When Is Hacking Ethical?
Published November 16, 2022
Students sign up for a class with the reasonable expectation that they’ll learn skills they can later practice in their daily lives. In one popular course at the University of Maryland, however, they’re advised to leave some of those practices in the classroom.
The one-credit “Intro to Ethical Hacking” teaches undergraduates to break into websites as part of their exploration into the world of cybersecurity—not so they can be online villains, but so they can develop the knowledge needed to defend against malicious hackers.
Cybercrime is a severe real-world problem, with the FBI recently reporting an unprecedented rise in 2021. According to a Norton study from that year, more than half of all consumers have experienced a cybercrime–about a third of them in the previous year.
“The best way to be able to defend against malicious hackers is to be able to think like them,” said Dave Levin, an assistant professor of computer science who is faculty adviser for the class, a Student Initiated Course. “You’re going to be learning and launching attacks,” albeit in a safe and controlled environment instead of against real-world targets.
Thirty-six computer science students are enrolled this fall in the course, which has been co-taught by computer engineering major John “Vanya” Gorbachev ’23 and computer science major Alden Schmidt ’23 for five semesters.
“Knowing how hackers behave and break stuff makes you a much better defender,” Schmidt said. “You’re able to approach designing your software and systems in such a way that makes them more secure from the start, instead of trying to fix them after the fact.”
Schmidt got interested in the topic when he began to hack into video games to create cheats for Minecraft. Gorbachev said his interest in the topic stemmed from a mix of his curiosity, his sense of mischief and his interest in computers and electronics.
“Computer hacking was the perfect thing for me,” he said.
The goal of the course is to give students a taste of everything. Gorbachev and Schmidt approach the class with the mindset that students have never taken a security class before, so they teach basic principles of reverse engineering, in which the students break down code in order to understand how it works among other topics. They also want to spark curiosity in various topics because security is so broad.
“Each week we cover a different subset of security,” Schmidt said. “Then if you really like one specific subject area that we’ve talked about one week, you can … go take other classes on it.”
At the end of the course, the students will be able to encapsulate the motives of an attacker and understand their tendencies. Accomplishing this will give them an understanding of how easy it is to get hacked as well as how to identify and fix problems.
The skills they teach translate to real-world opportunities; Gorbachev and Schmidt both have jobs in the industry, at an internet security company and a large tech company, respectively.
Levin, who has an appointment in the University of Maryland Institute for Advanced Computer Studies and is a core faculty member in the Maryland Cybersecurity Center, has deep experience concentrated in network security, as well as research focused on evading web censorship from oppressive regimes such as Russia, Iran and others. He worked on a project called Geneva, an artificial intelligence system designed to promote freedom of information around the world.
“I’m really passionate about undergraduate research opportunities (and) trying to create more opportunities for students,” Levin said. “Try it out because you might love it.”
—Article republished from a story in Maryland Today