Hacking, Children, and Ethics

Tuesday, January 31, 2012

Infosec Island Admin


A Conversation and A Problem

While at last weekends ShmooCon, I had a chance to be in a conversation with @diami03 that got me thinking about Anonymous and where we are today with the whole debacle as regards the youth of today.

I am indeed getting older (Methuselah here.. Hi!) and as I look around I see younger and younger folks going to the con’s and performing the new and old hacks out there in the world.

It occurred to me at that instant that unlike when I was a kid (when dinosaurs roamed Pangea) the kids today don’t seem to have much in the way of teaching on the subjects of Logic, Ethics, and generally, how to be good citizens.

… And that perhaps it was time that the INFOSEC community engage on this…

I thought I had a genius stroke! But, alas, I was not the first to think of this! There’s hackidcon now as well as presentations like the one that actually was given the next morning at Shmoocon called “Corrupting Youth” by Jordan Wiens.

I was heartened to see others had gotten on this already and that perhaps we as a community could do some good and affect the future generations of hacker types by teaching them the ethics of old school hacking as well as hte use of logic and good decision making.

In looking around today... I’d say we really really need this… And here’s why…

Monkeys With Loaded Guns

Ok, I’ll say it here and now. What has evolved into Anonymous for the most part, has been a disappointment to me. Sure there are many in it just for the Lulz’s (a core issue here) but there are many who want to make a difference in what they perceive as their governments misdeeds.

Both of these players have also been infiltrated by the Lulzier group of Anarchists who want nothing more than to just sow chaos for their own nihilistic animus. From this soup we have seen what I call the “Monkeys with guns effect”: Scattershot and useless hacks and pranks that further no other agenda than the Lulz or, for those anarchists and others who have infiltrated the ranks, to sow chaos anywhere they strike.

Reasons or no.

On go the monkeys with loaded shotguns filled with buckshot, shooting aimlessly (except for the initial hit on Aaron Barr and HBGary) proclaiming wins and showing how bad “The Man” is by dumping dox and email spools.


This scattershot approach just shows a lack of critical thinking on their part as well as perhaps a lack of control over the minions out there performing the ol’ “Ready FIRE Aim!” routine. Overall though, this is getting old for everyone and that has been the general consensus for a while.

It’s time to cut it out kids.

The Future of Technological Society

Ok, so back to the next generation. How about we follow the model that Hackidcon and Mr. Wiens have set by teaching the new kids on the block not only the technology, but the ethos of hacking. We can teach them so many things both technical as well as ethically and I believe that a program like this would better prepare them for the power they will wield with the internet and all things digital.

Without it, I fear that we will raise another generation of online sociopaths as we seem to have already in some quarters of Anonymous. This is not to say that online rights are not important and CERTAINLY not to say that the governments of the world have been ramping up to over reach even more than ever before in the age of Anonymous and Digital Piracy.

I think that the governments of the world have begun to erode all of our rights due to greed as well as fear. Greed being fed by the likes of lobbyists and fear that they are ill equipped to properly deal with the digital age... Never mind to regulate it.

By teaching the next gen kids how to be good citizens and good hackers, then we might have a chance that in the future the senators and governmental work force will really understand the net, how it works, and what it means. This then will flow down to the laws being considered and implemented. Today we have governance that is unable to understand the tech nor the mindset.

“The Internet is a series of tubes you know…”

So, I ask you all to consider your time and its value to teaching these things to the next gen. Not just your kids, but all the kids you can. Make the time and find out where you can help.

After all… Those kids you might or might not teach… May in fact be the next Anonymous member DoS-ing your company.



Cross-posted from Krypt3ia

Possibly Related Articles:
Security Awareness
Information Security
Attacks Anonymous Hacktivist Kids hackers Information Security Education Ethics Lulzsec AntiSec Scot Terban Anarchists Krypt3ia Protest Hackidcon
Post Rating I Like this!
Andrea Zapparoli Manzoni Couldn't agree more, it's a worrisome subject indeed.

We tried something here in Italy, but it came out that young hackers (15-25yo) simply don't want to listen to us older guys.

They think they know everything and that they can do whatever they please, just because... while this lack of understanding is normal between generations, it is particularly true between digital natives and "the others", also because they don't oppose a different set of ethical rules and goals to ours, but simply dismiss the whole subject as uninteresting and irrelevant, so that it's very difficult to even start talking with them.

