NEW YORK — Every week, a group of teenagers and 20-somethings dressed in hoodies gets together in a tiny room on a college campus and plug in their laptops. They turn up pulsing electronic funk music, order pizza and begin furiously hacking into computer networks.
But they’re not shadowy criminals: They’re students training to become “white-hat” hackers, experts to help business and government agencies protect their data from cyberattacks that have become an almost daily occurrence.
“It’s the new espionage. Spies operate from behind keyboards now,” says Evan Jensen, a senior at the Polytechnic Institute of New York University and one of the leaders of the Hack Night events where about two dozen students hone their hacking skills.
Since actual hacking is illegal, the students can’t just sneak into a webpage and poke around for learning’s sake. So industry experts, professors and the school’s very own “Hacker In Residence,” Dan Guido, collaborate to create exercises that expose the students to real-world hacking scenarios.
Guido, who runs his own cybersecurity firm, will walk students through one of the most common means hackers use to gain access to a computer network — attacks on the software of a browser like Internet Explorer. In June 2011, Google said it had traced to China a cyberattack that attempted to access hundreds of Google email accounts.
Guido uses the case, much of which has been made public, to recreate the exploit, having students map out step by step how the hacker was able to access a desktop computer and infiltrate the company’s network.
While bigger schools such as Georgia Tech, Purdue and Carnegie Mellon are known for their cybersecurity programs, experts say Brooklyn-based NYU-Poly is now considered among the best schools for training students with hands on, mission-critical cybersecurity skills.
That’s due in part to Hack Night, an active cybersecurity club and an annual hacking competition each fall that the school bills as the largest in the country.
“Every one of the faculty, every one of the undergraduates and every one of the graduate students is engaged in real-world exercises,” says Alan Paller, director of the SANS Institute, a cybersecurity training organization. “They come out having actually developed and tested their skills.”
Paller says the need for cybersecurity experts with real world training is severe — a 2012 report he co-authored found that the Department of Homeland Security alone needs 600 such experts.