How to teach hacking in school and open up education

No readers like this yet.
Open Education

Opensource.com

Whatever you may have heard about hackers, the truth is they do something really, really well: discover. Hackers are motivated, resourceful, and creative. They get deeply into how things work, to the point that they know how to take control of them and change them into something else. This lets them re-think even big ideas because they can really dig to the bottom of how things function.

Furthermore, they aren't afraid to make the same mistake twice just out of a kind of scientific curiosity, to see if that mistake always has the same results. That's why hackers don't see failure as a mistake or a waste of time because every failure means something and something new to be learned. And these are all traits any society needs in order to make progress. Which is why we need to get it into schools.

Beginners in Open Source week

View the complete collection of Beginners in Open Source articles

Now, there is the expected resistance from school administrations and parents. Mostly because people don't know what hacking really is. Many people who have been called hackers, especially by the media, or who have gotten in trouble for "hacking" were not, in fact, hackers. Most all of them were just thieves and fraudsters. When you read in the news, Teen girl hacks Facebook to harass a classmate, what you're seeing is a sensationalized headline. What a hacker reads in that headline is: Mean girl watched classmate type in her Facebook password and then logged in as her. That mean people and criminals do bad things with communications medium is not a reason to fear the medium. Schools are there to educate and can embrace this distinction for real change. 

Hacking is a type of methodology. It's a way to do research. Have you ever tried something again and again in different ways to get it to do what you wanted? Have you ever opened up a machine or a device to see how it works, read up on what the components are, and then make adjustments to see what now worked differently? That's hacking. You are hacking whenever you deeply examine how something really works in order to manipulate it, often creatively, into doing what you want.

A hacker is a type of hands-on, experimenting scientist, although perhaps sometimes the term "mad scientist" fits better, because unlike professional scientists they dive right in, following a feeling rather than a formal hypothesis. That's not necessarily a bad thing. Many interesting things have been designed or invented by people who didn't follow standard conventions of what was known or believed to be true at the time.

For example...

  • The mathematician, Georg Cantor, proposed new ideas about infinity and set theory that caused outrage amongst many fellow mathematicians to the point that one called his ideas a "grave disease" infecting mathematics.

  • Nikola Tesla is another person considered a "mad scientist" in his day, but he knew more about how electricity behaved than anyone else. He designed possibly the first brushless motor that ran on AC electricity but is mostly known for the Tesla effect and the Tesla coil.

  • Then there was Ignaz Philipp Semmelweis who figured out that doctors need to wash their hands between treating patients to keep diseases from spreading. He wondered if the diseases following him around between patients were his fault, so he decided to try washing hands between his patient visits and sure enough the transmissions disappeared. His ideas went against both the scientific conventions of what was known at the time about germs (nothing) as well as the convenience of the doctors who felt it was too much hassle to keep washing their hands.

It just so happens that the way the Internet is designed and the huge number of different applications, systems, devices, and processes it has makes it the most common place to find hackers. You could say it's a place where information can run free because it was built open and free by hackers so it's the best playground for hackers. But it's not the only place. You can find great hackers in almost every field and industry and they all have one thing in common: they spend time learning how things work so they can make them work in a new way. These hackers didn't look at something as the original designers did, but instead saw bigger or better potential for it and hacked it to be something new.

What you may think you know about hackers is that they can break into other computers and take over other people's accounts. They can read your email without you knowing. They can look through your web cam without your permission and can see you and hear you in the supposed privacy of your own home. That's not untrue.

Some hackers see network security as just another challenge, so they tinker with ways to trick or fool the system, but really what they're trying to do is out-think the network installers or designers. They discover as much about the network as they can, where it gets its instructions, the rules it uses, and how it interacts with operating systems, the other systems around it, the users who have access to it and the administrators who manage it. Then they use that to try different ways of getting what they want. This kind of hacking can be greatly beneficial to the world for understanding how to be safer and for building even better technology.

