A Week at Hacker Camp, Chana R Schoenberger, Forbes Magazine

Half of all corporate and government computer networks have been hacked. The scary part: Another 15% have no idea whether they have ever been violated, says a survey by the FBI and the Computer Security Institute. Employers are so fed up with being vandalized, probed and pillaged that they are sending more in-house techies to hacking camp to learn how to find the network holes before the bad guys do. In June FORBES signed up for a course run by a Fort Lauderdale, Fla. outfit called Intense School (note the intensity of dropping the "The"), founded in 1997 by brothers David and Barry Kaufman, who were IT consultants, and their cousin Ron Rubens. In its first six months the course has trained 750 students, each paying $3,400 for 12 hours a day of theory and practice. They emerge five days later from the Springfield, Va. Comfort Inn, just off an I-95 on-ramp in the Washington suburbs, with three new r?m?etters: "C.E.H.," or Certified Ethical Hacker.

Day 1, 7:45 A.M.
The makeshift classroom is a windowless conference room with workstations for 18 men, in sneakers and tech-conference T shirts, and 2 women. There's a continental breakfast, but the room is fully stocked for geeks:a dozen varieties of cold soda, a snack table laden with Slim Jims, cookies and pretzels, and a stack of floppies for each student.

8:30 A.M.
Our instructor, Clement Dupuis, is a 20-year veteran of the Canadian military. He introduces himself in a thick Montreal accent. A jovial version of a drill sergeant, he sports rather old-looking mermaid and vulturetattoos on his forearms. Hackers, he declares, are all around us--no longer the clich?6-year-old in a basement but grown-ups disgruntled in their jobs and aching to get even. "Some of the latest hackers could be your neighbor,"he says."Instead of drinking beer with friends on Saturday nights, they're hacking networks."

Everyone introduces himself; they hail from Microsoft, GE, General Dynamics,Capital One, the Department of Commerce, the Air Force and the Army. The first challenge is to break into your own computer, which is password-protected. The techies quickly guess, correctly, that the password is "password," something easy. (Most people pick such easy passwords.) Derek from one seat over fills me in. He does security for ManTech International, a contractor to the State Department. I log in but neglect to change my password.

10:30 A.M.
I've been hacked!My computer freezes up and crashes. Cackling reveals the culprit to be burly 24-year-old Brian Bartholomew, also from ManTech. I change my password.

7 P.M.
In the twelfth hour now, the class finally gets down to casing corporate victims (but not actually hacking them--that would be wrong). After a dinner of greasy Chinese takeout, my "red" team is assigned to troll the Web for all the data we can get on a small chipmaker, Skyworks Solutions. We search SEC documents for names of executives to impersonate when calling the firm to fish for passwords. Web job boards offer all sorts of handy info. Skyworks seeks an expert in SAPsoftware, telling us what software it uses--a clear target.

Richard from the next row over gives a snort. A bunch of employees of his "victim," the Web site of CAM Commerce Solutions, left their e-mail addresses at a Web newsgroup for Harry Potter fans. Now that he has the naming style for the company (e.g., firstnamelastname@company.com), he can send e-mails one letter off that will bounce back, revealing Net addresses of mail servers on the company network. Be careful what you post.

DAY 2, 8:30 A.M.
Dupuis the Drill Instructor begins class with a quiz, asking what's the number one cause of software problems. "Microsoft!" several students call out, laughing. True, but Dupuis says the answer is buffer overflow, when a hacker deliberately sends a computer more data than it can handle, forcing a hole in the system that hackers enter. Any developers the students oversee had better check for potential buffer problems before releasing the software.

9 A.M.
Today we learn about social engineering, or lying to employees to gain sensitive info. When making phony calls, Dupuis recommends not calling the president's secretary, who is trained to be suspicious. "Usually a woman has more facility to do social engineering," he notes, because people trust women more. Several guys smirk at me. It's good to know I have career options.

DAY 3, 4:30 P.M.
Now comes the field trip. After a long day of talking about how easy it can be to crack wireless networks, the class is going "war-driving." We pile into a white bus and cruise downtown D.C. with laptops and special software to look for open wireless networks. Most students have souped-up antennas, and as we inch through traffic the bus fills with laptop pings and shouts as the gang picks up wireless signals:the AFL-CIO, the Pan American Health Organization, Starbucks. But Richard's screen is blank; the self-appointed class clown doesn't have an add-on antenna on his Dell. "Look, you guys, my antenna's really small!"he shouts. Sniggers all around.

At dinner (Applebee's), Mark Johnson, a Microsoftie from Austin, Tex., says he identified 342 wireless access points on the field trip. Only 131 were encrypted. The rest are fair game for hackers.

DAY 4
The syllabus calls for keystroke-monitoring, sniffing and password-hacking, as well as host and vulnerability scanning. It's a how-to on taking over firewalls and routers and using them to watch what users are typing to grab their passwords, among other nefarious uses. I'm afraid the whole day will go right over my head, so I skip it.

DAY 5 This class is on "spoofing" (pretending to be a different user), "vulnerability research" (figuring out where the weak link is in a program) and the finer points of hacking Web applications. In other words, way too advanced for me.

DAY 6, 3 P.M.
Everyone heads off to cram for the exam (19 of us take it; all but one pass). What will they do differently now that they know how hackers operate? Several are excited to play with the hacker-tools CD that Dupuis handed out. Says Jeffrey Sovel, from GE Medical Systems in Ann Arbor, Mich.: "I'm definitely going to be more paranoid now."