Teaching Engineering students to "Think thief"

We report on an educational experiment where information technology students were encouraged to think out of the box about the dark side of information technology. Instead of taking the usual point of view of the engineer we challenged the students to take the point of view of the motivated offender. After teaching the course three years, we report on the exciting ideas our students came up with, and on the lessons we learned in designing and teaching the course. The main conclusions are (a) thinking thief inspires students to design creative projects, (b) working with real subjects creates a powerful learning experience, and (c) students are struggling with methodological issues.

[1]  Lorraine Gamman,et al.  Thinking Thief - Designing out Misuse, Abuse and 'Criminal' Aesthetics , 2003 .

[2]  M. Bateson,et al.  Cues of being watched enhance cooperation in a real-world setting , 2006, Biology Letters.

[3]  Gregory J. Conti,et al.  Hacking Competitions and Their Untapped Potential for Security Education , 2011, IEEE Security & Privacy.

[4]  Fred B. Schneider,et al.  Cybersecurity Education in Universities , 2013, IEEE Secur. Priv..

[5]  Alessandro Acquisti,et al.  School of Phish: A Real-Word Evaluation of Anti-Phishing Training (CMU-CyLab-09-002) , 2009 .

[6]  Hal Berghel Wireless infidelity I: war driving , 2004, CACM.

[7]  Sergey Bratus What Hackers Learn that the Rest of Us Don't: Notes on Hacker Curriculum , 2007, IEEE Security & Privacy.

[8]  Zachary N. J. Peterson,et al.  Security through play , 2013, IEEE Security & Privacy.

[9]  Chris Kanich,et al.  Spamalytics: an empirical analysis of spam marketing conversion , 2008, CCS.

[10]  Martin Gilje Jaatun,et al.  Where Only Fools Dare to Tread: An Empirical Study on the Prevalence of Zero-Day Malware , 2009, 2009 Fourth International Conference on Internet Monitoring and Protection.

[11]  B. Endicoytt-Popuvsky Ethics and teaching information assurance , 2003, S&P 2003.

[12]  R. Clarke Situational Crime Prevention , 1995, Crime and Justice.

[13]  Jacob Cohen,et al.  A power primer. , 1992, Psychological bulletin.

[14]  Edgar R. Weippl,et al.  QR code security , 2010, MoMM.

[15]  Andy P. Field,et al.  Discovering Statistics Using SPSS , 2000 .

[16]  T. Holt,et al.  Examining the Applicability of Lifestyle-Routine Activities Theory for Cybercrime Victimization , 2008 .

[17]  Leon Mann,et al.  THE LOST-LETTER TECHNIQUE: A TOOL OF SOCIAL RESEARCH , 1965 .

[18]  Gregory J. Conti,et al.  Embracing the Kobayashi Maru: Why You Should Teach Your Students to Cheat , 2011, IEEE Security & Privacy.