Students chow down on cyber security weaknesses

A group of hackers gathering under one roof might not sound like such a good thing, but they’re far from what you would call cyber crooks.

They call themselves the Hungry Hungry Hackers, or H3, and they aren’t hungry for marbles or breaching others' personal information. They’re students hungry to learn to protect digital assets and information systems. They seek weak points in a network built for them on Georgia Tech's Atlanta campus, then try to strengthen them - it'  a safe, ethical space for students to test their skills in cyber-security.

CNN Geek Out spoke to Toni Walden and Joshua L. Davis from Hungry Hungry Hackers about hacking culture, H3 and their Hungry Hungry Hackers Campus Challenge, known as H3C2, which unfolded earlier this month. This is an edited transcript of the conversation.

CNN Geek Out: So what is Hungry Hungry Hackers all about and how did it start?

Walden: It seemed like students really wanted to learn more about information security. So a bunch of us together at (the Georgia Tech Research Institute), and with some help from (the Georgia Tech Information Security Center),  Georgia Tech Association for Computing Machinery and Georgia Tech Gray Hat, came together to create a series of different challenges for students to engage in. H3 is about creating a hacking platform where students can learn and grow their skill in a fun and safe way, and it’s about sharing that common interest we have when it comes to information security.

We think school provides a really good theoretical understanding of problems one might see in the field, but what lacks is a hands-on perspective. We just want to offer students with ethical and fun experiences.

CNN Geek Out: Is there a system you set up for students to get a better hands-on experience?

Walden: We essentially provide students a safe platform for them to hack. And they’re simply attacking a system that we personally have set up. It’s our network, it’s all our equipment, it’s our building, so we’re essentially saying to students that it’s OK for them to break into this network to figure out where vulnerabilities lie in order to make things more secure. It’s kind of funny because if you want to make something secure, you really have to understand how to break it before you can understand how to protect against potential breaks. So we try to set up things that can challenge everyone.

CNN Geek Out: So what exactly does it mean to be a “hacker?"

Davis: In the original term, it’s really seen in a more constructive context. It’s someone that’s kind of like a MacGyver. You hack stuff together to make it work. Now popular culture has kind of evolved it to the word “cracker," which is someone who is breaking into some system for the sake of gaining access to information or some resource.

Hungry Hungry Hackers hosted a competition this month.

CNN Geek Out: Would you say there’s a misconception of hackers?

Davis: Most assuredly. It’s a really complicated mix and sometimes it’s difficult to demystify those misconceptions associated to hackers because of popular culture and movies. People might have this perception that all hackers are just automatically bad, but when you look at good information security focused on education and learning how to actually secure an enterprise, it’s a great thing. Granted, to make things secure, hackers have to "think like the bad guy," but the ultimate outcome of that is that we are able to build stronger cyber defenses.

The communication that we have and the Internet were built on trust… and so we didn’t necessarily think about humans manipulating for self-gain. A lot of this infrastructure of communication has to be re-examined and the hacker community here does it’s best to ensure ethical practices. I mean, if you don’t have the authority to break into the system, it’s illegal. Hacking is not a malicious culture. It’s more of a curious one.

CNN Geek Out: How would you describe the culture and community of hacking?

Davis: When you watch a room of hackers hacking, it’s not very entertaining. Security research can appear quite boring or really sterile. But it can also be very counterculture. It’s fun, it’s funny, it’s geeky. Sometimes there can be techno music, of sorts, playing in the background, but that of course varies from groups to people. It’s a very diverse culture though. The security community is hardcore nerd. Don’t know if there’s an exact way to describe it, but in the hacker community, nothing is sacred and everything can be made fun of. What’s fascinating about security culture is it’s all about protecting value that’s digital.

CNN Geek Out: What is the motivation behind H3 and what is the Hungry Hungry Hacker Campus Challenge?

Walden and Davis: Part of the motivation was to create a fund and brand to engage the students more, just being more accessible on campus. Right now we’ve had three Hungry Hungry Hacker Campus Challenge events thus far and we call them hacking competitions. 2010 was the first one we had and had about 50 people participated. The following year, people were waiting out the door and it has expanded with the event we held this year on April 1.

So how the event is structured is that in the morning you have two hours of training, where we teach people how to hack and what it means. Then, from 10 a.m. to 10 p.m., we have the hacking competition, which is a competition where folks are sitting in a room trying to capture flags. So what that means is imagine there’s a website that has some security in front of it and there’s a flag hidden behind it. You have to find a way to penetrate the website and get access to information that you shouldn’t have access to.

One of our specific goals was that we wanted to make it so anyone could win. It’s opened to all college students and it’s designed so that if you were a management student or a biology student or a liberal arts student, you could successfully win the competition without having real in-depth knowledge of computers. Our winning team this year was TinFoilHats and they were probably the most diverse team. They had civil engineers, internationals affairs people and even someone looking into going to pharmacy school. So again, it’s very diverse. H3C2 in a nutshell is about having fun. As we would like to say… eat, hack and be merry! And maybe win a cash prize and a T-shirt to top it off.

CNN Geek Out: What’s the future for H3C2 and the information security field?

Walden and Davis: Right now H3C2 is really targeted toward college students, but we’re hoping to expand this and hopefully quite extensively. We want to be able to hit high schools - helping them become aware of what hacking is and removing away the ambiguity of what it means to be hacker. We’re trying to grow the brand, have more hacking, and we hope that we can do these types of event challenges more than once a year.

There’s a lot of bad players out there and the U.S. doesn’t have as many as security researchers as we probably need, so perhaps all this nerdiness can help feed the curiosity for people to explore cyber security. At the end of the day, security affects all of us and it’s really a matter of having a conversation and being aware of what information we’re sharing and why might be the associated risk. There are no doubts that the geeks are impacting society - the geeks or hacking culture is going to be valuable in the coming years to effectively articulate the concerns we should pay attention to as a society.