Computer hacking for 8-year-olds

 

The hacker who goes by the pseudonym CyFi won't share her real name and declines to be photographed without her signature aviator sunglasses.

At the annual Def Con hacking conference here Friday, Gen. Keith Alexander, director of the National Security Agency and head of the U.S. Cyber Command, brought CyFi on stage during his keynote address and called her "the most important person for our future."

CyFi is 11 years old.

For the second year in a row, Def Con organizers included a full schedule of Def Con Kids programs for beginner hackers ages 8 to 18. The children and teens, who must be accompanied by a parent, learned how to pick locks, competed to find the most bugs in mobile apps and learned about digital forensics by investigating a mock crime scene in a hotel room. Some skilled young hackers also taught classes and gave talks.

To kick off the conference, Def Con founder and veteran hacker Jeff Moss welcomed the kids with a talk on the ethics of hacking and rules for how to stay out of trouble with the law.

"I think it's harder for you guys now than it was for me," Moss told a room of kids and their parents.

Moss started the conference in 1992 because he wanted an open place for hackers to meet in person and share information. Twenty years later, the young attendees from Def Con's early years have grown up, established careers and started families.

Now they bring their own children to Def Con to soak up the knowledge and culture, but this new generation faces a different set of rules and a maze of new laws -- not to mention parents who are savvy enough to know what they're up to and keen on keeping their progeny out of trouble.

Navigating the law

"I just want to open it, but don't want to see what's on the other side," a young woman told and Moss and Lauren Gelman, an attorney who works in the field of Internet law and policy.

Many of Def Con Kids' school-age hackers are driven by the challenge of finding vulnerabilities in security systems and networks, not stealing information or money, or selling their knowledge to third parties. These "white-hat" hackers report any issues they find directly to the developers or relevant companies so they can be more secure.

But good intentions aren't always enough when it comes to staying out of legal trouble.

When Moss was starting out, computer technology wasn't widely understood by law enforcement, and laws weren't yet in place that classified his actions as illegal.

"Technically, I wasn't committing any crimes. I wasn't stealing any money, wasn't trying to break anything," said Moss. The U.S. and international governments have since drafted complicated laws that criminalize many aspects of hacking.

However, Gelman pointed out that in many cases, the rules are still not clear or current, and that current laws are far behind what Def Con attendees are doing. She recommended the kids avoid breaking laws by asking for permission before testing any systems, and if that's not possible, to find a situation where they can ask for approval.

"The lawyer perspective and mother perspective and ethics perspective is you can get in a lot of trouble if you don't ask for permission." Gelman is married to journalist and former hacker Kevin Poulsen and has two children.

Moss has his own test for deciding whether to hack something: "My rule of thumb is, do I completely own it? If yes, I can hack it."

If hackers are unsure whether they are breaking the law, Gelman suggests they check the Electronic Frontier Foundation's (EFF) site, which spells out rules for everyone from bloggers to coders. The 22-year-old organization also provides legal assistance for those who do get in trouble, taking on some cases itself or referring people to attorneys.

Building a reputation

Breaking the law isn't the only concern Moss, Gelman and parents have for the budding hackers -- true anonymity online is harder to come by and a bad reputation can follow these kids into adulthood.

Moss warned the kids that everything they do online now until they die will be backed up to the cloud. "That makes life more difficult for you guys, because if you get in trouble now, you're screwed."

Twenty years ago, hackers could operate in the shadows without leaving much of a trail. Chat logs weren't recorded for long and hackers' handles weren't easily traceable to their real-life identities. Now, most communications that take place online are stored permanently and some can be dug up by law enforcement and human-resources departments.

Moss was just a kid himself when he got started with computers.

At 13, his father brought home an IBM computer for the family. By 14, Moss was online creating a new identity for himself, conversing with adults who were oblivious to his real age and spoke to him like an equal.

"I couldn't drive a car, but I could have conversations about politics with people in Russia," he said.

In those days, if someone made a mistake or needed a fresh start, they could create a new online identity. Moss got a do-over at an early age and recreated himself online as Dark Tangent, which grew into a trusted and respected identity he still uses now.

Today, a fresh start is harder to come by and old communications can surface at any time. Facebook CEO Mark Zuckerberg learned this the hard way when embarrassing instant-message conversations from his college days were made public years later.

"Your reputation is the most important thing you own," said Moss, urging the young hackers to behave ethically, not because it will make their parents happy, but because they are the ones who will have to live with the results.

Hacking for good

With so many dangers, why would parents encourage their children to hack at all? Def Con Kids organizers believe in the good that can come from hacking, including making the country more secure and helping encourage freedom of speech around the world.

"Technology can really change the world," said Gelman, citing the liberation-technology movement that encourages hackers to help people spread messages from countries where online communication is restricted.

The U.S. government sees the potential in these bright young minds as well.

The Department of Defense ran the digital forensics program at Def Con Kids, hoping to encourage more education and interest in the field. And Alexander met with three of the children before going on stage to give his keynote address.

"This is our future," Alexander said of the kids. "What you're doing here to help train those folks is absolutely superb, and you should be proud."

