By Staff Report Friday, May 2nd, 2014

Stephen Nellis

Oasis Technology of Camarillo is sponsoring a contest with three Ventura County high schools to get students interested in becoming the good guys in the world of cybersecurity.

The company, which has been around since 1979 and provides data protection for big clients such as Amgen, is putting on a high-tech game of capture the flag. A text file is sitting on one of its servers, and the first school to break in and copy the contents of the file wins a 64GB iPad Air.

The goal is to change the way the students think about hacking and about potential careers in computer science. In Silicon Valley, the app builders are the barons who amass riches and the hackers are the heroes who amass adulation. Cybersecurity, by comparison, is a snooze.

“They all want to be working for Google or Facebook or the real sexy things,” said Debbie Johnson, chief financial officer at Oasis. “They don’t think about the fact that behind the scenes there are a lot of opportunities and a lot of job openings.”

In fact, the world desperately needs hackers. Most are so-called white-hat hackers, who enjoy the intellectual challenge of breaking into things for fun. They then notify the system builders of security flaws. And we need them to be better than the black-hat hackers, the ones who are out to steal and cause mayhem. “High school kids are notoriously brilliant, so we thought we would start with them,” Johnson said.

Of course, “hacking” is still often illegal by the letter of the law, so with a wink and a nod the Oasis challenge is being called a cybersecurity contest. Just don’t tell the students that.
“Students love anything that has hacking attached to it. It stimulates their interest,” said George Seidel, an educator at Rio Mesa High School in Oxnard. “If you say ‘cybersecurity,’ they won’t know what you’re talking about. If you say ‘hacking,’ they do.”

After a long approval process, Seidel is starting what he calls a “mini academy” of computer science classes at Rio Mesa, which will be the only classes of their kind in Oxnard’s schools. He’s hoping to channel the students’ natural interest in hacking as a gateway to more in depth lessons about computer science.

“The school district has these filters where the students can’t get to Facebook or Youtube, and the students love to hack around that,” Seidel said.

The mini academy is kicking off with classes in the C++ programming language, a foundational language that’s still used quite a bit in the real world. Future classes could include Java and game writing, Seidel said.

Seidel said students often think there’s a magic trick to computer programming, when in reality it’s a lot of hard work. But hacking has a cool factor that can help keep kids interested.

“If I were to give a kid a computer and say ‘Can you test this and make sure it’s safe?’ they’d be bored. If I told them there’s a computer over in Camarillo and ‘Can you try to break in?’ that appeals to them,” Seidel said. “That doesn’t mean they want to do anything bad. And the kids that can break in, the other kids look up to them.”

The Oasis challenge started on April 28, and students were already taking creative approaches. Oasis CEO George Baldonado said he’s been impressed with the array of attacks so far: SNMP attacks, DDOS and DOS attacks, spoofing attacks, PING/ICMP attacks and malformed packets, among others. “Pretty smart!” Baldonado said.

Rio Mesa student Aldo Guzman had set up a server with some software to automatically scan every single opening on the Oasis machine. It’s a strategy called ports scanning.

“I think there are around 10,000 ports your router can support. Hopefully I can scan that many overnight. After I figure which ports are open, the first thing I’ll look for are what are the ports used for? Is it a Web server? An FTP server? Is it Telnet?” Guzman said. “If it requires a login form, for example SSH, probably what I’d end up doing first is a dictionary attack.”

Guzman is 16 years old and has been hacking half his life, since he was 8 years old. “The first thing I remember hacking was a website that provided phone ring tones. They provided a sample,” Guzman said. “I looked through the HTML code, and I figured out the location of the file and downloaded it.”

And like most hackers, Guzman has no ill-intent when breaking into things. He just wants to see if he can do it, and that’s what prompted him to take on the Oasis challenge.

“I wanted to expand my knowledge. Even if I couldn’t do it, it’d still be pretty interesting to figure out my limits and see how far I could go,” Guzman said.

Guzman said he might even be interested in a cybersecurity career one day. “I’ve wanted to work in a data center and work around servers. I really like how they work. Networking and data security, I like that stuff,” he said.