‘White hat hacker’ aims to protect world, encourage women

TOKYO — Asuka Nakajima is the type of computer expert called a “white hat hacker.” Also described as hackers working for justice, white hat hackers including Nakajima work to find faults in personal computer software to identify possible security holes.

“If I discover ‘holes’ in computer systems of governmental entities, medical institutions or companies before they are hit by cyber-attacks, it can help protect the world,” Nakajima, 27, said.

“Such discoveries can have results such as people discussing the necessity of installing certain functions because there are certain ways of exploiting the holes. Then users’ safety can be secured. I want to be able to make as many discoveries as possible like that.”

Nakajima works in Musashino, Tokyo, for NTT Secure Platform Laboratories, which conducts research on security technologies on the internet.

She is also the head of CTF for GIRLS, a group of female information technology engineers that organizes study meetings for women working in the field.

Software products contain faulty points called “vulnerabilities,” which are caused by bugs in programs or errors in the design of the software.

Malicious hackers make use of the vulnerabilities, send computer viruses, and conduct attacks such as theft of information.

In contrast, white hat hackers strive to find the vulnerabilities earlier than malicious hackers by using the same technologies and techniques, and contribute to improvement of safety levels.

Life-changing novel

“I liked reading books, and I was IT-illiterate,” Nakajima said, describing her pre-hacker life. “There were some years in which I got absorbed in reading about 300 books a year, mainly fantasy novels and science fiction,” Nakajima said.

A job transfer for her father, a trading company employee, resulted in Nakajima living in New York from her second year of junior high school to her second year of high school. During those years, it became difficult for her to obtain copies of Japanese books, and so she grew interested in online novels.

When she was 14, her online reading included the novel “Project SEVEN,” whose author, Hikaru Nanase, is also a female computer programmer. The story is about a high school girl who saves the world as a hacker.

“With one computer, we can conquer the world or save the world. Because we only live once, I wanted to find something about which I could be passionate. Soon, I became willing to bet my life on this,” Nakajima said.

In 2009, after returning to Japan, she enrolled at Keio University, in the Faculty of Environment and Information Studies, where she studied hard to learn as much as she could.

Nakajima directly asked Prof. Keiji Takeda, a renowned information security expert, to allow her to join his lab when she was still a first-year student.

“I took as many courses as possible on subjects related to IT, such as programming and computer systems. I didn’t join a club at the university, and only studied in the lab and attended the classes. I spent all of my university years on IT,” she said.

Nakajima was chosen to participate in a government program for people 22 or younger to foster human resources in the IT field.

She also obtained a national qualification as an information security specialist. She gave a presentation at an academic conference when she was in her second year in the university, something unusually early.

However, her confidence suffered a strong blow when she participated in an international hacking contest in the same year.

In the preliminary competition, held in Japan, there were a large number of hackers on Japan’s highest level.

When she tackled a quiz-style question in which participants analyzed telecommunication data, she was unable to understand even a starting point for her task. Her mind went blank.

Though her team was able to enter the final round held in South Korea, Nakajima could not solve questions and could not at all contribute to the team’s passage through the preliminary round.

Said Nakajima: “But I enjoyed the event and I did benefit from it. Because answers to questions of other participants were shared, I became strongly aware that there are people with deep knowledge on levels that are beyond my imagination.”

Later, Nakajima did internships at Google, where she received constant training from a programmer, and Microsoft, where she accumulated experiences in a workplace related to security affairs.

Skills suited the job

While Nakajima worked in the field, she began to feel uncomfortable about the fact that the number of female workers in the field was small.

“When I attended study meetings and contests, women accounted for only 10 percent or 20 percent. This job field is a world where everybody can shine only if they are capable, and their sex doesn’t matter. Rather, I think that the communication skills and carefulness required in the field are suitable for women,” she said.

In June 2014, five to six women who are fellow workers in the job field, including Nakajima, launched CTF for GIRLS. It holds study meetings several times a year, with nearly 100 people participating.

Prof. Takeda, who is Nakajima’s mentor, said, “Half of personal computer users are female. She has done a good job.”

Nakajima has written a book titled “Cyber Kogeki” (Cyber-attacks), which was published in January by Kodansha Blue Backs.

Nakajima also serves as a peer reviewer of reports for Black Hat, a series of international conferences that hackers from all over the world participate in.

However, Nakajima said she thinks that it is too early for her to be called a hacker.

“If, someday in the future, I can announce a security technology or software, which can protect the world, in an internationally renowned academic society …” Nakajima said.

“That might be the time when I’ll identify myself as a hacker.”

Read more...