'Hacker Boot Camp' teaches security tactics

Miriam Hill
The Philadelphia Inquirer (MCT)
Instructor Steve Kalman teaches from an overhead projector as he leads a class in Certified Ethical Hacking at a training facility in Bushkills, Pennsylvania, March 5, 2007. (Laurence Kesterson/Philadelphia Inquirer/MCT)

PHILADELPHIA - Trevian Mathis taps his computer keyboard just a few times to hack into Juggy Bank's customer accounts. Within minutes, he has checking, savings and credit card numbers.

His maneuvers may look sneaky, but Mathis is on the side of justice.

He is learning to be an ethical hacker in a course offered by a Philadelphia company, Training Camp, which employs about 40 people and offers a variety of classes for computer professionals. Juggy Bank and its customers are fictional.

Training Camp calls its weeklong course "Hacker Boot Camp." Fueled by donuts, Oreos and fruit available in the break room, participants learn to protect their companies' computer systems.

They start by learning how to break into them.

"Want to create a fake record in a database? Want a $1 million account with your favorite bank? We can do that," instructor Steve Kalman said, urging Mathis and the six other students on to more phony crimes.

Most of the hacker deceptions taught in the five-day course at a Poconos resort are well known and easy to find on Web sites.

But the students, who work for corporate information-technology departments, say learning these tricks helps them understand how hackers think and what makes systems vulnerable. And even though participants sign a statement saying they won't use their newfound knowledge to flee to the dark side, Training Camp avoids spreading information that might help real hackers.

"What we teach in this course are a lot of techniques that have long been patched and fixed because we're not trying to create a new generation of hackers," Kalman said.

Michael Trpkosh, a senior software engineer for Verizon Communications Inc. in Dallas, said the course immersed him in a fascinating world.

"I have a real passion," he said. "Some people like studying World War II. I like studying this."

He also said he believes an ethical-hacker certificate could help his career.

If he passes the test at the end of the week, he can call himself a "Certified Ethical Hacker," an educational program overseen by the International Council of Electronic Commerce Consultants, a trade group. With incidents of stolen data regularly making headlines, the certification is in demand.

"It's pretty much a wide-open field out there," Trpkosh said. Besides, "you can only attack your kids' computer so many times before it gets old."

At boot camp, Trpkosh and other students get two computers each - a victim machine and an attack machine. From one, they attack the other.

Modern hackers want more than infamy. They want money.

Some hack into computer systems and hold data for ransom. They exploit new technologies to crack systems. The rise of the BlackBerry, for example, has led to "Blackjacking," or using hand-held devices to gain access to corporate or personal information.

Kalman, a bearded, bespectacled man, spends about half his time teaching. The other half of his life, as a consultant in "penetration testing and computerized forensics," keeps him up to speed in the classroom.

Penetration testing involves helping businesses identify vulnerabilities in their information-technology systems. Computerized forensics is a digital version of "CSI: Crime Scene Investigation. A recent case: Kalman helped determine that a will was probably fake because phrases in it closely resembled those often used by the document's biggest beneficiary and not by the deceased.

In the class, he covers a wide range of topics - from wireless hacking to evading honeypots (a decoy system set up to attract and catch hackers).

Boot campers don't wake up to morning runs or salute their instructors, but they do spend 12 to 14 hours a day in class. Kalman said he has occasionally arrived in the morning to find a student who has slept in the classroom building all night.

Kalman frequently throws out tips for breaking into systems. Writing in blue magic marker on a white board, he shows how putting a single quote mark in the password field on a log-in page can tell a hacker whether a site is vulnerable to a data-theft technique known as "SQL injection." SQL, often pronounced sequel, stands for "structured query language."

Kalman and his troops make hacking look easy. No one's financial information or trade secret seems safe.

But some companies guard this data better than others, Kalman said. He recently moved some money to the online bank ING because of what he considers its stellar security, which includes having users choose both an image and a phrase as passwords.

