UC Students Learn Hacker Techniques and Earn a Certificate for It

“We’ve been hacked!” are some of the most feared words to be heard by many banks, corporations and government agencies in the 21st century. But at the University of Cincinnati, students are staying ahead of the game by learning the tools, skills and methodology that hackers use to achieve their aims.

A course called Cyberattack Red Team Collaborative is part of a multidisciplinary seminar with a holistic view of cyber security. It investigates not only the defensive measures of security, but also introduces the offensive posture –– the “active defense” necessary for national interests.

For the third year since spring semester 2013, UC students can participate in this state-of-the-art interdisciplinary

cybersecurity certificate program

as part of

UC Forward

, a holistic approach program developed in 2011 as a way to foster cross-college courses that unite faculty and students from different colleges with stakeholders outside the university –– all focused on developing new ways of answering very tricky problems.

Pioneered and co-taught by Mark Stockman, associate professor in information technology, and Richard Harknett, professor and department head of political science, the Cyberattack Red Team Collaborative course takes students through exercises that will teach them reconnaissance through public sources of information so they can think like a hacker to better protect their own and their company’s data.

“In our seminar we look at cybercrime from a multidisciplinary perspective,” says Stockman. “We start with a geopolitical approach and then we discuss the technologies used by both hackers and information security personnel.

“We pull students from all majors all around campus so we are not only interdisciplinary in our teaching, but also in our students who are in the class. The bottom line is that these students will be better armed for work in this field and will be wiser in their careers as a result of this kind of training.”

“The cyberattack course was a great way for me to really work with a group of students that I normally wouldn't get to work with,” says former student Farooq Alkhateeb, now a system administrator for IBM on the Watson Development Team. “Our group consisted of students with backgrounds in political science, criminal justice, information technology, and even several types of engineering. Together, we had to leverage each of our unique skill sets in order to accomplish a large semester-long project where we had to architect an entire cyberattack against a target of our choosing.

“That's what employers are looking for today, someone with real project experience. These types of classes that let you do these large projects are few and far between, but they are absolutely amazing at showcasing your ability as a student and a potential employee.”

Learning Imitates Life

While Internet access to mass information has been around for decades, the security to protect delicate data from intel-savvy infiltration is still in its infancy, which is why UC is at the helm of bringing its students up to speed on all the intricacies within cyber hacking and information protection.

Even with the recent media coverage surrounding the

Sony, Target, Anthem Insurance

and now the

international banks and ATMs

attacked by the "Carbanak Cybergang," Stockman explains that there are many more cyberattacks that are not widely publicized, likely because of embarrassment and the confusion that still exists around effective protection of corporate security.

He says the worth of learning skills for how to hack sensitive systems is invaluable in the corporate real world, so in his IT program, Stockman has a full course called penetration testing where students learn the technical aspects of hacking –– an actual job in many corporations. In fact, one of Stockman’s former students is now a full-time hacker and penetration tester. Financial companies hire his company to go in and hack their systems to report where their vulnerabilities lie.

Stockman illustrates how many of these hacks start not with a technical exploit, but by using social engineering, persuading someone within the organization to click onto a link in an email or website that infects their computer, which can be the start of an attack, much like how the"Carbanak Cybergang" attacks happened.

"I work with organizations around the world to understand how operations and technology can enhance their business performance," says former student Lane Hart, now a management consultant at IBM. "This course and its format are critical to anyone who's going into a role such as mine because it offers hands-on experience in consultative problem solving and helps develop presentation skills and agility.

"Working with C-suite executives, I see their increased focus on critical digital security, and having gained relevant strategic knowledge in the cyberattack course I have been able to participate in high level executive discussions as a second-year consultant."

“At IBM Watson, we are constantly faced with security challenges,” adds Alkhateeb. “After all, we don't want to be hacked and have our development code stolen. Therefore, it's extremely important for us to protect our systems through multiple layers of security and make it prohibitively difficult for would-be attackers to compromise our systems.

“Having knowledge of the various types of cyberattacks and ways to defend against them is absolutely essential in my job as a system administrator. And that's exactly the kind of knowledge that the Cyberattack course gave me.”

