Rehab camps for teenage hackers could recruit next generation of cyber security professionals
Teenagers caught carrying out hacking and cyber-attacks could soon be attending a rehab camp aiming to divert them away from a life of crime and give them the skills they need to help protect businesses from a cyber-attack.
The first camp for
offenders was held in Bristol this month as part of the National Crime Agency's
(NCA) work with teenage computer criminals and the CEO of Axial Security
Systems Mike Simmonds believes that the course could help provide the next
generation of sought-after cyber security professionals.
“The rehabilitation camp needs to create an environment where doing the right thing is even cooler than doing the opposite; challenging the team to get inside the mind of the bad guy and to dig down into the drivers behind the code and intrusion ‘vectors’ they are investigating needs to be technically challenging and emotionally fulfilling – just the same as a full time cyber security professionals full-time job," Simmonds comments.
“When educating someone to ‘change hats’ from that of a black-hat hacker to that of a white hat security professional, the key part, of course, is ensuring that the lure of doing the right thing outweighs that of the unpalatable alternative.
“The skills that need to be nurtured in what will be a fast-paced and extremely fluid environment will be centred around the ability to mentally visualise what is not ‘normal’ with a file, a transaction, an email, a web-page and every other possible source of malware or virus. This allows you to understand how the payload is delivered, and the ways of recognising the activity its deployment generates as quickly as possible.”
Attendees to the camp learned about responsible use of cyber-skills and received advice about careers in computer security and Simmonds pointed out what specific skills need to be learnt to give these individuals the ability to spot and resolve common security issues.
“Skills such as pertaining to network communication, firewalls, along with the protocols that are employed to ensure that modern network communication is fast, clean and convenient need to be fully comprehended so that behavioural anomalies in these areas are identified should they be utilised in an attack”, explains Simmonds.
“File system alterations that are unusual need to be observed and exceptions acted upon, so skills in file systems and operating systems will need to be honed in the skill-sets being developed too. Historical (legacy) communication mechanisms need to be understood as well – their security is often overlooked for the convenience their continued use enjoys.
“Ultimately the rehabilitation process can help drive these youngsters to become an asset to our society and businesses, by protecting them from the danger of a future cyber-attack” he says.