NYU students by day, hackers by night

NEW YORK – Every week, a group of teenagers and 20-somethings dressed in hoodies gets together in a tiny room on a college campus and plug in their laptops. They turn up pulsing electronic funk music, order pizza and begin furiously hacking into computer networks.

But they’re not shadowy criminals: They’re students training to become “white-hat” hackers, experts to help business and government agencies protect their data from cyberattacks that have become an almost daily occurrence.

“It’s the new espionage. Spies operate from behind keyboards now,” said Evan Jensen, a senior at the Polytechnic Institute of New York University and one of the leaders of the Hack Night events where about two dozen students hone their hacking skills.

Since actual hacking is illegal, the students can’t just sneak into a webpage and poke around for learning’s sake. So industry experts, professors and the school’s very own “Hacker In Residence,” Dan Guido, collaborate to create exercises that expose the students to real-world hacking scenarios.

Guido, who runs his own cybersecurity firm, will walk students through one of the most common means hackers use to gain access to a computer network: attacks on the software of a browser like Internet Explorer. In June 2011, Google said it had traced to China a cyberattack that attempted to access hundreds of Google email accounts.

Guido uses the case, much of which has been made public, to re-create the exploit, having students map out step by step how the hacker was able to access a desktop computer and infiltrate the company’s network.

While bigger schools such as Georgia Tech, Purdue and Carnegie Mellon are known for their cybersecurity programs, experts say Brooklyn-based NYU-Poly is now considered among the best schools for training students with hands-on, mission-critical cybersecurity skills. That’s due in part to Hack Night, an active cybersecurity club and an annual hacking competition each fall that the school bills as the largest in the country.

“Every one of the faculty, every one of the undergraduates and every one of the graduate students is engaged in real-world exercises,” said Alan Paller, director of the SANS Institute, a cybersecurity training organization. “They come out having actually developed and tested their skills.”

Paller said the need for cybersecurity experts with real-world training is severe – a 2012 report he co-authored found that the Department of Homeland Security alone needs 600 such experts. Last month, the Defense Department announced it is establishing a series of cyber teams charged with carrying out offensive operations to combat threats of cyberattacks aimed at disrupting the country’s vital infrastructure.

“The only defense against these things are skills,” Paller said. “We have too many people in the cybersecurity field that don’t have the hands-on skills. We call them frequent fliers. We don’t have enough pilots.”

Many of the 270 NYU-Poly cybersecurity students are already starting to line up jobs earning lucrative salaries at private cybersecurity consulting firms or big banks in need of people able to identify and correct vulnerabilities in their networks.

Because they are in such demand, cybersecurity students can pick and choose where they want to work.

“You see all the time a lot of job descriptions for people who are trying to hire guys like us say things like, business casual is not acceptable here,” said Julian Cohen, 22, a senior and a founder of the weekly Wednesday evening Hack Night. “No one wants to go to work in a button-down shirt and slacks.”