Eastern Washington University Teaches Students to Think Like Cyber Criminals

Sponsored Guest Article by Eastern Washington University

Here’s a grim fact: Computer security breaches have cost the nation more than $141 million in financial losses. Every time you turn around, news headlines are warning about another virus (10 to 15 new ones are detected every day) or wireless network being compromised. Education — getting smarter and faster than the bad guys — is the answer. Eastern Washington University is responding to this need by educating the smart cyber security experts of the future.

Eastern has successfully established a long-term program in advanced networking and cyber security within its Computer Science Department. The primary instructor for the sequence is Dr. John C. Shovic, a cyber security expert and an experienced entrepreneur well known for his innovative and somewhat off-the-wall style of teaching.

Take his “war drives,” for instance, when Shovic and his students take their laptops and go cruising in a target community (note: watch out for odd-looking antennae when they’re on the prowl). This past year, they found that 75 percent of wireless networks in the area they “cruised” were unprotected.

In his Advanced Network Programming course, Shovic has students build their own web servers and routers. Last quarter, he ran a contest between all the graduate students in which the student who built the fastest router (routers are what the Internet is built out of) could skip the final exam.

The students’ work was astonishing. There was more than a 100:1 difference between the slowest and the fastest router and the top two students were separated by less than 1 percent.

The Network Security course is all about computer security and vulnerabilities in operating systems and applications such as mail readers. Students actually write and test computer viruses that can take over an entire computer. The final project is an attempt to get Shovic to catch their virus by use of clever technical and social engineering techniques. Students who succeed get an automatic A in the class.

“Over three years, I have given out three As due to some very clever hacking on the students’ part,” Shovic said.

As the ultimate test of all they had learned in their computer and network security courses, the students in Shovic’s Information Warfare class at EWU divide into armies for a “Cyber War.” The idea is to defeat the other team by causing computer crashes, denial of service, getting through firewalls and stealing data, infecting with viruses — and all the other “dirty tricks” one might devise to defeat a cyber army.

“The First Annual EWU Red/Blue Team Hacking Contest was great,” said Shovic. “The highlight was when one combatant accidentally fired up his ‘airsnarf’ configuration (designed to emulate the Starbucks Wi-Fi login screen), which took over the web server providing the cyber war’s real time updates — and suddenly the projection screens were filled with the Starbucks website offering a Ray Charles album rather than the team scores and services.”

Shovic notes that students really do have to learn to do what the bad guys do, and learn how to do it better, in order to combat their tactics and make the cyber world safe. It may sound like a superheroes film scenario, but it truly is today’s real-world battlefield.

– end of post –

This entry was posted in EWU, Partner_News_and_More. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s