“I really enjoyed the live online training. I thought the courses and instructors were excellent.”
Dennis Barber
Boot Camp Teaches 'Ethical Hacking' ,Ellen McCarthy, Washington Post Staff Writer, Washington Post
Publish Date:
March 8, 2004
It is before 10 a.m. on Monday morning. In a white-walled room at the Dulles Airport Holiday Inn conference center, the trash bins are already filled with Pepsi cans and coffee-stained cups. For 18 people trying to defend computer networks, this windowless room is where they will learn how to attack. Fueled by caffeine and sugar, they have a week to learn to think like a hacker.
Most of the participants in this "ethical hacking" boot camp have been sent here by employers -- consulting firms and insurance companies from around the country as well as government agencies -- that are willing to pay the $4,500 price tag for the course. But a few, like Berkeley Collins, who lives in the District and was the lone woman at camp, coughed up their own tuition. The course is run by a Fort Lauderdale, Fla., computer training company.
Instructor John Nunes says hacking is simply the act of learning the details of computer systems. (Jahi Chikwendiu -- The Washington Post)
Someday Collins and her husband would like to establish their own security firm, so it was "definitely worth the money." She'll need the training, because mid-week her employer fired her, she said, for taking a week off to take the course. "I was doing the class originally to get a better skill set. Now I'm doing the class so I can get a job," she said.
By the end of the week, Collins and her fellow campers will learn how hackers slip past security to walk right into an office and find unoccupied computers to look up the names of internal files, or dive into garbage dumpsters in search of corporate records; and how they scan company Internet addresses to identify the human resources and accounting systems. They will also learn the more infantile of hacker behaviors, such as how to deface Web sites to embarrass the opposition. Again and again, the instructor tells the class "firewalls just don't matter."
"I've been breaking into stuff for 10 years now, in one way or another," said the instructor, John Nunes, 33, a former Navy man who said he once worked at the National Security Agency. Now a civilian, he dyed the back of his mullet-style hair a not-so-subtle shade of green. "I'm gonna tell you how to do it as a bad guy, 'cause it's important that you know how to do it."
Because if the students know how to crack their own systems, they will be the first to discover holes in the virtual barricade, the theory goes. And if they know what is weak, they will know what needs fortification.
Training starts at 8:30 a.m. and a 12-hour day is considered a short one. Meals are served back at the Holiday Inn. Bulk-sized containers of Doritos, Milky Ways and Pop-Tarts line a table near the door. The school even supplies Tylenol and Tums, which are in large supply on the food table.
Nunes tells the class there are a few things security officers need to do before they try to hack into their own company's computer, such as deciding in advance what to do if they discover pornography on the computer of the chief executive, and making sure they have a good lawyer and contract -- "something that will stand up in court."
He defines the word hacking as the act of learning the details of computer systems, and claims the term's meaning has been "modified, polluted, bastardized," by the press and others.
"I've never been convicted of a computer crime," he said. "Notice the careful wording."
