A generation of amoral hackers?

Screen Shot 2016-03-27 at 17.05.22
The Mirror

I must admit, I chuckled when I saw the article by The Mirror, warning that a generation of “amoral and disruptive youngsters who use their skills to kick against society …with many using the skills they picked up in lessons”.

Anyone who has been in the classroom with a bunch of mixed-ability Y9 students, trying to encourage them to write/adapt a  program to switch on LEDs or play rock-paper-scissors, knows that classrooms aren’t exactly a hotbed of sedition.

However, I find myself in a genuine ethical dilemma when it comes to GCSE Computer Science.

Screen Shot 2016-03-27 at 17.24.26

The new OCR J276 specification includes specific references to online security. As expected you get some stuff on legislation (including data protection & computer misuse), references to anti-malware, firewalls, user access levels and passwords. You now also get mention of encryption, penetration testing and network forensics.

Encryption – no problem. It’s a little vague  but there are no specific mentions of algorithms (as you get at AS level) so I dare say we’ll look at the Caeser Cipher, probably Pigpen and a couple of others – moving up to the purpose of online encryption.

The interesting bit is the addition of penetration testing and network forensics. My experience in this area is pretty limited (I once cracked a neighbour’s WEP key just to see if I could, but that’s about it). Forensics; I suppose I could look at the logs on one of our servers or have a look at ownership of files in Linux but other than that I’m a bit stumped.

The one I’m pondering, though, is penetration testing (thankfully shortened to pen testing in common parlance – I can’t imagine the sniggering this is going to induce). The aim is to try and find vulnerabilities in a computer system. And the best way to teach about it (in general) is by doing it. So, I’ve been looking into methods and software to set this up in a classroom.

I could install Kali Linux on a Raspberry Pi and use it with a home-made LAN that is totally separate from the main network, or I could use the awesomely named MyLittlePwny (based on the PwnPi OS). With a little LAN built up of various Windows boxes, a spare (outdated) Mac and some Pis I suppose I could get the students to explore and experiment. But then I suddenly find myself drawn back to that article in the Mirror.

This year I’ve already had to intervene with some Y10 Computer Science students, one of whom thought it would be funny to copy a batch file that would delete/rename work in the user’s home directory and a couple of others who thought it would be fun to distribute it around the class. Do I really want to give those students links and hands-on experience with a more powerful arsenal?

Of course any lessons on these topics would need to be bookended (and interlaced) with discussions of morality, legislation and the difference between white-hat, grey-hat and black-hat hackers.

Screen Shot 2016-03-27 at 19.13.52.png
Top Secret

Another option is to make use of free online games (e.g. Hacker Experience or Slave Hack), maybe even looking at some paid-for desktop/mobile alternatives (e.g. the intriguing looking Top Secret, the assembly language simulation TIS-100, the retro hacking classic Uplink, its nephew Hacknet or the bizarre but engrossing looking Else Heart.Break()).

I’m not really sure what my conclusion is yet. I think that lessons in pen testing and identifying vulnerabilities in order to fix them are a good thing in principle. In practice, I’m not sure how akin it is to teaching self defence, only to find one of your students used their new skills to go and mug someone.

Advertisements

TeachMeets FTW

Camel in waiting at TeachMeet at BETT 2010

Originally uploaded by Mr Ush

TeachMeets are great. If you’ve not been to one the idea is that a load of teachery types get together, usually on one evening, and do mini-presentations (limited to either micro [7 minutes] or nano [2 minutes] format) about classroom practice, pedagogy, ideas, etc.

It’s very informal, very good fun and (in my experience) simply the best CPD you can get. Almost all of my good ideas were blatantly nicked from others at a TeachMeet and as someone said in a TES forum post the other day, “Best CPD I get is by visiting other teachers and discussing anything they do”.

Most amazingly of all, there are 27 TeachMeets scheduled to run in the UK between now and the end of June. That’s 27 CPD events, attended by some of the BEST teachers I have had the pleasure to meet and they’re all free.

You can find out more about them and sign yourselves up to one at the TeachMeet wiki and there really is no excuse not to attend. If there isn’t one close enough, set one up!