Unfortunately though, sometimes the hacking is done by criminals and what they want is illegal, invasive, and destructive. And those are usually the only hackers you read about in the news. A hacker is not someone who posts to someone's account when they leave a social media page open or shoulder-surfs passwords and then logs into their account later. That's not hacking. A hacker also is not someone who downloads a script kiddie tool to break into someone’s email. Those aren't hackers; those are just thieves and vandals.

Hacking itself is not illegal. At least not any more than throwing a rock is illegal. It all comes down to intent. If you throw a rock and your intent is to injure someone, that's a crime. If your intent is not to hurt someone, but someone does get hurt, that may not be a crime, but you are responsible for your actions and will have to pay restitution. An Institute for Security and Open Methodologies (ISECOM) project called the Hacker Profiling Project found that the most damage from hacking comes from young, inexperienced hackers damaging other people's property by accident. Which is something parents and teachers already teach kids when it comes to rock-throwing, but it doesn't translate well when it comes to how to behave in cyberspace. If we are teaching hacking, then we can also teach responsibility, accountability, and make it clear how to behave when hacking around other people's property. This will encourage students to stick to hacking the things they bought and own.

The caveat to that is that there are cases where it may be illegal to hack something you bought and own. There are hackers who have been punished for hacking their own devices and computers. These things were closed to prevent them from being copied or changed despite that they paid for it and own it. These are hackers who hacked programs, music, and movies they bought so it looked, behaved, and sounded the way they wanted to or played on other devices they bought and owned and were prosecuted for it. Especially when they openly shared their ideas with others. Hackers will find that any closed source software they buy may be illegal to hack, even if it's just to check for themselves that it's secure enough to run on their own computer. This is because many of the things that you purchase may come with Copyright and a contract as an End User License Agreement (EULA) that says you can't. And you agree to it when you open or install the product, even if you can't read it or find out about it after you've opened or installed the product. Yes, that's sneaky and unfair.

But that's all the more reason to teach young people to hack. You see, education is open. It can be legally hacked to teach kids to think openly, be inspired, be curious, and thus, to be a hacker. What hacking is really about is taking control of something if you don't like how it works. Why would you do this? To have the freedom to make something you own do what you want. And to keep others from changing something you own back to the original form or copying all your ideas, drawings, writings, and pictures to a cloud somewhere to be controlled by someone else who claims it's for your "best interest."

As a hacker, you know what your own best interest is. Sometimes you buy something and the company you bought it from will attempt to forcefully or slyly make sure you can't customize it or change it beyond their rules. You can't play it somewhere else or use it any other way than as intended, supposedly to protect you. And that might be okay to agree to as long as you accept the fact that if you break it then you can't expect them to fix it or replace it. That would mean that hacking something you own does more than make it yours, it makes it irrevocably and undeniably yours. As scary as that may sound to some, it certainly has its advantages. Especially if you want to keep others, like the company that made it and the marketing company they're re-selling your information and habits to, out of your stuff.

And finally, of course knowing how to hack makes you more secure. For many, many people, security is about putting a product in place, whether that's a lock or an alarm or a firewall or anything that theoretically keeps them secure. But sometimes those products don't work as well they should, or they come with their own problems that just increase your "Attack Surface," when a security product should be shrinking it. (The Attack Surface is all the ways, all the interactions, that allow for something or someone to be attacked.)

And yeah, good luck getting that product improved in a mass-marketing, pay-as-you-go, copyrighted, closed-source, "you bought it as-is and that's what you have to live with" kind of world. That's why it's so important to know how to hack your security. A hacker wouldn't buy the same padlock you would because a hacker sees locks in terms of how many seconds they would need to open it. Hackers learn to analyze a product and figure out where it fails and how to change it so it works better. Then they might have to hack it some more to keep that company they bought it from, from changing it back to the default!

