In a survey conducted by Security Firm Tufin Technologies, it acknoleges that around 1 in 5 students are admiting to hacking. The real intresting question is, are the other 4 being honest? When I was in high school , I knew one guy whom would be considered a hacker. At college I did a small amount – mostly accidental stuff – I tried to log on to an Oracle Database server with the system administrator log on – turns out the IT department had not changed the pasword for it. One of my freinds at that college showed me a technique to bypass a BIOS password, and it worked.
There is two sides to the story as always, ethical hacking, such as that taught at Dundee Abertay college in their Ethical Hacking and Countermessures allows students to develop skills of nessesary evil. If you are unaware of how to hack into a system, how can you possibilly prevent unauthorized access to it?
It is generally a grey area – hacking for ethical sake without the authority of the system in question such as an IT department clearly is wrong no matter what your intentions are. The study found that the vast majority of the students surveyed did agree with this assessment. Combining the remaining 16% whom do not recognize it as being wrong, the ones that have tried hacking from that lot are the ones that we need to worry about – they dont realise or do not understand what they are doing is wrong, and they have the skills to actually do it. These are the kinds of people that are going to cause us the problems.
Strangely, they suggest there is no gender bias but I find that hard to belive unless they actually interviewed equal number of students – generally speaking in computing science courses (at least the courses I have been on) have had a higher number of boys to girls ratio. Therefore less girls would be questioned and make up the ‘guilty’ selection.
On another consideration, the research does not define what they mean by hacking. How many of the ones that admited it had merely overlooked a shoulder as a password was being typed? Or used completely automatic tools that got in? Neither of these are really major threats, its the ones that can sit down with just a shell and still manage to get in that we really need to worry about.