Advertisement

Where Hackers Teach the Art of Self-Defense

At a little school in Paris, regular Joes learn how to protect their cyberspace.

January 29, 2002|SUSAN CARPENTER | TIMES STAFF WRITER

They call it the Hackademy. The so-called hackers school, on a dead-end street in a residential Paris neighborhood, is run by wiz kids who crack computer security codes as a sort of cyber-sport. Now they're taking what they've learned to the computer illiterati--regular people with a limited understanding of technology.

"We are trying to make the underground go overground," said a 23-year-old instructor who calls himself Fozzy, his English thick with French during a telephone interview. "Some hackers, not many, want to ... keep things [secret]. Us, we don't want to do like this. We want to give everyone the real picture."

While the school is small and in only one city so far, the Hackademy sees itself on the forefront of a coming consumer market--educating private individuals who want to defend their cyberspace.

Hackademy courses are taught in French, but they will soon be offered in English, due to interest from British and American computer users. The school's teachers are also considering offering English-language classes online.

FOR THE RECORD
Los Angeles Times Friday February 8, 2002 Home Edition Main News Part A Page 2 A2 Desk 1 inches; 35 words Type of Material: Correction
Hackademy computer school--A story in Southern California Living Jan. 29 about the Hackademy computer school gave an incorrect address for a related Web site. The site that lists computer security breaches is http://packetstormsecurity.org.

As opposed to "black hats" (or "crackers" who break systems with malicious intent) and "white hats" (who discover system vulnerabilities and alert owners to fix the problem), the Hackademy's teachers call themselves "gray hats"--hackers who "do not do evil things" like write viruses or steal credit card numbers, but who break into computer systems "for our own entertainment" and to educate, said Fozzy.

Like the other handful of people who work at the Hackademy, Fozzy uses a pseudonym to conceal his identity, not from government authorities (with whom they say they've had no problem) but from other hackers. Fearing they will be targeted by "black hats" if they use their real names, the school's instructors use character names they've adopted from video games, books and movies.

According to the school's manager, who goes by the name Billy Dub, more than 400 people have attended the Paris Hackademy since it opened last fall. The school has only one classroom and six computers, but a second room is under construction and classes will be offered year-round.

Students, many of whom learned of the school through media coverage and the Web, have included high schoolers, grandparents, businessmen, even a police officer. Most are 25 to 35 years old, though they range from 15 to 76. They are also mostly male, which prompted the school, upon opening, to offer free classes to the first 10 women who signed up.

About 90% of the students are "newbies," taking a beginners' course in basic vocabulary, introductory hacking techniques and how to secure their Web sites and e-mail. Classes about network vulnerabilities, exploiting network protocols and intruding systems are available to more advanced students, as are methods of protection from such attacks.

"Everybody should know what are the real security problems that exist on the Internet and how to protect from [them]. At this time, the [home computer] user really does not understand the problem," Fozzy said. "That is why we created the Hackademy."

What should they be worried about? Any number of things, Fozzy said, but most specifically the Web. As more and more services are performed online, and increasing amounts of highly sensitive personal data are shuttled through cyberspace, the Internet makes computers of all kinds more susceptible to attack.

The common misperceptions Fozzy hopes to correct: that antivirus software on its own prevents computers from acquiring bugs (it is useless unless security patches are applied) and that credit card information is safe if sent over a "secure server" (it is not the transfer of data but how it is stored by the company on the other end that is unsafe, he said).

About 50% of the school's students say they have been the victim of some sort of security breach, according to Dub. Still, in a constantly shifting computer security landscape, one has to wonder: Is it even worthwhile for a layperson to bother educating himself on the latest techniques and strategies?

"No," according to Bruce Schneier, chief technical officer of Cupertino-based Counterpane Internet Security. "If you're worried about getting sick, you don't need to go to medical school. I go to a doctor so I don't have to become a doctor. If you're a layperson concerned about computer security, hire an expert."

There is no question computer security courses are imperative for large corporations. According to an annual security survey of Fortune 500 companies and large government agencies conducted by the Computer Security Institute in San Francisco, 91% of survey respondents in 2001 said they had suffered some kind of security breach.

To prevent computer break-ins, a number of American companies offer systems security classes, companies like Internet Security Systems in Atlanta and Foundstone in Irvine. Geared toward computer security professionals, their classes are usually taught by ex-military personnel and cost about $1,000 per student per day.

Advertisement
Los Angeles Times Articles
|
|
|