Cybersecurity and Ethical Hacking

A key part of 鲍德温’s mission states that 鲍德温 will develop girls into confident young women that will have  “... the competency to make significant and enduring contributions to the world.” Upper-school students in Dr. Thomas Heverin’s “Cybersecurity and Ethical Hacking” class are already making these types of contributions.

 

从九月初开始, 鲍德温 students have ethically hacked into 60 unique devices across government agencies, 大学, non-profits and other types of organizations. Ethical hacking is defined as the authorized exploration of organizations’ devices and networks to uncover vulnerabilities and security weaknesses. The primary goal is to improve organizations’ security and to protect people in those organizations.

 

Types of devices ethically hacked by the students include printers, digital systems that control physical key boxes, building automation systems, satellite phone terminals, 逻辑控制器, 文件服务器, 通信服务器, security cameras and more.

 

To enhance organizational security, the class has submitted vulnerability reports to security teams, aiming to promptly notify them of potential threats and drive essential security improvements. A notable example of their impact is a U.S. university's response to a comprehensive vulnerability report, which spurred significant university security enhancements based on the students' findings. For this case, students discovered they could access the system logs of the university’s printers. Within the logs, students found various IP addresses attempting to access the printers. They analyzed the IP addresses to determine that several were associated with malware. The university’s security team was highly impressed with the girls’ analysis.

 

The students’ global impact is evident through their discovery of a critical security flaw in a widely used printer model from a prominent vendor, allowing any public user to establish an administrator account, effectively gaining complete control and access. This vulnerability has been identified in 30 organizations spanning the United States, 墨西哥, 加拿大, 希腊, 法国, 匈牙利, 斯洛文尼亚, 马其顿, 德国和斯洛伐克, highlighting the widespread significance of their findings.

 

The girls use various publicly available cybersecurity tools, such as Shodan and Censys, to find devices and then use ethical hacking tools developed by Dr. Heverin to identify vulnerabilities on the devices. Dr. Heverin developed the tools with the aid of ChatGPT, a generative artificial intelligence (AI) resource. The students also use ChatGPT in class to help define cybersecurity technical terms and to help explain the risk associated with their findings.

 

Dr. Heverin stated, “Teaching 鲍德温 students has been an amazing experience. Their motivation to learn and their critical thinking skills have led us to discovering vulnerabilities across the world. They are already making significant contributions in cybersecurity as high school students. I can’t wait to see what they ethically hack into and what organizations they help next.”