How do I start ethically hacking

Sallow skin, a baggy Star Trek shirt, unshaven, pizza marks on the fingers that fly over worn keyboards all night long. Correct. We're talking about hackers, those bad guys who like to crack company networks, steal and manipulate data and have fun doing it.

Konstantin Mroncz was one of them. Today you can no longer see that in his cool suit. Scott Bapst doesn't look like the computer crack he used to be. Because both are bosses now. You founded the IT service provider Microzert and offer training to become a "Certified Ethical Hacker" (CEH), a certified ethical hacker. Sounds getting used to, somehow weird. In any case, thanks to the ethical hacker courses, the real villains should be thoroughly put down. "If you want to know how you can secure your network, you have to know what and how bad guys think, so you always have to be one step ahead of them," says Scott Bapst.

The American brought the idea to Bremen from his home country. In the United States, there have been such educational offers for a good three years and now a number of hacking college course providers, including the pioneers from the Intense School in Florida. Such courses have long been widespread in England too, says partner Konstantin Mroncz, who studied biometrics at Westminster University in London and is familiar with security technology.

In April Microzert started the first five-day seminar in which the participants learn how to launch attacks on servers. The trainer, once responsible for network security in the British military, encourages with the words: "There is nothing that cannot be cracked." And so we tinker and learn one thing above all: what makes hackers' brains tick. After all, the course provider's credo is: "In order to catch the thief, you have to think like a thief." Even if the focus is on practice, the most common methods are used to explain how networks are broken into. A nice invitation to illegality, isn't it? "No, this knowledge is used to identify weak points in networks and to make them really secure, which is why the graduates are also allowed to call themselves ethical hackers," explains Scott.

But what good is all ethics certified by a certificate if the docile student has something else on his mind? But Scott does not believe he is promoting illegal computer use: "Firstly, a real hacker no longer needs a course, secondly, he does not want to be recognized, thirdly, we check every applicant, and fourthly, a hacker would hardly pay a course fee of 2500 euros."

Worm defense

They are mostly paid by companies that have their security experts trained at Microzert. In any case, only those who are proven IT professionals are admitted. "You won't find 17-year-olds on an adventure trip here," says Scott. In addition, the graduates sign a code according to which the knowledge acquired may only be used legally.

The people of Bremen cavort in an attractive market niche. Your seminars are well attended. And the competition never sleeps either. The Swiss InfoGuard AG from Zug is organizing a three-day course that inaugurates the secrets of data thieves. SySS GmbH from Tübingen has been in business for a long time. Founder and managing director Sebastian Schreiber has been searching for leaks in company networks as a "live hacker" for seven years. So it was only natural to pass this knowledge on to IT specialists in workshops.

In slang, the courses are called "Hacker Weeks" and they cover the entire spectrum from independent burglary to securing evidence that an attacker has left behind in court to legal aspects. No price is too high for the participants. This is not surprising, because the topic of IT security is becoming more and more important. International corporations, banks, financial service providers and public administration in particular have a great need for specialists. But smaller companies are also familiar with the drama of being paralyzed by Trojans, sniffing software and worms.

"Small and medium-sized companies in particular have a lot of catching up to do compared to others," says Michael Dickopf, spokesman for the Federal Office for Information Security (BSI). Hacking skills are also in demand at the BSI. The office employs its own experts who are capable of attacks on networks in order to improve the security of the authorities. "Knowledge of hackers is a good and important thing to track down gaps in the system. Although there are many theoretically developed security concepts, they are rarely checked in practice," says Dickopf.

The job of a security-loving data thief is not only becoming more and more important, it can also be quite lucrative: professional hackers like Sebastian Schreiber charge daily rates of up to 1,300 euros. Even companies like SAP, Hewlett-Packard or DaimlerChrysler use the services of cyber intruders. Some people rub their eyes at how quickly passwords can be cracked, firewalls bypassed and secret company data accessed - and are happy to have the friendly hacker at their side.