Where's McGruff the Crime Dog when we need him? While the overcoat-clad canine is warning of the threat of strangers and the dangers of drugs, he's virtually ignoring the plague of youth hacking.
OK, McGruff and his friends at National Crime Prevention Council do provide valuable information to parents on the Internet threats to their children's safety. It's common sense to keep an eye on children's Internet habits to make sure they're not surfing for porn, chatting with pedophiles and swapping copyrighted material. But there are hardly any tips on the warning signs that your children are hacking.
Nary a day goes by without a teenage script-kiddie or college computer science student getting into hot water because of their hacking or experimentation with hacking tools. The degree of hacking sophistication varies wildly, but the pervasiveness of the problem is increasing exponentially.
Take the case of Clint W. Triou, a 17-year-old junior at Marion High School in a school district near Rochester, N.Y. Though quiet, he is described as a technically talented student who worked closely with teachers building Web pages for classes and the school.
But Triou must have gotten bored in his networking class. Authorities say he used a keystroke logger to capture his fellow students' passwords. With unfettered network access, he allegedly deleted scores of student project folders. When investigators examined his workstation, they found a cache of hacker tools.
Academic institutions on all levels have some of the least secure systems on the planet, but does that absolve students like Triou from knowing right from wrong? Did the teachers provide any guidance in their networking classes on acceptable network behavior? If they did, it apparently didn't sink in.
But the problem extends beyond the schoolyard, as parents in Burbank, Calif., recently discovered. A quartet of students used their collective know-how with their home PCs to crack the database of Providence High School, changing their grades and the grades of their friends.
The foursome's ambitions were simple: They wanted to get into good colleges and avoid summer school. One student changed his grade point average from a middling 2.5 to above a 4.0 (many California school districts grade on a five-point scale).
The scheme didn't unravel until a teacher noticed one of her student's grades had changed, which got him out of summer school.
Where were the kids' parents through all this? Yes, everyone thinks their little darlings will grow up to be president and rocket scientists, but no one's grades go from a C- to an A overnight.
While their parents may have peered over their kids shoulders to make sure they weren't downloading an AVI of an old Marilyn Chambers movie, they were completely oblivious to what l0phtcrack and Nmap are. They were probably elated that little Johnny was playing with some sophisticated-looking program, rather than chatting over AIM.
We often hear about enterprises instituting security awareness training programs, plastering lunchrooms with posters and passing out safe computing buttons. Looks like we need something like that in our elementary schools, too. Hacker tools and a wealth of step-by-step instructions are waiting for kids on the Internet. Let's get Nancy Reagan and McGruff together for an ABC After School Special, "Just Say No to Hacking." At the very least, stock school and local libraries with Winn Schwartau's Internet & Computer Ethics for Kids -- it's a basic, but parents and teachers need the basics.
Unless we start teaching children and their parents about the consequence of hacking, we will continue to see a steady stream of teenage script-kiddies doing the virtual perp walk.
About the author:
Lawrence M. Walsh is the managing editor of Information Security magazine.