Nu-Nerds – College Age Hackers Will Soon Shape Our Future

Standard

young_hackers

“WIRED”

“They’re just seven freshmen on one floor of one dorm of one college in one state in one country on our one and only planet.

For all their exceptional talent, there must be tens of thousands more, and they will be running the show.

Google the words “David Dworken” and you’ll find a picture of a teenager in an oversize gray suit shaking hands with former secretary of defense Ash Carter, along with a headline that reads: “Meet David Dworken, the Teenager Who Hacked the Pentagon.” Which is pure clickbait.

Last spring, the Pentagon sponsored a “bug bounty,” inviting computer security enthusiasts to dig into Defense.gov, DoDLive, and a few of its other public-facing websites. Dworken, then newly 18 and among the youngest of the 1,410 participants, found six vulnerabilities, ranging from cross-site scripting (where malicious code can wreak havoc on a victim’s web browser) to insecure direct object reference (alert: potential data breach). He wasn’t the only one to find errors—250 bug hunters had found similar weaknesses—but he was the one who made headlines. He was just a high school senior, after all, and ours is a culture fascinated, and terrified, by teenagers who know computers better than most of us will ever know anything.

Dworken had been moonlighting as a whitehat hacker since he was 16, helping to uncover website vulnerabilities for massive companies like Netflix, General Motors, and AT&T. He found a remote-code-execution glitch on a United website, earning 1 million air miles for his trouble. The lack of rate-limiting on get.uber.com? That was him (and he earned $3,000 for identifying it). At the time of the Pentagon event he was a computer whiz on his way to Northeastern University with a merit scholarship. In other online articles about the hack, he talked about hacking as a public service, a way to help protect the world’s digital infrastructure. He hoped to someday have a career in cybersecurity. He seemed like a good kid, the anti–Mr. Robot. And as part of the first generation of Americans who came of age after WikiLeaks and Snowden, and after concepts like privacy, security, and online identity blew up in our collective face, this smiling kid with a Supercut looked like nothing so much as the future.

But to really find out—to study that potential future in all its complexity, to learn how the next generation is grappling with the Big Issues keeping the rest of us awake at night, you can’t just trust the internet. You have to go to a very cramped room in Boston.

When i arrive at Stetson West, the computer science dorm in the northeast corner of Northeastern’s leafy campus, it is early December, and David greets me wearing a T-shirt that says “Respect the Research.” Looming at a lanky 6′ 4″, he smiles often, with round dimpled cheeks and deep laugh lines; along with his unprominent chin and pointy canines, he gives off an amiable Chip ’n’ Dale vibe.

In his tiny dorm room, six guys are crowded together, lounging in desk chairs, slouched on the loft beds, or standing; everyone’s either holding or looking at a computer. They’re all part of a self-started hacker group called Sthacks, short for Stetson Hacks, and David’s room is their informal HQ. The floor is covered with throw rugs and grubby bath mats, and on the wall is a vanity license plate that reads M3MES. David’s Corsair keyboard glows red in front of his curved LG monitor; my geek pride inflates when I notice we own the same mouse, a Razer DeathAdder Chroma. I search for a bookshelf, but I can find only one physical book, Essentials of Programming Languages. I have them count the number of internet-enabled devices in the room; David has 13, his roommate has 11, and the others carry two apiece, for a total of 34.

Shortly after I arrive, the Sthacks members wander out, giving David and me the room. In an unhurried drawl, he tells me he was born to nontechie parents in 1998; he tended sheep, goats, and pigs at his small middle school outside Washington, DC. Out of curiosity, he taught himself to program on his TI-84 Plus graphing calculator in seventh grade and got into finding bugs in high school, when he discovered an XSS vulnerability on his school’s website. From there he branched out into corporate bug bounties, starting with AT&T (where the nature of his work was confidential under Section 5 of AT&T’s terms and conditions), and attended some hacker events, where he skewed on the young side—last summer his father had to chaperone him to Def Con in Las Vegas, because the hotel was 21-and-over. He says he loved high school, which trips my red flag, because what kind of freak loves high school? So I ask him what he hates. “I don’t hate anything,” he says.