Any ideas?
Krypt3ia Start earlier. Grade school.
Damion Waltermeyer I agree with you on this and think we need a good way to go about it for the current actors. It isn't enough to Present "Here is how to be a good hacker" in pamphlet form. They would just draw rage comics over it and republish for the lulz. We need to move ethics and logic into all of our processes, presentations and seminars. We need to give good examples of how to use things in a better way. When we write books, we need to not have a chapter on ethics and then ignore it, but intersperse it throughout. We need to toss in interesting ethical concepts when we teach. But most importantly, we need to make it relevant for them. It's great to say you should do something, but if asked why, we cannot and should not just say because. And, less I be guilty of that very same idea, I feel we need to make it relevant because otherwise it is just data, it is something someone else might use, but they might think doesn't apply to them. Here is to the future of the socially responsible citizen hacker becoming the majority.
Laura Walker That's the key Scot. But what avenues are there. You all might fancy yourselves the "old guys", but you are far more dialed in than your average parents. What avenues exist to bring smaller children - the under 13 set - into an ethical exploration of the field? Right now the status quo is to use a browser nanny, which for many kids is simply the first obstacle to breach.
Are there any existing programs aimed at the younger set?
Krypt3ia Laura, Hackidcon is out there and there is also the presentation/program that Jordan has as well. Otherwise I am not sure what else is out there to work with as yet.
Laura Walker In regards to teenagers, the biggest problem I see is the "fame & glory" is (with one notable exception) the spoils of the chaos kids. Ethical hacking needs to get pretty sexy to compete.
Damion Waltermeyer Ethical hacking is one of the sexiest areas of IS at the moment and tends to have very sufficient pay. What else can we do? Maybe we need a cool underground movie based on novel with an ethical hacker as the star.
Laura Walker I actually started to write that and stopped because I thought I would make Scot's head implode. But it's true. If there was a way to make Ethical Hacking out to be Seal Team Six? Disco!
Damion Waltermeyer They do have those new cyber security squads, they even have wings now. The movie could be called something like
"USCYBERCOM: 67th Network Warfare Wing"
That's fairly cool right? maybe shorten to it "CyberCom 67".
Andrea Zapparoli Manzoni Laura & All,

i fear "fame & glory" ain't too sexy for these kids anymore.

I've seen 13-14yo hacking for money, cell phone prepaid sims recharging, high tech gadgets and so on. Not for fun or for a cause, but for profit.

How can we stimulate interest into *ethical* hacking when these kids have no idea about what ethics means?

Perhaps as a society we sowed the wrong seeds, in the last 3 decades...
Damion Waltermeyer We appeal to their same motive now. We demonstrate how much more money is to be made doing it legally with far fewer repercussions and risks. Once we have their attention and bait them with "candy" we slowly expose them to ethics and then hardwork.
Damion Waltermeyer Thinking on this, I think one of the problems is we don't really have a legal way for youth to make money at this work, so they are forced to the illegal side. We need a method to let them earn tangible rewards doing IS without turning it into a cybersweatshop. I think the opportunity alone would draw in a large number.
Andrea Zapparoli Manzoni Yes, we should definitely try to do what you say, Damion.

Still I see a huge problem, since even if EH pays well (if you can get a job), cybercrime pays 10-100 times more...

A friend's son from St. Petersburg (Russia) asked me: what should I do? Make 500$ a month working as a good, honest programmer, or 50.000$ a month writing malware? Of course I said "follow the right path", but I knew I was sounding terribly unconvincing :/
Laura Walker Unfortunately, you're right Andrea. Virtue isn't its own reward anymore.

So . . incentivise. Corporate sponsorship? You'd think Sony would want to kick in.
Laura Walker Wait a minute. $50,000 a month to write malware? Boy did I make a vocational error . . j/k
Damion Waltermeyer Sorry, 50k a month? I must be in the wrong business.. where can I a.. nevermind.

I agree there is a disparity in wages, but we can also explain risk and motivating things like Jail sex.

You could demonstrate time lost in wages and court/lawyer costs versus money made in a legal fashion.

My issue is at the moment wondering what the heck I would hire a script kiddie to do that I would pay them a motivating amount for.

Perhaps something like ROTC (A U.S. Army early years program). They could attend a program where they to learn and do cool things and get a stipend in exchange for a few years of salaried work afterward. At least with the U.S. it could even be a sort of ROTC for the USCYBERCOM. I’m unsure if any other countries have similar military divisions. Note, I don't know if ROTC actually pays any sort of stipend, but I think this program would need to for it to work. The nice thing is(minus the income disparity point) is anyone doing these things already has the equipment they need to attend online classes for the program and do work via vpn or some other connection method.

Perhaps corporations might do something similar, some sort of paid training in exchange for a few years of salaried work afterwards. This also increases the hopefulness of the children in the program. It's no longer “oh no, once I am out of school I will need to find a job in this market”. It's straight into the field after received technical and ethical training. It might even improve a company’s bottom line by having more highly trained and efficient workers.
Laura Walker Hackid needs STEM funding, if they don't already have it. Going to make myself useful.
Sara Hald I have had the opportunity to go my local elementary school and teach the oldest kids (12 - 15 year-olds) about how to be safe online. I noticed that most of the kids spent lots of time online everyday and were really well-versed in all things computer, while most of the teachers were more or less clueless. In several of the classes I visited, we had discussions on hacktivism, Anonymous, piracy, and the PSN incident that had affected a lot of them. It seemed to me that the kids were thrilled to have someone to discuss these things with, a grownup who was at home in their world, and I am pretty sure that for many of them it was a first. In a few years, some of these kids will have formed their own digital identity and set of online ethics (or lack thereof) and without the guidance of teachers or parents, some of them will probably make some pretty poor choices. We, as security professionals, have no chance to reach everyone - or even most. In my opinion, what needs to be done is to educate the teachers, so that they too gain insight into the wonderful world of the Internet with all its opportunities and pitfalls, and make sure they are qualified to guide the kids into being productive netizens. As long as the generation gap exists and the kids have to figure out their own rules, there is a risk they will go all "Lord of the Flies" on us.
Krypt3ia Sara,
You bring up a great point! We need to train the teachers as well as the parents today as well. A united front to teach the ethics and lay the groundwork for those future netizens.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.