So hacking in terms of breaking security is just one area that hacking is useful, because without being able to do that, you may have to give up some freedom or some privacy that you don't want to give up. (And some of you may not care right now about certain things you do or say or post, but the Internet has a long memory and it's getting better and better at helping others recall those memories of you. What goes on the net stays on the net. And kids today are pretty much born on the net.) Not to mention technology is getting more and more out of our ability to control it. That mobile phone of yours or that new flatscreen with built-in camera for Skype are likely doing things that you don't know and don't control with what they see and hear. It takes some hacking to wrestle that control back.

Schools and educators who read this and want to teach their students to hack, and what hacking can be, need to be aware upfront that it won't be easy. There will be resistance from closed minds. School administrations may also need to contend with the fact that hacking some things may be illegal in their state, and they will need to get open source hardware and software to try to stay on the legal side of things. When teaching students how to hack and what hacking is, it can be hard to do with words. Try experiences and putting it into practice to really get your point across.

Free, open projects like Hacker Highschool can help kids develop the skills, feeling, and intuition through practice with support so they don't break the wrong things. The possibility of breaking something is simply part of the process, and should not be a factor keeping teachers and schools from teaching hacking. They should provide that support with an open source and open minded effort.

 


 

View the complete collection of Beginners in Open Source Week articles.


Tags
User profile image.
I am an avid Maker, Hacker, and Researcher. I teach my kids to hack, pick locks, look things up, and question authority. I'm also the co-founder of ISECOM (www.isecom.org) and as Managing Director am directly involved in all ISECOM projects.

27 Comments

Just some extra notes here. If you're interested in help getting Hacker Highschool launched or even just a short workshop/seminar for the students grab this:

http://www.isecom.org/ISECOM_Seminars_and_Workshops.pdf

I will be in Virginia (and surrounding area) at the end of May for RVAsec (http://rvasec.com/osstmm/) and in Heidelberg, Germany at the end of March for Troopers (https://www.troopers.de/troopers14/troopers14-1-day-workshop-creating-security-awareness-that-works/index.html) so I can personally work with you on this. If you are in New Mexico or Hawaii, we also have team members living there who can help you set up Hacker Highschool as well.

Thanks all of you who are supporting open education and Hacker Highschool! We need to change the huge unbalance in money allocation at schools by making clear the future of these kids, and us, resides in them learning resourcefulness and independent, critical thinking. Sports is important but while maybe 1 in a 100,000 kids will have a future career in sports, all kids who learn early the traits of hackers will know if they can't find work they'll make work. We need more resources and efforts put into hacker type learning at school.

Remember, your support helps keep these programs running and available. For impartial advisement on security, hacking, and open education, you can also reach me directly through here:

http://clarity.fm/peteherzog

Sports is important but while maybe 1 in a 100,000 kids will have a future career in sports, all kids who learn early the traits of hackers will know if they can't find work they'll make work.
---------------------
This is idiotic.
Physical education in this country is horrible which is why a third of our kids are fat little butterballs. We have to make sure we increase their participation in sports (not just competitive but recreational for kids who arent in shape or talented but want to have fun). To equate high school sports and physical activities with professionalism is misleading. Just because you dont plan to be a pro doesnt mean you shouldnt do sports.

What we do have to do is allocate our fund for technology better.
ive seen over the decades how schools waste money unconscionably to have the latest and greatest which is why you see so many schools buying Macs (Hey, they are cool and they are magical so just havng them will make you smarter) or my favorite computer labs where 28 kids sit in a room with 28 towers heating up the room.
A company my cousin works for specializes in thin clients for schools and the costs of running a Linux server for 7 users is cheap and easy to do. But thats not cool and IT dept nerds love to buy new stuff so we could deploy more for less but we dont. The reasons for that are many.

My cousin was in Brazil for their big Linux thin client deployment project where they are building 30,000 (i could be off by a few thousands) computer labs to serve the 50 million students in Brazil (grade school to university) and the costs are waaaaaaay lower than what you see in your average school board.
Cutting the basketball or soccer teams are NOT the answer simply because its a false premise.

