Courses train 'good guys' to tackle hackers

As IT security continues to hit the headlines, Jon Wilcox hears how a new generation of ethical hackers is being trained to do battle with the online marauders. 
 
While British hacker Gary McKinnon waits to hear whether he will be extradicted to the US to stand trial for infiltrating NASA's network back in 2000-01, many businesses are enlisting the services of “good guy” hacking consultants to test and enhance their IT security. UK universities including Dundee Abertay and Northumbria now offer degrees in the subject.

Dundee Abertay began offering a post-graduate ethical hacking diploma in 2008 to cater for people who wanted to improve IT and network security at their companies. When he conceived the course, McLean realised that rather than training people to think like like security specialists, they should be thinking like hackers. The risk of this approach is that students might be tempted to cross into the “dark side” of hacking, as McLean has heard many times before.

The knowledge gained on almost any degree course could be used for good and bad, he argues: “Someone with a degree in biology I’m sure could do one hell of a lot of damage in the world as well. We have procedures probably the equivalent to students going into a medical degree; we vet the students beforehand... and monitor every activity during the course to ensure they’re still legit.”

As celebrity hackers such as Gary McKinnon have found, the sentences meted out to hackers are punitive. “I think these case studies are a big deterrent,” says McLean. “If someone says to me, ‘Why don’t you hack into a website?’ I would say, ‘Because I don’t want to spend 20 years in prison.’

Continued...