Exercises Build Cyberstrength

Stockman and Harknett begin the semester by engaging the students in fun, but vital exercises on interdisciplinary team-building. Early on they also receive valuable advice from experienced IT professionals who speak to them from corporate America, NSA and Homeland Security. The students then divide into red (attack) teams and blue (defending) teams and perform research on the organizations they are assigned –– all based on public information; who they do business with, technical IT operations data, etc.

While the cyberattack red teams attempt to hack into a company's information system, the blue teams are given virtual money to protect and defend their respective company's data. They then role play where they will put their financial efforts to thwart those attacks.

Although the students do not actually follow through with the hacking attempt,

they do present this information in a report and presentation to Stockman and Harknett. The professors then work on handicapping each step of their attack based on the amount of research they’ve done and the likelihood of that methodology actually working at each of those steps for the table top scenario.

“We have had a couple of teams go after changing their grades and courses, looking at information to figure out how to do that,” says Stockman. “We’ve also had teams go after corporate data to steal money.”

“A lot of the criminological literature talks about how you can map out a crime,” continues Stockman. “So by looking at all the steps that go into the crime you are better able to stop the crime at any of those points. We are giving these students the tools to know where these points are in a successful hack so they can go out and prevent or solve many of these things.”

“This course inspired a deeper passion to pursue my interest as a Cyber Security Professional,” says former student Christopher Carroll, now information security analyst for Vanguard Investments and a First Lieutenant in the Army National Guard in the Signal Corps. “I was offered positions in the government and private sector right after college; this course offered me a real experience that I was able to discuss while interviewing."

"I was required to stretch myself intellectually and this course motivated me to make a difference in the Cyber Security industry. It opened up my eyes to all of the possibilities that can unfold in a world that is always transitioning into a digital place."

“As our everyday lives continue to be invested in online spaces, there is a large knowledge base that I have learned and I can now make a difference in the lives of others. The Cyberattack course has influenced my career and I know this is only the beginning of a very exciting journey.”

Current Cybersecurity Careers

The job market for cybersecurity IT specialists include computer network analysts, penetration testers, digital forensics analysts and information security analysts (ISA). ISAs plan and carry out security measures to protect an organization's computer networks and systems and their responsibilities are continually expanding as the number of cyberattacks increase.

According to the U.S. Labor Department, in 2012 the average annual salary for information security analysts (ISA) was $86,170, and the number of jobs was around 75,100. The anticipated job growth for ISAs from 2012 to 2022 is 37 percent, which is much faster than the average.

"There are some things you can't learn from a book and cyberattack was an incredible way to get hands-on experience with cybersecurity issues," says Jake Wilson, political science doctoral candidate. "I have found that employers want to know what you have done and what experience you bring to the table. Cyberattack helps fill that void and gives me the ability to discuss cutting edge issues in cybersecurity." 

Funding for the initial offering of the Cyberattack course was secured through a UC Forward Initiative grant. Stockman is presently working with Joe Nedelec, professor of criminal justice to secure grant funding to study how applying criminological theory can help solve cybercrime.

The

Cybersecurity Certificate Program

is part of

UC Forward

, an initiative that strives to position the university as a leader in transforming 21st century education. UC Forward is directly aligned with the principles outlined in

UC's Third Century Initiative

emphasizing real-world problem-based learning, collaborative across disciplines and community engagement.

Helpful Hints To Protect Yourself From Cyberattacks:

• Never click on links in emails. If you do think the email is legitimate, go to the site and log on directly.
• Never open the attachments from a retailer or other company.
• Do not give out personal information over the phone or in an email unless completely sure. 
• Set secure passwords - avoid using common words, personal information and update regularly.
• Keep your operating system, browser, anti-virus and other critical software up to date. 
• Verify the authenticity of requests from companies or individuals by contacting them directly.
• Pay close attention to website URLs. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.
• For email, turn off the option to automatically download attachments.
• Be suspicious of unknown links or requests sent through email or text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be, as their accounts may have been hacked.

Source: U.S. Department of Homeland Security

Other media:

• UC Students Create Cyberattack Scenarios To Improve Cybersecurity
  
• Protecting Against Cyberattacks - WVXU
  
• Colleges expand programs as cybersecurity threats grow - USA Today 
• Bank Hackers Steal Millions via Malware - NY Times