A hacker on his laptop at a computer hacker conference in Las Vegas, July 30.
A hacker on his laptop at a computer hacker conference in Las Vegas, July 30. Isaac Brekken/AP
In a classroom in Dover, Del., 20 university students — all men — are intently typing at long conference tables. The computer screens are below the table, under dark glass, so no one can see what they're doing. Makeshift cardboard barriers separate five different teams. It's a game of capture the flag, 21st century style.
Mike Ridenour, 24, and his team are hacking their way into a computer network to find so-called flags, or hidden pieces of data. Ridenour is using information he found on a social networking site to try to hijack the account of an IT administrator.
"We kind of got some information from the profile pages," Ridenour says, "so we're tying the admin account, and he's a fan of Chuck Norris, so I'm trying Chuck Norris as a password."
The game is the final exercise at a cybersecurity boot camp held at Wilmington University last week. The camp was designed to train the next generation of "cyberwarriors" to defend the country's computer networks against attack. Ridenour's teammate Aaron Hampton puts what's going on a little more simply.
"We are looking for ways to break computers to find information we're not supposed to find," he says.
This is the kind of stuff you could get into serious trouble for if you did it alone in your basement. But training people to do this is the entire point of this camp, and others like it held this year in New York and California. The network they're hacking into is fake and was created specifically for this exercise.
Huge Need for Cyberspecialists
According to the Government Accountability Office, cyberattacks on federal agencies jumped more than 400 percent from 2006 to 2009. And U.S. security officials say the country's defenses aren't keeping up. By one estimate, the United States needs up to 30,000 cybersecurity specialists to protect the government and large corporations. Now there are only about 1,000.
Alan Paller is the director of research at the SANS Institute, an organization that specializes in computer security training. He says the U.S. is way behind in finding and training talent, and that leaves the country's power grid, defense industry and banks vulnerable.
"People used to think that it was all technology," Paller says. "If you could buy some tools you could have great cybersecurity, but the attacks have changed so fast that the tools can't keep up, so it's the people skills that allow one nation to be able to protect its computers versus another nation."
Providing A Legal Outlet
Until relatively recently, there wasn't much formal training offered in cybersecurity. As a result, many of the people who know a lot about it learned on their own — sometimes in ways that weren't strictly within the rules. Paller says part of the point of the camp is to allow people to develop their talent safely and legally.
Aaron Hampton says he appreciates that. "It's a lot of fun because it's legal," he says of hacking at the camp. "You can't get in trouble for it. That helps."
Like many people, Hampton, 28, says he started learning cyberskills on his own, by poking around online. Now, he's glad there are finally more formal ways for people to learn them. "If I had any kind of computer courses 10, 15, 20 years ago I definitely would have spent less time trying to get into trouble," he says.
Security officers and government officials are keeping a close eye on these students. They're all hoping the people tapping away at their computers among crumpled chip bags and empty water bottles are the next generation of what they're calling "cyberwarriors."