computers by adding a backup power supply, five Ethernet cards, and 4 gigabytes of RAM running a variety of operating systems. A additional set of rack-mounted servers, donated by Dreamlab Technologies, of Switzerland, are housed at La Salle. "It gives them a safe place to try things," Herzog says.

With everyone spending more and more time online, the need for computer security knowledge is only increasing. In addition to updating the lesson plans, Herzog and Abella are hosting HHS intensive training sessions at La Salle for high school students from around Spain. Dimas Galih Adrianto, a student from La Salle, says the program has brought a necessary freshness to computer studies and, most important, stimulated his interest in programming. "It’s helped me a lot in my learning," he says. Another student, who prefers using his online handle, JFFTantra, calls the material "indispensable" and says it has deepened his understanding.

An effort is under way to make the HHS program required in all high schools throughout Switzerland. That might seem to some to open Pandora’s box, but for Herzog, the risk of vulnerability outweighs the threat of students becoming hackers in the bad sense. "I’m not concerned they will use this for evil," Herzog says. "That’s like saying a carpentry class will teach someone to be a serial killer. I don’t see the connection."

If there is a connection, teachers seem to find it manageable. "I always tell my students that everything they learn can be used for both good and not-so-good purposes," says Sam Black, a computer science instructor at Lubbock High School, in Texas, who uses the Hacker High School curriculum in an advanced placement computer class. "The real test is how they choose to use their knowledge," he adds.

Graeme Stevens, an information technology specialist teacher at Swans International Sierra Blanca in Málaga, Spain, teaches the HHS course to his senior students. Students are asked to sign a code of conduct before participating, and violations are prosecuted. Stevens has been pleased by the way students have taken to the idea that there’s bad hacking and good hacking. He says he finds that "many of them are quite outspoken against illegal hacking. In fact, they are almost evangelical about it!"

Eric Brown, a teacher who has integrated the HHS curriculum into his computer basics classes at Keokuk High School, in Iowa, believes that teaching ethical hacking was not a threat. "It shouldn’t matter if a student figures out they can telnet to port 25 on the mail server and tell what mail server is running there, or how to wget a file from their home network share," Brown says—these are examples of things that the kids were doing anyway.

"It has given them ideas and things to look out for at home and also on to their careers," says Gerard MacManus, a computer science instructor at Papatoetoe High School, in Papatoetoe, New Zealand. "It has also given them an awareness of their legal and moral responsibilities. Plus, they also like the fact that when you say ’Hacker High School’ really fast it sounds like ’hack a high school.’"

Calling the program Hacker High School has proved controversial. Brown, the teacher in Iowa, recalls that his principal’s eyes "shot wide open" when he told him the name of the curriculum.

"Some schools in America don’t want to do it because of the name," Herzog says, "but without the name, who can you attract?"

About the Author

David Kushner is an IEEE Spectrum contributing editor who also writes for Wired, Rolling Stone , and Mother Jones. He’s the author of the bestselling book Masters of Doom: How Two Guys Created an Empire and Transformed Pop Culture.

To Probe Further

Where does Hacker High School belong on IEEE Spectrum’s hacker matrix?

The Conversation (0)

Q&A With Co-Creator of the 6502 Processor

Bill Mensch on the microprocessor that powered the Atari 2600 and Commodore 64

5 min read
Bill Mensch

Few people have seen their handiwork influence the world more than Bill Mensch. He helped create the legendary 8-bit 6502 microprocessor, launched in 1975, which was the heart of groundbreaking systems including the Atari 2600, Apple II, and Commodore 64. Mensch also created the VIA 65C22 input/output chip—noted for its rich features and which was crucial to the 6502's overall popularity—and the second-generation 65C816, a 16-bit processor that powered machines such as the Apple IIGS, and the Super Nintendo console.

Many of the 65x series of chips are still in production. The processors and their variants are used as microcontrollers in commercial products, and they remain popular among hobbyists who build home-brewed computers. The surge of interest in retrocomputing has led to folks once again swapping tips on how to write polished games using the 6502 assembly code, with new titles being released for the Atari, BBC Micro, and other machines.

Keep Reading ↓ Show less

Spot’s 3.0 Update Adds Increased Autonomy, New Door Tricks

Boston Dynamics' Spot can now handle push-bar doors and dynamically replan in complex environments

5 min read
Boston Dynamics

While Boston Dynamics' Atlas humanoid spends its time learning how to dance and do parkour, the company's Spot quadruped is quietly getting much better at doing useful, valuable tasks in commercial environments. Solving tasks like dynamic path planning and door manipulation in a way that's robust enough that someone can buy your robot and not regret it is, I would argue, just as difficult (if not more difficult) as getting a robot to do a backflip.

With a short blog post today, Boston Dynamics is announcing Spot Release 3.0, representing more than a year of software improvements over Release 2.0 that we covered back in May of 2020. The highlights of Release 3.0 include autonomous dynamic replanning, cloud integration, some clever camera tricks, and a new ability to handle push-bar doors, and earlier today, we spoke with Spot Chief Engineer at Boston Dynamics Zachary Jackowski to learn more about what Spot's been up to.

Keep Reading ↓ Show less

McMaster Engineering: Transforming Education and Fostering Research With Impact

By adding new faculty and developing innovative approaches to its curriculum, McMaster solidifies its world leading position in engineering

3 min read

The Faculty of Engineering at McMaster University in Hamilton, Ont., Canada is aiming to build on its ranking as one of the world's top engineering schools by expanding its recruitment of both tenure-track and teaching track positions across multiple departments. This broad initiative is expected to continue the growth of McMaster as a leading destination for innovative teaching and research.

Keep Reading ↓ Show less

Trending Stories

The most-read stories on IEEE Spectrum right now