Hackers in White Hats
February 20, 2005Around 3,000 people have taken courses at France's first school for computer hackers -- and those who want to fight them -- since its launch in 2001, according to Hackademy director Mederic Gliziere. And demand seems to be growing. The school has opened facilities in four other French cities and held seminars in Switzerland, Belgium and Spain so far.
"Hacking is the art of discovering failures in programs or Internet Web sites," Gliziere said. "You can learn how to make cracking, hacking, be able to find a failure inside a Web site and be able to fix the error to disable the capacity of bad guys to take control of the Web site. It's also the same for programs or a company network."
People at the Hackademy distinguish between what they call white and black hacking. Black hacking or black-hat hacking, as it is more commonly known, is finding flaws on Web sites or networks for some type of monetary gain or just to create havoc.
Good guys and bad guys
White-hat hacking, on the other hand, is about finding flaws for the sheer fun of it and for the glory you receive in the hacking community. White-hat hackers will find a flaw on an online banking platform for example, tell the company about the flaw and ask them to fix it. White-hat hackers don't ask for money, but they sometimes threaten to make the flaw public if it isn't fixed.
The Hackademy is strictly about white-hat hacking. That's how the school stays on the right side of the law. It did have a run in with police once, but it meant only a night in jail for the staff. They were released because the police had nothing to charge them with.
When it opened, the Hackademy team thought they would be working mostly with teenagers and young adults fascinated by computing. But the academy has increasingly attracted professionals keen to find out about how to protect their networks from hackers.
"We've got a lot of teenagers or students and we also have very important people like engineers from big companies and also people from the French state," said Gliziere, at 27 one of the staffs' elders. The teachers' average age of teachers is around 20, while students' average around 30. Course participants must be at least 15, and if they're under 18, they must show parental consent.
Culture of anonymity
Crashfr, 23, is one of the three regular teachers at the school. He uses an assumed name, because he likes to maintain certain aspects of hacking culture, despite the fact that the Hackademy is completely legal.
"Since my very beginnings on the Internet, I used a pseudonym like everyone else on the Web in order to stay anonymous, so there could be no connection to my real life," he explained. "But if I'm going to do a security audit for a company, for example, I'll use my real name. But if I'm talking with hackers, I'll use this pseudonym to protect my identity. It really depends who I am dealing with."
After getting his high school diploma, Crashfr, a self-taught hacker, was kicked out of his college because he spent too much time on the Internet and not enough attending class. Normally, he dons fatigues, a hat and dark glasses to teach, in keeping with the secrecy of hacking culture. He makes exceptions when he teaches pupils from the business community.
Many students are also anxious to protect their anonymity, Gliziere said. "Some people don't really want me to give their names. Especially big companies because we are a hacking school and they don't really like this term."
Philippe Gillet, a student at a local computer and electronics college, takes part in courses that he couldn't really do anywhere else, he said.
"This is really the kind of place where people are taught how hackers' minds work, how they will act," said Gillet. "You don't find that kind of information in magazines because everyone is afraid of having problems with the law and because no one else dares talk about that kind of thing."