Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Education Software Security Technology

Hackers To School Next Generation At DEFCON Kids 86

fangmcgee writes "DEFCON hackers will share their skills with the next generation at a first-ever children's version of the infamous gathering of software renegades, lock pickers and social engineers. A hacker conference for children is controversial even in the DEFCON community. Prime targets for criticism include lock picking and social engineering, the art of manipulating people into revealing sensitive information. 'Everyone is up in arms that we are going to teach kids to be evil, but that is not the case,' said Chris Hadnagy, who trains companies to guard against slick-talking hackers and runs the website social-engineer.org. 'Think critically, think objectively — that is what this industry teaches people,' continued Hadnagy, a DEFCON Kids mentor. "
This discussion has been archived. No new comments can be posted.

Hackers To School Next Generation At DEFCON Kids

Comments Filter:
  • I was very pleased to read that they are "Certified Ethical" hackers. Not just ethical, "certified" ethical!
    • I'd be more concerned about certified "ethical" hackers myself.

      But man I wish I could have taken a course like this as a kid. I wonder if they take adults.

    • by Anonymous Coward

      It's just a penetration testing certification. Like an MCSE or CCNA or whatever. But nobody could get their boss to pay for a "hacker training" cert, so they threw the word "Ethical" in there.

    • The quotes are incorrectly applied. It's Certified "Ethical Hacking". The concept of "Ethical Hacking", whatever it means, is what gets certified, not the "Ethical". I agree that "Ethical Hacking" is a somewhat murky idea: it means that instead of getting practical knowledge by messing around with other people's servers, you messed around with a few computers in a laboratory, under specific constrains.

      • Ethical hacking is more than that. Personally, I see it as something like a creed (ok, I'm a bit of an idealist). But in a nutshell, it means that you agree to play along a set of rules, essentially, that you are a "white hat". It doesn't necessarily mean that you lock yourself in your ivory tower and only use nondestructive means, but it means that you agree to the rules of engagement and that you do not hack someone not asking for it. And I wouldn't teach anyone not agreeing to this.

        But like I said, I'm a

    • Erh... ethical hacking is part of a lot of pen-testing certificates. What's so "funny" about it?

      Look at various certificates in the field and you'll certainly find something that points to "ethical hacking".

  • something like professional script kiddies? what could possibly go wrong... :)

  • by MaxToTheMax ( 1389399 ) on Monday June 27, 2011 @12:15PM (#36586158)
    Teaching these kids the fundamentals of social engineering will help them recognize it and avoid being victimized by it. I think this is a really great idea.
    • by lazlo ( 15906 )

      That's my first thought exactly. Because fundamentally, a panel van with "Free Candy" spray painted on the side is a social engineering attack, and it would be very useful to teach children to recognize it as such.

      And if they fail to recognize that sort of Social Engineering, those lockpicking skills may be coming in handy real soon now.

      • It was my initial thought as well. Then I realized we're talking about children.

        Hacking, like all pursuits that can affect others, is a matter of morals governing how you use a tool. Morals take time to build and comprehend as well as experience to be able to properly define positive verses negatives morals. DEFCON Kids will be coverings 8-16 years old. While the eldest should have some morals and sense about proper ways to use the tools it is not out of the realm of question that the younger children would

    • Yup, my daughter is only six, so I sure hope they keep this going from here forward. I'll definitely bring her when she's eight.

      • by brkello ( 642429 )

        Shouldn't you actually see what values they teach before shoving your impressionable daughter in the class? There is a difference between teaching how to watch out for social engineering and how to do illegal activity. Plenty of ways to teach critical thinking and avoiding con men without teaching them lockpicking or hacking.

        • by dave562 ( 969951 )

          Like giving her a copy of "Influence, The Psychology of Persuasion"

        • Yes, the teaching of critical thinking is already going on. When she is old enough for this event, she should be ready for it, as well. And, yes, I will have had two years of this event occurring to base my decision on, as well.

  • Hmmm ... (Score:3, Insightful)

    by gstoddart ( 321705 ) on Monday June 27, 2011 @12:16PM (#36586164) Homepage

    Part of the problem with this is that you might be teaching it to people who don't have the emotional maturity to truly gauge the difference between right and wrong ... don't most teenagers test as sociopaths in personality tests?

    You're doing a lot more than simply teaching them to think critically and objectively ... you're teaching them to do things which range from shady to illegal, and they might not fully grasp that.

    I'm not sure a 14 year old needs lock-picking skills. Though, I'm sure some hilarity could ensue.

    • The type of teenager who would even have the attention span for this kind of subject matter would be less likely to cause such problems.
      • You are aware of Asperger's, are you not?
        • You're aware that someone with Asperger won't probably even get the idea to go out and break in somewhere? Although... I might have done it just to see if I can open their door. I would not have gone in, since that would have been uninteresting, the door is open already, so why bother?

