Author Topic: N.S.A. Summer Camp: More Hacking Than Hiking  (Read 2864 times)

0 Members and 1 Guest are viewing this topic.

Offline keystrOke

  • All systems are corrupted
  • New Member Group
  • *
  • Posts: 9
N.S.A. Summer Camp: More Hacking Than Hiking
« on: July 18, 2015, 11:22:09 AM »

ARLINGTON, Va. — This is not your typical summer sleepaway camp.
Bonfires and archery? Try Insecure Direct Object References and A1-Injections.
The dozen or so teenagers staring at computers in a Marymount University classroom here on a recent day were learning — thanks to a new National Security Agency cybersecurity program that reaches down into the ranks of American high school and middle school students — the entry-level art of cracking encrypted passwords.
“We basically tried a dictionary attack,” Ben Winiger, 16, of Johnson City, Tenn., said as he typed a new command into John The Ripper, a software tool that helps test and break passwords. “Now we’re trying a brute-force attack.”
Others in the room stumbled through the exercise more slowly, getting help from faculty instructors who had prepped them with a lecture on the ethics of hacking. In other words, they were effectively told, do not try this at home.

As campers around the country sleep under the stars and dive into mountain lakes, 1,400 youths have packed their overnight bags or lunchboxes for a very different experience.
They are attending dozens of free overnight and day camps across the country supported by the N.S.A., better known for its bulk collection of Americans’ phone records and its spying on foreign leaders. Like the C.I.A and other elite intelligence agencies, the N.S.A. has for decades recruited on college campuses and run collegiate programs, but this summer the agency is making sure that middle- and high-school-age students — and some teachers, too — are learning how to hack, crack and defend in cyberspace.
The goal of GenCyber, as the summer camp program is called, is to catch the attention of potential cybersecurity recruits and seed interest in an exploding field as more and more of the nation’s critical transactions, from warfare to banking, move into the realm of cyberspace.
N.S.A. officials say building the next generation’s cyberspace work force is a matter of national security, as a string of massive breaches at the federal Office of Personnel Management and private companies have highlighted. Studies anticipate the need to fill hundreds of thousands of new cybersecurity jobs in coming years.
That includes jobs with the N.S.A., which has its own worries about filling recruitment quotas these days because of increased competition from higher-paying private companies and bad publicity after Edward J. Snowden, the former N.S.A contractor, leaked a trove of classified documents showing the agency’s surveillance programs as far more extensive than most Americans knew.
“These kids are the ones that are going to be building the next products that we all rely on, the things we can’t even imagine will exist in the future,” Steven LaFountain, the head of the N.S.A.’s in-house College of Cyber and the leader of the camp program, said in an interview at the N.S.A.’s heavily fortified headquarters in Fort Meade, Md.
“If they have just a little bit more understanding of security when they’re doing that,” he said, “I think it will make the products that much better.”
With the help of a seed grant from the National Science Foundation, the agency started a small pilot program under Mr. LaFountain’s direction last year, sponsoring six camps at colleges and universities.
This summer it has expanded to 43 camps, and about half of the 1,400 students are girls.
Mr. LaFountain hopes the program will grow to 200 camps in all 50 states by 2020.
So far there has been strong interest, he said, given the long waiting lists for the camps this year.
The N.S.A. gives each camp loose guidelines, but largely leaves it up to the colleges and universities and the instructors running them to decide which topics and exercises to cover. Unlike other popular programming and engineering camps, though, the N.S.A. also mandates that GenCyber camps be offered free of charge.
At California State San Bernardino, where there is an N.S.A. camp open only to local Girl Scouts, campers will build, program and fly drones. Campers at Norwich University in Vermont will put together their own computers.
And here at Marymount University, where campers are staying in dorms for their two-week program, visits to the N.S.A. and a security operations center break up classroom time.
The idea — and the challenge — of the camp, according to its head, Diana Murphy, a professor of information technology at Marymount, is to first teach students how to hack, so they can understand and defend against attackers they might encounter in cyberspace.
“It’s a fine balance for me as a teacher, because you have to teach them some of the hacking techniques, and layer that in with an ethical discussion,” Ms. Murphy said in an interview before camp began.
“They are most interested in the attacking things.”
A packed schedule of activities — lectures on network forensics, student presentations on protecting private accounts, and what turned out to be a high-volume debate on the ethics of Mr. Snowden and WikiLeaks — drive critical points home.

“One of the things you have to discuss — since you are going to rule the world in a couple years — is, is this good or bad?” Ms. Murphy said she repeatedly tells campers.
Mr. LaFountain said the agency would not make sales pitches to campers, but hoped that the work of the agency would be enough to lure them into the field.
“We’re not trying to make these camps something to make people pro-N.S.A. or to try to make ourselves look good,” he said. “I think we’ll look good naturally just because we’re doing something that I think will benefit a lot of students and eventually the country as a whole.”
Back at Marymount, a group of campers crowded around a lunch table did not seem all that concerned about the spy agency’s reputation.
They said they were just happy to get to stay on a college campus with other tech-savvy students their own age while learning skills their high schools back home were not ready to teach.
“I’d definitely take this camp over a basketball camp,” Garvan Vines, 15, of Bowie, Md., said as he finished a bite of a sub sandwich. He said he was trying to decide between a career in cybersecurity and one in programming, so he hoped that the camp, his second GenCyber camp of the summer, would offer a good sampling of those alternate paths.
Besides, he said, “at basketball camp they are mostly just giving you the same instructions over and over.
“This is, like, progressive.”
Andy Lieu, 17, of Denver, picked up where his lunchmate left off.
“At a basketball camp, everyone’s trying to better themselves,” he said. “Here you have to collaborate and work as a group.”
Others around the table nodded in agreement, including Allyssia Dela Cruz, 15, who was in her second year at cybercamp.
“To be honest, if you were to ask,” she said, “I think most people here spend more time on the computer than playing sports anyway.”
I aim to be different, do my own things- and do them well.