As for the article, the only thing that annoys me more than the bastardization of open source used in a million different ways (basically this whole site) is doing the same to hacking.
Buzzword 101, I know, Ive worked in marketing.
I know why its done but its still annoying.

I checked the site and its 150$ a year license that you need to access the cloud-based test network and while I think it tackles interesting things, it is also very dry and well,... boring for teens.
Will you have the young geeks who are already doing some stuff on their own interested? Probably but you are NOT getting anyone outside that small segment to join. Its like preaching to the converted.
I know all the stuff that was in there and got bored reading through.

Eben Upton talks about the goal of the Pi being getting kids interested in coding and reaching beyond those 'nerds' that would be interested in it with or without the Pi.

He also admits that the biggest challenge is how to reach children and not to make it too academic but rather fun, interesting and stimulating. Just because you think something is cool and fun, doenst mean the kid with the tablet and PS3 and internet and cable thinks it is too. kids already have tons of homework in high school, the last thing you want to do it is make it seem like there is more homework.
My neighbour teaches in high school and runs the robotics after lunch-school program where I help out when i can but it is much more than just building robots, its about doing all the things you talked about. Its about peer to peer learning where the youngest work with teh older kids, its about experimenting and trying new things and having someone who might know more than you and willing to show you. Actually, its no different than what your program is. BUT you have to make it fun.
The first challenge is to get kids in the door. THAT is very, very hard to do.
The A students and the geeks who like to do techie stuff (whether its editing videos or building web pages) is a small %. The 2nd challenge is for the kids that come in to see what its about. You have to get them hooked and interested enough for them to want to come back. Yes, fun is a BIG part of this. Especially when there are so many other things to do.
ive talked to numerous science teachers who run science or robotics club and retention of those who come in to 'check it out' is a big problem. Dont stimulate them enough and they get bored, give them too much work thats above them and you lose them too.
The technical aspect while important comes behind the educational and social aspects of learning.
Saying, "Here, read these 30-40 pages" is not the way to do it.

Lady Adafruit has a few lessons for the Pi that my friend has used and the Kano.me project plans to take the Pi and push the lesson plans aspect for kids.

I think another way of getting kids interested in what science clubs and robotic clubs have been doing is a good thing but its all about presentation and keeping interest which is where my problem lies with the program.
I do plan to show it to my teacher friends and even bring it to the attention of the high school seniors to see what they think of it since so much of the learning comes from peer to peer interaction (which I think is of much greater value that doing it on your own) and who better than students to tell you whether something will fly or not.
The Khan academy's interactive approach (i know, theyve got Gates and Slim money so its unfair to compare) seems to be close to it.

And while I know what a hacker is, I do think that the stigma of the word is going to be a bigger blocking point that you might think. The Hollywood machine is pretty big and the word hacker has a negative connotation. Got knows people tried it with hackers/crackers and that failed.

A for the idea.
B- for the implementation.

Good luck.

Thank you for taking the time to write back to the article. It's clear that this is a passionate topic for you and while we seem to disagree on some points, over all the intentions are mutual- to help young people learn better skills for tomorrow while teaching them to learn better. Do know I'm not trying to change anyone's connotation of hacker- instead we are using it in our advantage- at that age, neurology shows us young adults will associate the danger of doing something with the reward. By calling it Hacker Highschool instead of "Internet Security" we have a greater likelihood of grabbing a teen's interest and attention in seeking reward. But we also make clear, in different words, that hacker is to cybercrimes what sex is to sex crimes.

<strong>EXCELLENT</strong> article that goes well beyond anything else I read about what hacking is. I wish those values would be part of the base curriculum of any high school. I certainly want to teach this to my son, so he does not base his judgement only on what the medias are saying. I have been hacking on my own devices for years now, understand the risks of doing so, mainly voiding warranties. But I have more freedom than those who stay with close systems and depend on what some people in a glass tower decide they can do or not do with their device. I sometime compare cars to computers. How would you react if your car was locked, and you could not change your tire, or needed to go to a specific dealer to repair your car, instead of the local repair shop ? Would you accept this ?