          • My point was mostly attention span + impaired interpersonal skills/lack of social understanding.
            • You'd be surprised what attention span someone with Asperger's can have if it is about "his" topic. Like me and math. There was no easier way to keep me occupied than with a few good books about math and theorems. Drives teachers mad, though, so if you're a parent with a child who has Asperger's and "his" (her) topic is something taught at school, maybe prepare the teacher that he's in for a rather frustrating experience.

              Now, I agree that social engineering is probably not their forte (wasn't mine, I'm stil

              • I'm not at all surprised, because I know quite a few. That is exactly what I was saying. And while social engineering may not be their forte, there are other security topics being taught here as well.
                • There are quite a few people in IT-Sec who come close to the textbook definition of Asperger's. Even more so than in the rest of IT. It's quite fascinating to see how people who lack the ability to interact with "normal" people can easily understand each other, because NOBODY in the whole conversation understands such petty things like body language or figurative speech. I have to admit it is also much easier and more relaxing.

                  Of course, as time passed, I started to learn how to deal with "normal" people. T

    • Re:Hmmm ... (Score:5, Insightful)

      by ThinkWeak ( 958195 ) on Monday June 27, 2011 @12:25PM (#36586318)
      I think this might allow those that are curious to ask questions in an open forum surrounded by like-minded individuals instead of secretly trying to do things that could result in some stiff punishment. Gone are the days where one was allowed to:

      1.) "being curious" about trying to connect to a business' modem to see what happens

      or
      2.) Mixing up a cocktail from anarchist's cookbook

      Now, they are acts of terrorism. In the past, 15 years or more ago, you could get away with these things and continue learning. I wouldn't try half the stuff I did back in the day for fear of being locked up or visited.

      Of course these kids are going to try some of the things from the conference, just teach them which ones will have the stiffest penalties.
    • Part of the problem with this is that you might be teaching it to people who don't have the emotional maturity to truly gauge the difference between right and wrong

      In my mind, that's the main problem. Sure, some of them will use their skills for good. Others will be tempted into using their new-found powers for bad.

      Perhaps it's best to start them off small and let them work their way up into the more advanced topics with proper supervision. Like martial arts, you don't teach them how to break someone's n

    • who don't have the emotional maturity to truly gauge the difference between right and wrong

      It's not so much that they can't gauge the difference between right and wrong. People in their early teen years are easily able to make that distinction. It's that some of them lack the emotional maturity to reliably place other people's well-being above their own entertainment.

    • Doesn't that also depend a lot on how the information is presented? Saying to someone: "Look, this is what people regard as basic security, but it's not" and showing them how easy it is to defeat would certainly be much more than teaching them how to break into something.

      Not showing them the lock-pick is merely security through obscurity... It's easy enough to find if you're willing to look for it. I, for one, am all for presenting information like this in a responsible manner, which I sincerely hope is

  • by h4rr4r ( 612664 ) on Monday June 27, 2011 @12:16PM (#36586166)

    'Think critically, think objectively

    That is why it is really being criticized, no one wants kids thinking that way. Then they might question stuff.

    • True this. As a culture we are teaching youth NOT to ask questions.

    • by brkello ( 642429 )

      No, it isn't. Giving kids the tools to hack and break in places is what is in question. There are plenty of ways you as a parent can teach your kids to think critically in an environment that is open to questions. I seriously have to question the parenting ability of parents if they would stick their kids in this class without seeing what it actually teaches. Do you really want that knock on the door in the middle of the night to raid your house for computers because you think this is the best way to te

  • by Animats ( 122034 ) on Monday June 27, 2011 @12:17PM (#36586168) Homepage

    There's something to be said for this. Kids should be taught all the common scams in school. Every kid should know the classics - the shell game, the badger game, the big store, the Spanish prisoner, lottery scams, pyramid schemes, forced teaming, etc. See List of Confidence Tricks [wikipedia.org] on Wikipedia.

    • They should be taught the basics of how to recognise such scams, not the details to perform them themselves.
  • As someone who has gone to Defcon myself and work in the security industry I don't think I would send my (presently non-existent) kids to this. While I have no qualms about Defcon teaching these items I feel like kids don't have the ability to understand the ramifications of their actions, which is why we try them differently in court. Once they get out of this class what are they going to be able to do with their new found ability to pick a lock? They can't get a job as a pen-tester or some other legal
    • by gknoy ( 899301 )

      Well, at least you don't have to worry about them getting locked out of the house. :)

    • Many of the Defcon participants prove THEY don't have the ability to understand the ramifications of their actions by getting the con kicked out of a new hotel every year. Or at least they used to. When I used to hang out with crowds of those people they were always telling some juvenile story of hotel destruction of which they were proud.

