They call it the Hackademy. The so-called hackers school, on a dead-end street in a residential Paris neighborhood, is run by wiz kids who crack computer security codes as a sort of cyber-sport. Now they're taking what they've learned to the computer illiterati -- regular people with a limited understanding of technology.
"We are trying to make the underground go overground," said a 23-year-old instructor who calls himself Fozzy, his English thick with French during a telephone interview. "Some hackers, not many, want to keep things (secret). Us, we don't want to do like this. We want to give everyone the real picture."
While the school is small and in only one city so far, the Hackademy sees itself on the forefront of a coming consumer market -- educating private individuals who want to defend their corner of cyberspace.
Hackademy courses are taught in French, but they will soon be offered in English, due to interest from British and American computer users. The school's teachers also are considering offering English-language classes online.
As opposed to "black hats" (or "crackers" who break systems with malicious intent) and "white hats" (who discover system vulnerabilities and alert owners to fix the problem), the Hackademy's teachers call themselves "gray hats" -- hackers who "do not do evil things" such as write viruses or steal credit card numbers, but who break into computer systems "for our own entertainment" and to educate, said Fozzy.
Like the handful of other people who work at the Hackademy, Fozzy uses a pseudonym to conceal his identity, not from government authorities (with whom they say they've had no problem) but from other hackers. Fearing they will be targeted by "black hats" if they use their real names, the school's instructors use character names they've adopted from video games, books and movies.
According to the school's manager, who goes by the name Billy Dub, more than 400 people have attended the Paris Hackademy since it opened last fall. The school has only one classroom and six computers, but a second room is under construction and classes will be offered year-round.
Most students are 25 to 35 years old, although they range from 15 to 76. They are mostly male, which prompted the school, upon opening, to offer free classes to the first 10 women who signed up. The regular class fee is $60 for nine hours of teaching by the hackers.
About 90 percent of the students are "newbies," taking a beginners' course in basic vocabulary, introductory hacking techniques and how to secure their Web sites and e-mail. Classes about network vulnerabilities, exploiting network protocols and intruding systems are available to more advanced students, as are methods of protection from such attacks.
"Everybody should know what are the real security problems that exist on the Internet and how to protect from (them). At this time, the (home computer) user really does not understand the problem," Fozzy said. "That is why we created the Hackademy."
What should they be worried about? Any number of things, Fozzy said, but most specifically the Web. As more and more services are performed online, and increasing amounts of highly sensitive personal data are shuttled through cyberspace, the Internet makes computers of all kinds more susceptible to attack.
The common misperceptions Fozzy hopes to correct: that antivirus software on its own prevents computers from acquiring bugs (it is useless unless security patches are applied) and that credit card information is safe if sent over a "secure server" (it is not the transfer of data but how it is stored by the company on the other end that is unsafe, he said).
(Begin optional trim)
There is no question computer security courses are imperative for large corporations. According to an annual security survey of Fortune 500 companies and large government agencies conducted by the Computer Security Institute in San Francisco, 91 percent of survey respondents in 2001 said they had suffered some kind of security breach.
To prevent computer break-ins, a number of U.S. companies offer systems security classes, companies such as Internet Security Systems in Atlanta and Foundstone in Irvine, Calif. Geared toward computer security professionals, their classes are usually taught by ex-military personnel and cost about $1,000 per student per day.
(End optional trim)
It is the teachers who make the Hackademy unique -- the collective of teen and twentysomething self-taught computer hobbyists who, in the spirit of populist security, have gathered together to pool their knowledge and send it out to the world. With the exceptions of Defcon (a yearly hacker convention in Las Vegas) and monthly meetings around the country held by a group called 2600, a formal group of hackers teaching hacking skills does not exist in the United States.
But it could, according to Mark Radcliffe, an Internet law attorney in Palo Alto, Calif. The issue, Radcliffe said, is what is permissible by U.S. law. The Digital Millennium Copyright Act, passed in 1998, makes it illegal to crack somebody's system without permission or to distribute the tools that would accomplish those ends. Whether it is legal for hackers to teach what they know is largely a matter of intent.
"If they're saying, 'I'm going to crack Bank of America's security system,' that's not permitted. If they say, 'You have a computer at home with a DSL line and I'm going to crack into it and show you how your security is no good, and I have your permission to do that,' that's OK," Radcliffe said.
Not known for their modesty, many hackers delight in letting their peers in on the security breaches they've happened upon, on Web sites such as Rootshell.com and Packetstorm.com and in zines such as 2600: The Hacker Quarterly.
Perhaps the best-known American hacker magazine, 2600 (named for the hertz frequency that allowed phone hackers, or "phreakers," to place calls for free) details hacker tactics and highlights issues of concern to the community in its print edition. It also holds meetings for hackers to meet and exchange information.
The Hackademy is based on a similar concept. An offshoot of Hackerz Voice, a French-language newspaper for hackers founded by Publisher Olivier Spinelli in 2000, the Hackademy was initially founded to bring together its readers.
Spinelli, who has described himself as "an idealist trying to provide a public service," claims to have 80,000 subscribers in a handful of French-speaking countries, including Belgium, Switzerland and Canada.
The school has been much more popular than its founders anticipated. There has been enough interest in Spain and Israel that Hackademies will soon be established in both countries, Dub said. There are no plans, however, to set up shop in the United States any time soon.
"It's a good cause, but I think in the United States it will not be possible because of the lack of freedom after the new antiterrorism law," Fozzy said.
The school hasn't experienced any legal problems in France, according to Dub. But Radcliffe said a law similar to the Digital Millennium Copyright Act -- the U.S. law designed to prevent copyright infringement in cyberspace -- may be adopted by the European Union in the next few years.
Whether the dissemination of this information will result in good or ill remains to be seen. Just because the instructors are interested in helping people protect themselves doesn't mean that students will use what they've learned for positive purposes. When you give someone the keys to a car, you can't control how they drive.
"I teach them ethical values," a teen-age instructor who goes by the name Clad Strife (a character from the "Final Fantasy" video game) told the BBC in December. "It's not my responsibility if they use my information to do something illegal at home."
Brainerd Dispatch ©2013. All Rights Reserved.