Teaching kids to hack for good

Got a kid with dreams of hacking? Dedicated to children, r00tz Asylum takes place at the annual DEF CON hacking conference, offering a three-day schedule jam-packed with learning and fun for young padawan hackers.

This year the event took place in the Crown Theater of the Rio Hotel in Las Vegas.

Cyber leaders such as Google, Wickr, All Clear ID, Cloud Shark, Great Scott Gadgets and the  Electronic Frontier Foundation (EFF) support the important initiative.

Teaching kids to hack safely

R00tz is a non-profit dedicated to teaching kids how to be white-hat hackers - people who enjoy thinking of innovative new ways to make, break and use anything to create a better world.

At its core, r00tz Asylum has a fundamental honor code, telling kids that “it is your responsibility to use these powers for good and only good.” Warned that the Internet is a small place and that “word gets around, fast,” kids are told to always stick to the following rules:

  • Only hack things you own
  • Do not hack anything you rely on
  • Respect the rights of others
  • Know the law and the possible risk and consequences for breaking it
  • Find a safe playground

So what sort of stuff do kids learn? Kids were having a blast soldering hardware, battling it out in cyber-related contests and enjoying a range of talks.

The Master of Ceremonies was the popular and highly accomplished thirteen-year old CyFi who managed to nab a bug bounty from Samsung while still a tween for identifying a vulnerability in one of the tech giant’s products.

Parisa Tabriz, described as Google’s ‘security princess,’ was hired to improve the security of Google’s web applications 7 years ago. Today she manages the Chrome Security engineering team that is tasked with making Chrome the most secure way to browse and making the Internet safer.

Drawing from her extensive experience, she talked to the kids about web hacking for fun and profit.

Bugs on Mars 

What kid isn’t curious about space? Don Bailey, a security consultant at iSEC Partners, talked about how bugs can lurk anywhere – even the Mars Curiosity Rover.

The Lempel-Ziv-Oberhumer (LZO) algorithm, written 20 years ago by Markus Oberhumer, is a very efficient compression algorithm. It has been widely used on NASA devices that have gone to Mars several times.

And this summer…a bug was revealed.

Easter eggs

At a camp for hackers, an Easter egg hunt takes on a different form.

Computer program writers occasionally insert secret code that does something fun. These are called “Easter eggs.”

Decius, involved in the hacker community for over 20 years, has spoken at DEF CON, Black Hat, Hackers on Planet Earth (HOPE) and Summercon, to name a few.

To the kids, he explained how Easter eggs can provide “back doors”- meaning the programmer creates special access to computers that are running his or her software.

He reviewed a number of these backdoors and challenged the kids to think about the ethics involved.

The dangers of being out of date

Esau Kang talked to the kids about why it is important to keep up to date with patching systems and applications.

The soon-to-be-senior at Los Gatos High School and winner of last year’s kids’ Social Engineering Capture the Flag competition told his young audience how they can defend against attacks. They learned how to use tools like Armitage and Metasploit to find vulnerabilities in systems.


Ten-year old Liam Harrington, also known as white hat hacker “Muffenboy,” inspired other kids with his tale of becoming an extraordinarily capable programmer and hacker.

Since the age of 8, Liam has been teaching himself about computer science and combinatorial mathematics.

He talked about his iOS hacks, the creation of Cyon, his custom operating system, installing virtual operating systems and partitioning computers. He also demonstrated a custom-built Windows 95 bootloader to run Windows 95 on an iPhone.

Kid versions of grown-up briefings

The kids also got to hear a few of the presentations that were given at Black Hat and DEF CON, translated specifically for a kid audience.

Legends like Cesar Cerrudo and Charlie Miller pitched up to provide kid-friendly explanations of their research while stressing the importance of finding vulnerabilities to make the world a safer place.