Instructor teaches students how to code viruses
A California computer instructor is teaching students how to code and think like a hacker, much to the chagrin of computer anti-virus companies. He says he hopes to shake up the internet security sector by teaching people to build on the technological secrets of the McAfees and AVGs of the world.
He likens what he's doing to what happened decades ago with encryption technology, which used to be controlled in large part by the National Security Agency. Since those techniques were opened up to universities and companies, he argues, the technology has improved far more quickly than it would have if it had been kept secret.
Also, why be afraid of the viral truth? As my mom always says, dark secrets lose their power in the light of day.
In a windowless underground computer lab in California, young men are busy cooking up viruses, spam and other plagues of the computer age. Grant Joy runs a program that surreptitiously records every keystroke on his machine, including user names, passwords, and credit-card numbers. And Thomas Fynan floods a bulletin board with huge messages from fake users. Yet Joy and Fynan aren't hackers—they're students in a computer-security class at Sonoma State University. And their professor, George Ledin, has showed them how to penetrate even the best antivirus software.
The companies that make their living fighting viruses aren't happy about what's going on in Ledin's classroom. He has been likened to A.Q. Khan, the Pakistani scientist who sold nuclear technology to North Korea. Managers at some computer-security companies have even vowed not to hire Ledin's students. The computer establishment's scorn may be hyperbolic, but it's understandable. "Malware"—the all-purpose moniker for malicious computer code—is spreading at an exponential rate. A few years ago, security experts tracked about 5,000 new viruses every year. By the end of this year, they expect to see triple that number every week, with most designed for identity theft or spam, says George Kurtz, a senior vice president at antivirus software maker McAfee. "You've got a whole business model built up around malware," he says.
"Why should we shy away from learning something that is important to everyone?," Ledin asks. "Yes, you could inflict some damage on society, but you could inflict damage with chemistry and physics, too." He hopes one day to share antivirus techniques. But that would require infrastructure and financial support, which the federal government so far has declined to give. Until then, Ledin will have to live with his reputation as the guy who gave away the secrets to the Internet's bomb.