Like Midnight’s Children or the X-Men, they have talents that seem to have emerged spontaneously and in isolation, from everywhere and for no reason, united here through the sheer chance of dorm assignments and the lingua franca of tech. One mentions he attended the best-funded school in the US, another the worst-funded school in New Jersey. There are Hillary voters and more than zero Trump voters. They’re all guys, perhaps due to the gender imbalance in STEM fields, but at least partly because the dorm floors here are gender-segregated. Where it seems like race, sexuality, gender, and class dominate collegiate discussions right now, the young men of Sthacks simply identify as hackers, though they hate how the term has been twisted to mean trespassing. Hacking, as they’ll tell you, means quick-and-dirty programming and problem-solving, taking things apart and putting them back together.

And that’s what they do. Nonstop.

They do it for school; outside of school, they do it for work; outside of work, they do it for fun. Unlike every other gathering of male undergrads I’ve ever seen, there’s no horseplay or grab-ass, no profanity or pop references. Instead there is a bewildering flurry of shoptalk: “It’s a fuzzer that inspects the code as it runs to make sure it hits every single possible branch, and when you compile it with their compiler, it’s all open source, and it adds its own instrumentation …”

Fully automated fuzzer?”

“Fully automated, and it hits every branch. That’s the crazy part. Everything from, like, Firefox, Internet Explorer, SQLite, GnuPG, NTPD, FFmpeg—”

“So it needs to generate a whole—like, a whole control flow tree?”

“Yeah, it hooks into the compiler. I don’t completely get it …”

 

She stands on a desk to make her pitch. “I’m just really glad that we breathed new life into this place. And I knew there had to be a place where CS people could gather and do social things together. What’s happening? Why are you all snickering?” The audience heckles and squeaks their ducks at her. She concludes: “So yeah, vote for not–No Confidence, and we will, uh, strive to make this the place … for you to do the thing.”

“Do the thing!” the audience calls back, applauding.

Next up is Milo for VP. He climbs onto a swivel chair, flailing and torquing around. “I promise a new era of violent dictatorship where all dissent is suppressed, using violence and other nefarious tactics. I promise that you shall fear for your safety should you speak out against the regime,” he says, to more heckling. “This I vow, to all of you, on my honor. Thank you, and please don’t vote for No Confidence. That would really suck.”

“That speech is a lot less funny given the president-elect right now,” someone says.

One of the candidates for treasurer gives his speech, calling NU Hacks a cross between an authoritarian dictatorship and an anarchist collective, and meanwhile everyone’s whispering; No Confidence is gaining momentum. Obviously they’re just clowning around, but I do start wondering how much the joke extends to real life—whether, at a time when hackers and email leaks influence elections, theirs is a politics of No Confidence, disengaged and distracted by fuzzers and messing with strangers’ baby monitors. Sure, college is a time for indecision, for gathering knowledge without immediately forming an agenda. Then again, they’re also voting age.

 

After class, David and I head to a café, where he continues to stonewall me on everything: politics, religion, class, dating life. At a time when young people are accused of oversharing, I find his aversion to disclosure interesting. “I, by default, am going to keep things private and let it become public when there’s a sufficiently convincing reason for it to be public,” he says. Like when? “When it’s beneficial in terms of career prospects.” (One thing, more than any other, that he wants the world to know: “Bug-bounty programs are good.”) Someone like David, who deeply understands and values privacy, shares only what he wants. He’s out here fixing bugs to secure our privacy; all he asks for is some privacy of his own.

I propose we move out of his comfort zone, do something nonfactual: go to a fortune-­teller, a club, a hookah bar. “I don’t have any interest in doing that, to be honest,” he says. “I’d rather go to my room and work on programming.” On our way out, he swerves to pick up a tiny discarded receipt off the ground, then wanders even farther off to drop it carefully into a recycling bin.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s