Meet the man who started #NBCFail

Steven Marx wasn't that mad. And with only 17 Twitter followers, the 48-year-old certainly wasn't popular when he reportedly created the #NBCFail hashtag.

But that online conversation would become one of the dominant storylines of the London Olympics, particularly among people who like to mock NBC's sportscasters and in the United States where viewers were upset with the network for delaying its broadcasts of the games to show them in prime time.

Marx, a Web designer in Peoria, Illinois, is credited by the blog Mashable with creating that conversation in reference to the London Games. "Interesting how NBC never mentions you need a cable/satellite subscription w/MSNBC/CNBC to view any coverage online. We're screwed. #NBCFail," Marx wrote on his Twitter account on July 26, the day before the Opening Ceremonies in London.

He was surprised by the heated and hilarious conversation that followed.

"I don't know to what extent I can take credit," he told CNN by phone on Tuesday. "I don't know how it works, if people saw my hashtag and used it or if other people came up with it on their own and added to it.

"It's kind of fun for me. I've been working in the field of technology for 20 years now and it's finally fun for me to get my 15 minutes of Internet fame."

Marx was on vacation in New Mexico when someone sent him a message on Twitter telling him that bloggers were crediting him with starting the #NBCFail topic.

He found it amusing in part because he wasn't all that mad at NBC, just annoyed that he couldn't watch Olympic programming live and online for free. It sounds as though he almost feels bad about playing a small role in unleashing the fury of the Internet on the U.S. broadcast network.

"In some ways it's showing some of the worst sides of what this instant media can do," he said, adding: "It's sort of that mob mentality that Twitter encourages. I think in this sense it's showing the bad. But in the Occupy (Wall Street) movement, it showed the good that Twitter can do for organizing. Even though it's made me slightly famous, I'm not necessarily thrilled with what's happened. I'm not terribly impressed with NBC, but that's not new this year."

Some online writers have said that watching the #NBCFail hashtag has become more fun that watching the actual Olympics.

And plenty of others have taken up the torch of teasing NBC, too. A feed called @NBCDelayed posts constant "breaking" updates about old news, making fun of the fact that the Olympics are shown on a several-hour delay in the United States.

"BREAKING: Underdog Jamaican bobsleigh team loses control and crashes," that feed wrote on Tuesday night in reference to the 1988 Winter Olympics in Calgary, Alberta.

CHECK OUT SNAKE WITH 3 HEADS IN INDIA

Cuban Man '24' Proud Of His 4 Extra Fingers, Toes

They call him "Twenty-Four." Yoandri Hernandez Garrido's nickname comes from the six perfectly formed fingers on each of his hands and the six impeccable toes on each foot.

Hernandez is proud of his extra digits and calls them a blessing, saying they set him apart and enable him to make a living by scrambling up palm trees to cut coconuts and posing for photographs in this eastern Cuban city popular with tourists. One traveler paid $10 for a picture with him, Hernandez said, a bonanza in a country with an average salary of just $20 a month.

"It's thanks to my 24 digits that I'm able to make a living, because I have no fixed job," Hernandez said.

Known as polydactyly, Hernandez's condition is relatively common, but it's rare for the extra digits to be so perfect. Anyone who glanced quickly at his hands would be hard-pressed to notice anything different unless they paused and started counting.

Hernandez said that as a boy he was visited by a prominent Cuban orthopedist who is also one of Fidel Castro's doctors, and he declared that in all his years of travel he had never seen such a case of well-formed polydactyly.

"He was very impressed when he saw my fingers," said Hernandez, who is the only one in his family to be born with extra digits.

In a part of the world where people's physical traits are often the basis for nicknames – even unflattering ones like "fatty" or "shorty" – "veinticuatro" ("twenty-four" in English) is not an insult but rather a term of endearment, and Hernandez, now 37, said his uniqueness has made him a popular guy. He has a 10-year-old son with a woman who now lives in Havana, and his current girlfriend is expecting his second child.

"Since I was young, I understood that it was a privilege to have 24 digits. Nobody has ever discriminated against me for that," he said. "On the contrary, people admire me and I am very proud. I have a million friends, I live well."

Nevertheless, it occasionally caused confusion growing up.

"One day when I was in primary school, a teacher asked me how much was five plus five?" Hernandez recalled. "I was very young, kind of shy, and I didn't say anything. She told me to count how many fingers I had, so I answered, "12!"

"The teacher was a little upset, but it was the truth," he said.

Hernandez said he hopes he can be an example to children with polydactyly that there's nothing wrong with them.

"I think it's what God commanded," he said. "They shouldn't feel bad about anything, because I think it's one of the greatest blessings and they'll be happy in life."

Is the government doing enough to protect us online?

More than 400 million people trust Google with their e-mail, and 50 million store files in the cloud using the Dropbox service. People manage their bank accounts, pay bills, trade stocks and generally transfer or store huge volumes of personal data online. Who is ultimately in charge of making sure all this information is secure: the government, the companies or the users?

