NSA summer camp: More hacking than hiking

This is not your typical summer sleepaway camp.

Bonfires and archery? Try Insecure Direct Object References and A1-Injections.

The dozen or so teenagers staring at computers in a Marymount University classroom here on a recent day were learning - thanks to a new National Security Agency cybersecurity programme that reaches down into the ranks of American high school and middle school students - the entry-level art of cracking encrypted passwords.

"We basically tried a dictionary attack," Ben Winiger, 16, of Johnson City, said as he typed a new command into John The Ripper, a software tool that helps test and break passwords. "Now we're trying a brute-force attack."

Others in the room stumbled through the exercise more slowly, getting help from faculty instructors who had prepped them with a lecture on the ethics of hacking. In other words, they were effectively told, do not try this at home.

"Now, I don't want anybody getting in trouble now that you know how to use this puppy," Darrell Andrews, one of the camp's instructors, warned loudly. "Right? Right?" he added with emphasis.

As campers around the country sleep under the stars and dive into mountain lakes, 1,400 youths have packed their overnight bags or lunchboxes for a very different experience.

They are attending dozens of free overnight and day camps across the country supported by the NSA, better known for its bulk collection of Americans' phone records and its spying on foreign leaders. Like the CIA and other elite intelligence agencies, the NSA has for decades recruited on college campuses and run collegiate programmes, but this summer the agency is making sure that middle- and high-school-age students - and some teachers, too - are learning how to hack, crack and defend in cyberspace.

The goal of GenCyber, as the summer camp programme is called, is to catch the attention of potential cybersecurity recruits and seed interest in an exploding field as more and more of the nation's critical transactions, from warfare to banking, move into the realm of cyberspace.

NSA officials say building the next generation's cyberspace work force is a matter of national security, as a string of massive breaches at the federal Office of Personnel Management and private companies have highlighted. Studies anticipate the need to fill hundreds of thousands of new cybersecurity jobs in coming years.

That includes jobs with the NSA, which has its own worries about filling recruitment quotas these days because of increased competition from higher-paying private companies and bad publicity after Edward J Snowden, the former NSA contractor, leaked a trove of classified documents showing the agency's surveillance programs as far more extensive than most Americans knew.

"These kids are the ones that are going to be building the next products that we all rely on, the things we can't even imagine will exist in the future," Steven LaFountain, the head of the NSA's in-house College of Cyber and the leader of the camp program, said in an interview at the NSA's heavily fortified headquarters in Fort Meade.

"If they have just a little bit more understanding of security when they're doing that," he said, "I think it will make the products that much better."

With the help of a seed grant from the National Science Foundation, the agency started a small pilot program under LaFountain's direction last year, sponsoring six camps at colleges and universities.

This summer it has expanded to 43 camps, and about half of the 1,400 students are girls.

LaFountain hopes the program will grow to 200 camps in all 50 states by 2020.

So far there has been strong interest, he said, given the long waiting lists for the camps this year.

The NSA gives each camp loose guidelines, but largely leaves it up to the colleges and universities and the instructors running them to decide which topics and exercises to cover. Unlike other popular programming and engineering camps, though, the N.S.A. also mandates that GenCyber camps be offered free of charge.

©2015 The New York Times New Service