Students Will Design Hacking Apps, Hardware Exploits to Gain Experience
New Jersey Institute of Technology students are forming a pair of computer security groups this semester, with the mutual goal of preparing students to hone their skills beyond the classroom.
One group is NICC — NJIT Information and Cybersecurity Club — and the other is the Association for Computing Machinery's Special Interest Group of (virtual) Breaking and Entering.
Leaders of both groups make it clear that they don't teach or condone illegal activities. Instead, they're devoted to educating members on how to identify system weaknesses and protect against those.
NICC was inspired by the former ACM SIGMAL (Special Interest Group for Malware) but is a standalone student organization unaffiliated with ACM. The club president is Alfred Simpson, a junior from Jersey City majoring in information technology with a specialty in network and information security. Several of his classmates are co-founders and fill the executive board. They're endorsed by fellow student and SIGMAL founder Andres Orbe.
Simpson said the goal for his club is to focus on security more intensely than is otherwise possible as an ACM group. He wants to see participation in several capture-the-flag events every semester. The members already started, finishing in the top 20% among 1,900 teams in The Down Under CTF in September. They plan to compete again in Deadface CTF, October 14-16. They will be active in several other events including JerseyCTF, scheduled for spring 2023. Beyond taking the offensive or defensive sides, known as red team and blue team in industry terms, Simpson wants his club members to learn about developing yellow team tools, which is the underlying software infrastructure that both sides use for protecting and penetrating. Yellow teams are less heralded but arguably learn more valuable skills, he said.
The club is hosting a show on NJIT's WJTB online radio station, called NICC@Nite, every Wednesday at 8:30 P.M. — Simpson doubles as the station manager. Long-term, he'd like to see NJIT offer a B.S. in security, in addition to the current specialization tracks and graduate-level degrees. He envisions security club rivalries with other major universities in the region and said students can learn from the professionals in the NJIT Information Services and Technology department. His ideas also include inviting alumni to give lectures and provide mentorship.
A lot of cybersecurity nowadays is focused on remote exploits, if someone's 1,000 miles away and they want to hack into you. I'm more concerned if someone's in the same room as the computer and they have a screwdriver.
Meanwhile, SIG-B&E differentiates itself by focusing on computer security through hardware, not software. "A lot of cybersecurity nowadays is focused on remote exploits, if someone's 1,000 miles away and they want to hack into you. I'm more concerned if someone's in the same room as the computer and they have a screwdriver," explained SIG leader Cade Riegler, a senior from Middletown majoring in computer engineering.
Riegler cited examples such wireless signal interception and the ability to install Linux through insecure hardware. He said the group has about 10 initial members and he's planning to purchase hardware that they can use for experimenting. He noted that hardware hacking looks good on a job resume, as young people lose the art of operating a soldering iron or oscilloscope.
Reza Curtmola, a professor in Ying Wu College of Computing, serves as faculty advisor for Simpson's NICC group. He is a security expert who recently discovered a web browser vulnerability and is also the co-director of NJIT's Cybersecurity Research Center.
"I applaud and fully support this initiative. There is a shortage of personnel skilled in cybersecurity, both in the public and the private sector, both in the U.S. and abroad, and I hope the club's outreach activities will help with this shortage," said Curtmola. "Cybersecurity can be a fun area to specialize in, both for those who seek to gain more hands-on skills and for those who seek a more formal understanding of the fundamental underlying concepts."