<strong>Thanks for this great article !!</strong>

Thanks so much for your positive feedback! We have a world of young people growing to take our spots in running this world some day and I want them all to be able to think for themselves and vote, and work, and be without artificial influence. And your car analogy is one we work with- that back in the 40s and 50s, some of the greatest hackers were car enthusiasts looking to make more out of their cars. Young people who hacked at the stock engine, body, suspension, and tires to make something faster, stronger, or quicker. Most of the changes to the cars in stock car racing started off as hacks. Thanks again! See you in the warranty-voided line! :)

A great article, thanks Pete! I work for a major University in Brisbane, Australia, and have forwarded this article onto our ICT School.

Thanks! Please do pass the word on to as many high schools as possible!

Great article Sir Pete, you explain very well what hackers really mean. Media today define hackers as thieves and malicious people but technically speaking hackers are just curious people. They just want to explore and experiment things for the sake of learning and challenges. I always teach kids about ethical hacking and how to use the what they learn to do things right. Not the other way around.

Long live Kali Linux =)

Thank you.

A hacker walks into a bar. Bartender say "We don't serve hackers here." Hacker goes back outside, buys a a commercial scanning tool and makes some business cards. He goes back inside and the Bartender says, "Hey, aren't you that hacker?" Hacker says, "No, I'm a security professional."

:)

Keep the dream alive!

I suspect if we used the term "tinkering" instead of "hacking" we might have more success in getting your agenda moved forward.
"Hacker" has become too deeply associated with crime in the popular press to ever regain it's original association, so let's abandon it.

The main reason we go with hacker is because it's internationally recognized and clear even if some people find it suspect. We find most people are confused about the word and not negative towards it. So we need to go with a word that is well understood outside the English-speakers, which is actually a small fraction of our users.

So we can't change the connotation of the word "hacker" for the masses but we can harness it. We use it not in complaint or defiance but because if want teens to be interested in something then we need to give it an interesting name and follow it up with language that's snarky and appealing to them.

Thanks for taking the time to respond!

http://mackenty.org/index.php/dev/comments/hacking_in_high_school_yes_but

I think we need to invite this kind learning. To bad our first introduction to a hacker is usually when they break in to something, break something, or step over a line...

Thanks Bill! I followed up as a comment to your blog post: http://mackenty.org/index.php/dev/comments/hacking_in_high_school_yes_but

Here's some tips from <a href="http://www.certified-ethical-hacker.co.uk/">ethical hacker training</a> where you can find interesting cyber security facts and informations.

Back in my student days, MIT's IT dept. (money, grades, and such) kept their mainframes locked far away from any connectivity with the outside world. Meanwhile, in an introductory course - programming in Fortran, on punchcards no less - John Donovan gave the instructions: "you can try to hack the grading program - if you succeed, you get whatever grade you give yourself - if we catch you, you get an F." (Same class where a classmate got an A for answering "what happens when the bit bucket overflows" with "the bits spill out on the floor.") Funny what sticks with you.

Thanks Miles! I'm an avid follower of MIT "old days" stories and have read many. I wish I could have been there! I barely got into college as it was so I'm lucky I was encouraged by my parents and friends to pursue it. So there was no way I was getting into MIT! Maybe that's why I like hearing about it so much. I did get to work in the early, mainframe computer lab on campus as a "monitor" to fetch print-outs for the compsci students which gave me time on those "expensive" computers to program and explore. Any way, thanks for sharing!

Not sure I believe "I barely got into college as it was" - and, hey, look at you now. :-)

MIT was (is?) a fun place - but in the "old days" the entire computer field was tiny, spread all over the place, and we were all hackers. Today, it seems like every school in the world is graduating "computer scientists" who's basic claim to competence is the ability to write a little java. Sigh....