    • I have been taking my kids to science-fiction conventions ever since the early 1990's. Kids programing tracks were rare at SF cons until fairly recently, and now they're pretty common, in part because more SF fans are reproducing with other fans - the alternative is dumping the kids at Grandma's for the weekend.

    • So you think they'll be as irresponsible as the rest of the people there, which made DefCon something like a traveling con since they get tossed out of every conference center/hotel they've been to?

      Snideness aside, I guess it would mostly depend on how you raise your kids. I know that I, as a child, would certainly have tried my skills at the locks of our house. Not on a hotel room, hey, someone could get mad at me for that! But I'd sure have cracked every lock in our house that I could find, my parents bei

    • "They can't get a job as a pen-tester or some other legal activity so the only thing that they will use this skill for is illegal."

      Please don't breed.

  • ...teach kids how to read! They might build a bomb! /sarcasm

  • Oh the horror. The tb/reps will never let it happen.

  • No one will be scammed.

  • 'Think critically, think objectively — that is what this industry teaches people,' continued Hadnagy,

    This is the United States of America, pal. We don't go in for those kind of radical subversive ideas here.

  • The same arguments could be made for or against teaching a child martial arts. In my opinion it is another way to teach children to think critically. But with great power come great responsibility.
  • How should knowledge be evil? Knowledge is a tool, much like knives, baseball bats, cars and explosives. All of these things can be used for good or evil. Depending on the person wielding them. That's the key here, the person using a tool decides whether it will be used for good or ill of society.

    Will those kids use their knowledge to pick the lock to your liquor cabinet? You bet they will! And they'll get drunk and have a hangover the size of Kansas the next day. Which is by some margin more teaching and l

    • by gknoy ( 899301 )

      Will those kids use their knowledge to pick the lock to your liquor cabinet? You bet they will! And they'll get drunk and have a hangover the size of Kansas the next day. Which is by some margin more teaching and less dangerous than you luckily keeping them away from liquor 'til they 18 so they get their first contact with (lots of) it at spring break

      While I agree that mistakes could be made in a safer environment than spring break or other college-colocated activities, I suspect that the relative safety of drinking relates a lot to body mass. Alcohol poisoning is probably a lot easier to reach with a small child, so I believe that a kid having unrestricted access (after having picked the lock) to a liquor cabinet is still pretty dangerous.

      • Depends on the liquor. Careful with that sweet stuff, they'll probably drink quite a lot before they pass out. But as long as it's just hard liquor, they might take a gulp (as they know from their sodas), spit out the better half of it, cough and hack for minutes and never touch it again for a few years.

  • I was 15 when I went to the first Defcon at the Sands. Children have a natural curiosity about what makes things work and it makes perfect sense to expose to "hacking" and other out of the box ways to think about things. My experiences in the computer underground paved the way for my current career in IT.

  • Whoever is worried about this is forgetting something - most of the kids I know are already very good at finding out what they want to know. It is better to guide them than to stick your head in the sand until they make the kind of mistakes you could have prevented by guiding them.

    I was involved in part of the last Access All Areas in London. I recall an 11 year old kid with a re-chipped NEC P3 analogue cell phone, joining in in conversations in the vicinity (which was actually rather funny), and a 12 yea

  • I wish I had a kid of my own... I would love to send him or her to this conference. When I was a kid, it was perfectly normal and accepted to go to judo or karate classes. What our parents expected was that we would learn how to _defend_ ourselves from attacks, if that ever became necessary. Quite unlikely in the place I grew up, but at the very least we'd learn how to take falls properly, and we'd get regular exercise. This DEFCON Kids conference is just like that. At the very least, the kids get to hear a

  • I would take my son if I could afford the extra airfare and $150 DC entry fee for him. Maybe next year.

    "Prime targets for criticism include lock picking [...]"

    Yeah, it turns out if you practice actual parenting, your kids will be OK with these skills. My son wanted me to make him a set of picks. Since I had already instilled good picking habits in him (don't pick locks you don't own and don't pick locks you rely on), I didn't hesitate to make him some with the extra caveat that they were not to leave the ho

  • http://www.reuters.com/article/2011/06/30/us-germany-hacking-idUSTRE75T2Q420110630 [reuters.com]

    This year it will kick off the first Defcon Kids conference for children between eight and 16 to learn the skills of computer hackers, as well as to protect themselves against cyber attacks.

    U.S. federal agents plan to use the occasion to size up tech-savvy youngsters who could form the next generation of digital crime-fighters.

    Or the next group of suspects...

"...a most excellent barbarian ... Genghis Kahn!" -- _Bill And Ted's Excellent Adventure_

Working...