[ISN] Teaching Kids About Hacking

From: InfoSec News (isnat_private)
Date: Sat Apr 14 2001 - 13:25:27 PDT

  • Next message: InfoSec News: "[ISN] Cashing In on Cyber Crime"

    by Michelle Delio
    2:00 a.m. Apr. 14, 2001 PDT
    Technical ignorance is an excuse used by too many parents and teachers
    in their failure to teach kids cyberethics, computer security
    consultant Winn Schwartau says.
    So Schwartau wrote a book, Internet and Computer Ethics for Kids, to
    educate both computer-savvy youngsters and technically challenged
    Schwartau has been honored for his security work by heads of
    governments and the military in the United States and Europe, and has
    written or contributed to a dozen well-regarded books on computer and
    Internet security.
    But some educators and security consultants aren't thrilled with
    Internet and Computer Ethics for Kids.
    Schwartau hangs around with hackers, and that troubles some people.
    Others fret over the fact that his book doesn't present all forms of
    hacking as illegal or unethical, or -- for that matter -- doesn't
    state that any particular activity is strictly right or wrong.
    Schwartau said he deliberately avoided sermonizing in his book,
    wanting instead to help kids create their own code of ethics.
    "Kids do not need or want to be preached to by me or by anyone,"
    Schwartau said. "They want to grow and think and make a few mistakes
    along the way. Didn't we?"
    He believes that presenting kids with the unadorned facts is far more
    effective than simply telling them what they ought and ought not to
    "Parents have to work with their kids as a team," Schwartau said. "It
    takes time, yes. It takes love, yes. And it takes flexible cooperation
    -- not absolutes. The Net is not static, ethics are bendable and
    parents must be bendable too."
    Some kids agree.
    "No one my age wants some adult to tell you that their way is the only
    way to do things," said Jason Mollin, 15, a student at New York's
    Brooklyn Technical High School.
    "It's like drug education -- teachers tell you not to do any drugs,
    but drinking is totally sanctioned by society. What's up with that?"
    Mollin continued. "When old people start preaching at you, you can
    almost always find some hypocrisies or bullshit in what they say, and
    that just makes you want to go right ahead and do whatever they told
    you not to do."
    But some adults feel that Schwartau should have defined and delineated
    cyberethics more clearly in his book.
    Schwartau's longtime friend Mitch Kabay, of security firm Atomic
    Tangerine and a contributor to the book, said that he doesn't like the
    book because it is too "ethically neutral."
    Others wonder whether Schwartau, who coordinates the raucous "Hacker
    Jeopardy" game at DefCon -- the world's largest hacker conference --
    is the right person to write a book about cyberethics.
    "Should someone who consorts with computer criminals be advising our
    kids about computer crime?" wondered psychologist Amy Lepen, a
    Manhattan psychologist who works with children who have been involved
    with the legal system.
    (Lepen has only read excerpts from Schwartau's book, which will be
    published in May.)
    Schwartau is no stranger to controversy.
    His first book, The Complete Internet Business Toolkit, written with
    Chris Goggans, the editor of hacker magazine Phrack, was banned from
    export out of the United States because of its frank discussion of
    Internet and Computer Ethics for Kids includes chapters on hacking,
    passwords, phreaking, privacy, viruses, spam, software piracy, online
    stalking, pornography, plagiarism and hacktivism.
    Schwartau provides a legal section for each chapter, intended to serve
    as a guideline to help adults and kids decide "what is black and white
    as far as the law is concerned," but confines his discussion of do's
    and don'ts to a discussion of the situations that a kid might find
    him- or herself in.
    Often the presented situations have no rigid right or wrong answer,
    but Schwartau still manages to make a strong case for being kind,
    respectful, and honorable, without ruling out the occasional
    exploration into the depths of a computer system.
    "Hacking and cyber-ethics need not be in conflict," said Jeff Moss,
    founder of DefCon and BlackHat, a computer security service.
    "You can be a hacker and be ethical at the same time."
    Schwartau said he first began thinking about writing a computer ethics
    book for kids in 1992 when he realized he had inadvertently taught his
    daughter how to hack passwords during their father-daughter trips to
    the local Office Depot store.
    "I guess I was at fault with my daughter.... We'd go play with
    computers at Office Depot or wherever, and I'd get frustrated because
    of the passwords the store used to keep people like me and my daughter
    from really using the machines. So, yeah, I guess, I hacked into
    them," he said.
    "However, I also told her 'don't ever hurt the computers, because
    that's not fair or right.'"
    But a few years later, when he discovered his youngest son was hacking
    into the neighbors' computers, Schwartau decided to put all of his
    current projects on hold to write the book.
    "My son somehow discovered that hacking is a people issue, and that is
    how he gathered up the neighbor's passwords, by 'shoulder surfing' -
    looking over their shoulders as they typed in their passwords, a
    classic social engineering trick," Schwartau said.
    Schwartau said that he pretended to call the FBI when he found out
    what his son was doing.
    "And my son was terrified. So I said 'Well, I guess I could help you
    fix it if you promise never to do this again.' I made him go to the
    neighbors, tell them what he had done and also what they needed to do
    to make themselves more secure," Schwartau said.
    "He got a lesson for life in cyberethics. And I realized that schools
    don't teach this. And 99.9 percent of parents can't teach this. So I
    wrote a book about it."
    ISN is hosted by SecurityFocus.com
    To unsubscribe email LISTSERVat_private with a message body of

    This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 02:45:26 PDT