I am a professor in a digital arts and engineering college in Silicon Valley and I recognize some of my own methods and teaching strategies in this article. This is very helpful to me, for it gives me a recognizable framework for promoting the same kind of analysis/resynthesis strategies that are at the core of subjects that I teach. I find that students are far more resistant to this method than are other professors or administration and I suspect that that is so because this approach diverges so widely from the packaged, right/wrong answer approach to learning that was their K-12 experience. I find that students oftentimes will not try hard enough to reap any rewards from this type of discovery. I intend to use your article as a kind of manifesto with the hope that it will contextualize the practice of open discovery for my students and encourage them to keep going when the initial rewards appear meager. Thanks for a helpful contribution to the practice of formalized teaching/learning.

Thanks Timothy! I'm always happy to meet other teachers interested in making hackers. As I see it, in a few years their vote will count the same as mine and I'd rather they have their own, educated, non-media-influenced, opinion :) I never intended to write any kind of manifesto, but thanks and I hope it inspires many people to help young people grow!

Really enjoyed this article and your outlook on what a hacker is! First step towards a new view!

But I was wondering, from what you define to be a hacker, what is the difference between a hacker and an innovator?

Thanks for the kind feedback! I would say an innovator is a hacker when a hacker successfully innovates :) Hacking is learning and sometimes no innovation comes of it. Sometimes it's just change or taking ownership.

Came across an interesting story in CACM:
http://cacm.acm.org/magazines/2014/2/171682-establishing-a-nationwide-cs-curriculum-in-new-zealand-high-schools/abstract (may require login to read full article).

In particular, there's a pointer to http://www.cosc.canterbury.ac.nz/csfieldguide/
"an online interactive resource for high school students learning about computer science." Still a bit sketchy in places - but includes things like algorithms, complexity, formal languages ... - not just your introductory java coding course, as is common in the US.

Looks like, at least in NZ, the folks focusing on high school computer science understand the breadth of the concepts involved.

I think that's great to recognize how comprehensive comp sci needs to be today. But I think hacking is something independent of programming and technology and can apply to so many more fields. Schools adopt all forms of pseudo-science for "improving" (shortcuts to) student learning/behavior/cognition. Hacking is a clear one with clear results. Since no one trick will apply to all students, teachers need a bag of tricks to reach as many students as possible. Hacking can be there.

Very interesting article. Now I understand better what a hacker really is. I really think this should be teached in schools, but carefully as you said.

Oh, and I was wondering one thing. From your point of view, what's the difference between a hacker and a engineer?

Thank you for the interesting article!

I want to share with you my own view & research on hackers's ethics:
https://wiki.techinc.nl/index.php/Hackers_tribes#On_Ethics

Please join our mailing list!

Also, in Amsterdam Hackerspace Technologia Incognita we teach young children to hack: https://wiki.techinc.nl/index.php/SubGroups/Young_Hackspace

Everyone is welcome - to join, to copy, to re-do...

nice ethicle hacking on through off goal....

Require services of a certified and experienced ethical hacker for your general ethical and specialized Hacks?

- Personal Computer Takeover
- Background Checks
- Hack into various social networks,recover lost password
(facebook, twitter,Instagram, Google+,whatsapp etc)
- Specialized and experienced hacking into Educational
Institutions, Change of Grades, Clearing of Criminal Records,DMV records,Blog Hack, Clear Credit Card Debts, Drop Money Into Credit
Cards, Smartphone Hacks, Bank Account Hacks in various parts
of the world etc,
- Hack into email accounts (gmail, yahoo, aol, etc)
- Server Hack (Database Copy/Deletion, Changing Data)
- iOS/Android/BlackberryOS Phone Hack (Stealing Pictures/Contacts)
- MMORPG Hack (Change Character Stats/Gold By Hacking Server Of Any MMORPG Game)

+ Contact us at wehack1805@gmail.com.serious enquiries only!

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.