It’s something no teacher or administrator wants to think about, but what if one of your students is showing an interest in computer hacking? Teachers–sometimes more than parents–can tap into kids’ interests and skill sets. And with technology now a large part of how students are learning, it is just a matter of time until any educator runs into a student with an unexpected knowledge of how tech works or how to manipulate it.
How do you know if these students simply have a healthy curiosity or are interested in something darker? And how do you help an advanced student understand that they can use their skills for good by choosing a career as a cybersecurity professional rather than an underground hacker? Here’s how to handle such a nuanced situation.
1. Identify interest and skill
There are a few ways to pinpoint a student who has sufficient skills and interest to be a potential security threat.
First, look for kids with a high technical aptitude. They’ll be the whizzes in their computer class, often helping other kids (or teachers) who run into technical issues. Second, they seem to have all the devices and know how they work. Listen for them to talk about their phones, tablets, gaming systems, and more. Additionally, really pay attention to students who show a real curiosity about technology. These are the ones who talk frequently about new tech or ask a lot of questions; these kids are demonstrating a high level of interest in the topic. Combine technical aptitude, access to devices, and curiosity, and you have a student who could cross over into pushing the envelope a bit further than any of us want.
Second, keep an eye out for actions like changing a teacher’s password or accessing something on the network they’re not supposed to. Some kids might do this for attention. Others simply because they can. And others might consider it a harmless prank on a good-natured teacher. But if not recognized and addressed, changing a password could quickly turn into running bitcoin miners on school computers or hijacking a school quiz system in order to receive a particular incentive.
Third, listen to and learn the lingo. Yeah, we had to figure out what seemed like codewords when “Gucci,” “finsta,” and “lowkey” came onto the scene, and it’s no different with technically adept students. There have been many instances in which students have communicated their hacking ideas in front of adults without the adult having any idea what was going on. There’s a whole underground lexicon in the cybersecurity world that interested students are learning, and it’s important for you to know, too.
Odds are that a student who is using the following terms is a student with whom you want to have a discussion about their interest in cybersecurity and hacking:
● (WiFi) Pineapple – A wireless auditing platform that allows the conduction of penetration tests.
● (LAN) Turtle – A covert systems administration and penetration testing tool.
● Hashcat – A password cracking tool.
● Netcat – Network Cache Attack; a side-channel attack method.
● Kali Linux – An advanced penetration testing Linux distribution used for penetration testing, ethical hacking and network security assessments.
● Tor – free software that lets you operate on the internet anonymously.
When you discover any language or actions like those listed above, that’s the time to intervene. Start by having a conversation with the student about appropriate use of school devices. Remind them about the acceptable use agreement they signed at the start of the year, and what it entails. Many students didn’t read or won’t retain what that document contracted them to do or not do. It’s a good opportunity to remind them of what it means.
2. Involve parents
The next step is to call their mom and dad, but be aware there’s a right way and a wrong way to do that. It must be non-punitive to be effective. Let’s say a student hacked into the shared library computer. You don’t call the parents and say, “Tim hacked the computers and we’re concerned.” Instead, take the following approach: “Tim has shown a strong skill set with computers, and we’d like to work with you to help him develop this in a healthy way.”
Make sure the parents are aware that, if left unchecked, Tim’s interests could take him down a darker, even criminal path. But frame the conversation in such a way that his mom and dad understand they are on the same team as you and, together, you can direct him to use his passion in a healthy way.
3. Motivate and engage
Once the student’s parents are aware of what’s going on, and are on board with your plan, it’s time to dig into what motivates the student. Not all threats are created equally, and neither are all drivers behind those threats. When kids dip their toes in potentially malicious cyber activities, they’re usually doing so for one of three reasons:
● Pure curiosity (they have an insatiable appetite for figuring out how things work and genuinely love computers)
● Money (they’ve learned how to monetize their online actions and dream of the millions they think they can make as a hacker)
● Power (they’re hungry for the fame and prestige they think comes with being a skilled cyber-criminal)
If a student has accessed something on the network due to simple curiosity, you’ll handle the misdeed differently than another student who has stolen his peers’ personal information and is bragging to them about it in a grab for power. It’s important to understand the “why” behind an action because it helps you see what motivates a child and when–or if–such an action is likely to happen again.
Then, find opportunities to keep these students involved and engaged. In some districts, kids who hack into the network are put to work on the school’s tech team. They may even get paid for their contributions. The worst thing you can do in such a scenario is to discourage their curiosity and skills; your goal should instead be to redirect them to use all of that for good.
Keeping students like this close will help you keep an eye on them, and thus mitigate risks. It also will allow you to positively reinforce the idea that yes, they can continue doing this cool thing they love (hacking, etc.), but in a safe and productive way.
4. Offer opportunities for empowerment
Most kids who have tried to mess with hacking on school grounds do find the cyber world exhilarating. In addition to getting them involved with the tech team on your school campus, talk to them about learning opportunities and the possibilities of a career in cybersecurity down the road. The National Security Agency (NSA), for example, runs prestigious (and high-paying) internship programs that can give kids with cyber skills a real advantage should they choose to pursue a related career.
There are also various camps (like the ones hosted by GenCyber) that help students positively channel their computer interests and gain more skills. They can also consider taking Advanced Placement courses in computer science, so they’ll already be ahead when they enter college. All of these opportunities are valuable and exciting, and can do a lot to set students up for success in the field.
5. Monitor closely
Finally, keep an eye on these talented and curious students. They can learn so much today through YouTube and social media channels that their cyber threat level could literally increase overnight. Make sure your teachers and other staff (like librarians, who are often in charge of shared computers) are aware of how to identify the signs of high cyber interest–and what to do next.
Most importantly, remember, even the best intentions won’t always produce the results you want. It’s like teaching a child self-defense; you hope they’ll use their skills to protect themselves and others, but it’s also possible they could use them to hurt someone. Your goal should be to empower them and shepherd them toward the good, while simultaneously monitoring their devices and actions more aggressively than the average student. Your tech team should have that visibility, too, and keep these students on their radars.
Cybersecurity is an important, thrilling, and rapidly growing field. Administrators, teachers, and parents all have a part to play in keeping our own networks safe, while identifying and nurturing the students who show a special aptitude and curiosity to explore the field further. In the end, it will benefit our students, our schools and our world.
- 5 ways to nurture a cybersecurity interest in a healthy way - February 12, 2021
- Are you protecting health data amid COVID-19 testing and tracking? - December 8, 2020
- 5 cybersecurity life skills to teach all year - December 3, 2020