The course attracts people with a strong grasp of computer languages and techniques, but uneducated customers and employees often create the biggest risks.

"Users can be your worst enemy in a lot of cases," said Erich Melcher, a student who manages IT security for a large construction and engineering company.

People such as Melcher can patch vulnerabilities and keep an eye out for hackers, but an employee who simply tries to help by sharing a password can destroy all that.

So the ethical hackers soldier on, trying to educate those problems out of existence. As they work, phrases from the movie The Matrix, about a group of hackers trying to fight an evil cyber-intelligence, mysteriously appear on their computer screens.

"Wake up, ethical hacker," it reads. "The Matrix has you."





How the Template for Modern Combat Journalism Developed

The superbly researched Journalism and the Russo-Japanese War tells readers how Japan pioneered modern techniques of propaganda and censorship in the Russo-Japanese War.


From Horrifying Comedy to Darkly Funny Horror: Bob Clark Films

What if I told you that the director of one of the most heartwarming and beloved Christmas movies of all time is the same director as probably the most terrifying and disturbing yuletide horror films of all time?


The 50 Best Songs of 2007

Journey back 13 years to a stellar year for Rihanna, M.I.A., Arcade Fire, and Kanye West. From hip-hop to indie rock and everywhere in between, PopMatters picks the best 50 songs of 2007.


'Modern' Is the Pinnacle of Post-Comeback Buzzcocks' Records

Presented as part of the new Buzzcocks' box-set, Sell You Everything, Modern showed a band that wasn't interested in just repeating itself or playing to nostalgia.


​Nearly 50 and Nearly Unplugged: 'ChangesNowBowie' Is a Glimpse Into a Brilliant Mind

Nine tracks, recorded by the BBC in 1996 show David Bowie in a relaxed and playful mood. ChangesNowBowie is a glimpse into a brilliant mind.


Reaching for the Sky: An Interview with Singer-Songwriter Bruce Sudano

How did Bruce Sudano become a superhero? PopMatters has the answer as Sudano celebrates the release of Spirals and reflects on his career from Brooklyn Dreams to Broadway.


Inventions Conjure Mystery and Hope with the Intensely Creative 'Continuous Portrait'

Instrumental duo Matthew Robert Cooper (Eluvium) and Mark T. Smith (Explosions in the Sky) release their first album in five years as Inventions. Continuous Portrait is both sonically thrilling and oddly soothing.


Esperanza Spalding and Fred Hersch Are 'Live at the Village Vanguard' to Raise Money for Musicians

Esperanza Spalding and Fred Hersch release a live recording from a 2018 show to raise money for a good cause: other jazz musicians.


Lady Gaga's 'Chromatica' Hides Its True Intentions Behind Dancefloor Exuberance

Lady Gaga's Chromatica is the most lively and consistent record she's made since Born This Way, embracing everything great about her dance-pop early days and giving it a fresh twist.

Love in the Time of Coronavirus

Street Art As Sprayed Solidarity: Global Corona Graffiti

COVID-19-related street art functions as a vehicle for political critique and social engagement. It offers a form of global solidarity in a time of crisis.


Gretchen Peters Honors Mickey Newbury With "The Sailor" and New Album (premiere + interview)

Gretchen Peters' latest album, The Night You Wrote That Song: The Songs of Mickey Newbury, celebrates one of American songwriting's most underappreciated artists. Hear Peters' new single "The Sailor" as she talks about her latest project.


Okkyung Lee Goes From Classical to Noise on the Stellar 'Yeo-Neun'

Cellist Okkyung Lee walks a fine line between classical and noise on the splendid, minimalist excursion Yeo-Neun.

Collapse Expand Reviews

Collapse Expand Features
PM Picks
Collapse Expand Pm Picks

© 1999-2020 All rights reserved.
PopMatters is wholly independent, women-owned and operated.