At a lively panel discussion at the annual Black Hat security conference in Las Vegas on Wednesday, computer security experts discussed the roll of the government in online security. The debate centered on whether the U.S. government should take the lead in setting security standards for the industry or whether companies are responsible for their own security and that of their users.

"I lose my cool when I hear people from the government say people from the private sector need to stand up. Providing for the common defense is what the government is supposed to do," said security systems expert Marcus Ranum.

The U.S. government is considering various security bills that address online security standards.

One controversial bill, the Cyber Intelligence Sharing and Protection Act, would allow private companies to share data with government agencies when there is an attack or breach, without fear of lawsuits from customers over the shared data. However, several civil liberties groups believe the bill needs more restrictions on how the government can use that shared information.

Creating laws isn't the only way the government can push for greater security. It can also use its significant financial sway on major companies.

"The government is an enormous purchasing agent in our industry. Why can't the NSA come up with a security standard that they like?" asked Bruce Schneier, security critic and author. "Let them go to the operating system companies, the database companies, the cloud providers, and say if you want the government business, you have to adhere to this."

Opponents of the government-control approach say corporations are responsible for their own security online, just as they would be for the physical security of their offices or property. Law enforcement is there to respond to incidents, not make sure the doors are properly locked, they contend.

Some of the enthusiasm for the government to take the initiative on cyberthreats is rooted in distrust of big Internet companies.

At one point, Jennifer Granick, the director of civil liberties at the Stanford Law School Center for Internet and Society, asked the large audience of security professionals who they trusted less, Google or the government? The majority raised their hands for Google.

"I fear Google more than I pretty much fear the government," said panelist Jeff Moss, the founder of Black Hat and DEF CON. "Google, I'm contractually agreeing to give them all my data."

For now, mutual distrust between the government and the private sector is keeping the two sides from working together as effectively as possible, and the public could suffer because of it.

"The biggest risks right now are not the bad guys," said Schneier. "They are the good guys who are not doing enough."

The users do have some responsibility to protect their data online, but the panelists agreed that regular people will usually bypass any extra steps, even if they are in their best interest, in the name of convenience.

Aurora heroes: Three who gave their lives

Great evil often brings out the best in good men, men like Todd Beamer on Flight 93, Medal of Honor recipient Michael Murphy in Afghanistan and now the Aurora three -- the three young men, each in different parts of theater nine, who gave their lives to protect their girlfriends.

Twenty-five-year-old Jon Blunk was sitting next to his girlfriend, Jansen Young, at the midnight premiere of "The Dark Night Rises" when the gunman (who shall remain nameless) opened fire in the dark theater. Blunk instinctively pushed his girlfriend to the ground and threw his body on top of hers. Blunk, a security guard, served eight years in the Navy and was in the process of re-enlisting in hopes of becoming a Navy SEAL, family and friends said. He was killed in the gunfire; his girlfriend survived.

Twenty-four-year-old Alex Teves dived on top of his girlfriend, Amanda Lindgren, when the gunfire erupted. Covering her body, he took the bullets so they did not harm her. She survived the massacre; he did not.

Matt McQuinn, 27 years old, threw his body in front of his girlfriend, Samantha Yowler, as the shooting continued. Yowler survived with a gunshot wound to the knee; McQuinn's body absorbed the fatal shots.

These men were three of the 12 innocent people killed early that morning. Their incredible sacrifice leaves us asking: Why? Why would a young man with his entire life ahead of him risk everything for a woman he has no legal, financial or marital obligations to?

As Hanna Rosin so eloquently pointed out in a recent article, calling it chivalry would be a tremendous understatement. By all appearances, these men believed that a man has a responsibility to protect a woman, even to the point of death. They believed that there are things in life worth dying for and the innocent woman sitting next to them was one.

Meet the man behind the Aurora crosses

Widow's kids struggle to understand

Babysitter tried to save youngest victim

They believed, to put it simply, in a code of honor. They put the lives of the women before their own, an old fashioned notion to be sure, but certainly an honorable one (if you have any doubt, ask the survivors). Their instincts were to protect, not run away.

From all accounts, these young men were average, working men in their 20s. (We know a little about Jon Blunk, but not much, and we know even less about the others.) Like all men, they had their own struggles. After his death we learned that Blunk had an ex-wife and two children living in Nevada. He was scheduled to visit them to resolve marital issues. This isn't to take anything away from Blunk or the other two heroes, but to illustrate that, in spite of shortcomings, men can still recognize what it means to be a good man and act like one.

This is especially important given the state of many men today. Record numbers of men aren't working or even looking for work. Record numbers aren't marrying or even acting as fathers to their children. These men need heroes to imitate whom they can relate to in everyday life, not just make-believe superheroes who catch their imagination for an hour or two. They need heroes like the Aurora three.

While much of the media obsesses over the psychology and motivations of this deranged killer, we should hold the Aurora three high. It is only by telling their story that this code of honor will survive for future generations of men. "The world is forwarded by having its attention fixed on the best things," Matthew Arnold wrote.

In an age when traditional manhood has been increasingly relegated to fiction -- capes, masks and green screens -- these three men stand as real-life heroes. Their actions remind us that good triumphs over evil, not just in movies, but also in reality.