Ruadhán Mac Cormaic visits Paris's 'Hackademy', where students learn - legitimately - to crack passwords, and spy on e-mails and mobiles
'Hackers are not criminals," says school manager Billy Dub, grinning. He is sitting in the sleek, airy office, just off a gritty alleyway in Paris's 11th arrondissement, that is home to Zi Hackademy, probably the world's first computer-hacking school. Here, students learn how to tweak phone bills, crack passwords and spy on e-mails and mobile phones. Like all staff, Billy Dub is known to everyone by his nom de guerre; his colleagues include Fozzy, Durasp and Xdream.
"There's an important nuance here. The activities of hackers are legal, whereas piracy and theft are illegal. The authorities in France have accepted this. Better to offer open instruction than to close our eyes on a reality that already exists."
The Hackademy project was born three years ago, when a couple of Parisian computer experts burrowing along on an underground hackers' newspaper wondered how close to the surface they could safely go.
"We thought, how explosive would it be to open somewhere like this under the official 'Hackademy' name, dealing with such a dangerous subject? What would happen? The goal was to give a physical façade to people who were virtually anonymous; the paper's readers, ordinary Internet users and hackers, people who were for the unrestricted use of the Internet," says Dub.
"When we started out with the Hackademy Journal, we found that, on a technical level, there was a lot of inaccurate information around. Everyone had questions, and the best way to respond was to organise meetings, or classes. Then we had to square this with the demands of the law. It turned into an excellent relay for the paper, but at the time there was nothing to measure it against, so the result was a complete surprise."
That result was rapid success. Since the school opened in Paris in September 2001, more than 2,500 students have attended its seminars. Satellite hackademies have opened in Montpellier, Limoges and Geneva, and investors in Greece, Romania and the UK have expressed interest in the trademark. Such is the demand for places at the flagship school in Paris, they have started turning people away. The group's monthly ad-free newspaper is distributed nationally, and claims an average circulation of 70,000.
At the school, a core eight-hour tuition programme, imparting "a practical approach" to IT security and password cracking, for example, costs €80 per student, while a more intensive course covering such topics as "espionage" and "cryptography" comes to €210.
A typical student profile is difficult to sketch, says Dub, but as a general rule, they tend to be older than the teachers, all of whom are younger than 25. As well as catering for both amateur and proficient individuals, the school's seminars are pitched at those with a stake in IT security. Only by keeping abreast of the latest hacking techniques, they argue, can organisations hope to avert online "attack".
"We have had great success among professionals, who tend not to have much information on the subject. They're delighted to find skilled people who can teach them freely and independent of corporate interests. These could be IT professionals or representatives of big banks, the French army or hospitals. They need real information on the state of Internet piracy techniques. Previously this knowledge was controlled by companies who sold their own products. There was a lack of independence."
It's a safe bet that the French intelligence services keep a close eye on the classes, too. "Of course," says Dub. "From the moment we opened, it was clear what sort of information we were disseminating, and that this information would interest the authorities. Perhaps it's easier for them to know that we're here, rather than being scattered and silent. They're not hostile, but I think they watch, certainly." Uniformed policemen and soldiers have been known to attend seminars. "And we bill them like everyone else," says Dub.
Some of the group's activities skirt the thin boundaries of France's Internet and privacy laws. One edition of the paper told readers how to invent a viable and yet false credit card number for Internet shopping. Another explained how to create a virus, pointing out at the bottom of the page that that was illegal.
In 2002, the school had its first collision with the law. Instructors managed to break into the online accounts held by several French banks, prompting one institution to initiate legal action. The Hackademy's office was raided, its team arrested and its machines confiscated. The case was eventually dropped and the impounded computers were returned last month.
"When we find vulnerabilities in websites," says Dub, "we inform the organisation in question of the weakness. We don't ask for money. We tell them so that they can seal the vulnerability before we publish details of the 'crack' in the paper, usually two or three weeks later. The motivation is to produce a newspaper of quality that is interesting enough for people to buy. It's a sort of game, but a professional game, and with lots of risk."
The Hackademy Journal is now published in an English-language edition