CEDARVILLE — In a world where we heavily rely on computers in our daily lives, hackers and others who launch cyberattacks have the potential to cause more and more harm. But hackers aren’t always the villains — good hackers are also needed to find and fix vulnerabilities before they’re used for harm.
Ben Sprague is one of those good hackers, and as Cedarville University’s “hacker-in-residence” for the spring 2022 semester, he’s hoping to train student-hackers to use their skills to protect others from cyber attacks.
Sprague graduated from Cedarville in 2006 with a bachelor of science in computer engineering degree, one of six members of that program’s inaugural graduating class. Since graduation, he’s worked in the government and defense contracting industry in the Cincinnati area. In addition to this work, he provides cybersecurity services for Christian ministries.
“It’s cost-prohibitive for churches and ministries to hire penetration testers — people whom you give permission to probe your network and find vulnerabilities before the bad guys do,” said Dr. Seth Hamman, director and associate professor of cyber operations and computer science at Cedarville.
Sprague said that he’s helped missions organizations find and fix vulnerabilities on their networks that could have been abused by “bad actors,” a term used by those in the industry for computer programmers who aim to harm, not help. By hacking into their systems, Sprague also shows them warning signs that their network is under attack.
“The goal is to teach the defenders how to defend,” Sprague said. “In order to do that, you need to be an authentic and good attacker.”
Sprague officially holds the title of visiting professor and fellow at Cedarville’s Center for the Advancement of Cybersecurity. He will teach a class for juniors and seniors about the basics of ethical hacking and help out with another class. On March 30 at 4 p.m., he’ll present a seminar about cryptocurrencies where students will be able to trade a blockchain-based currency Sprague created for a hands-on learning experience.
He’s also helping a senior design team build a “leave behind device,” a small disguised computer that is designed to be surreptitiously plugged into a network to allow unauthorized remote access. The goal is that, after seeing the device’s capabilities, businesses will be more careful about the devices they allow to be plugged into their networks.
“The ability to push the limits on defenses requires that you understand the attacks,” Sprague said. “A computer programmer has to be aware of security, so they’re not making things that are vulnerable in the first place.”
Said Hamman, “Through years of diligent effort Ben has developed an elite level of skill. In the cyber operations world, he fills a very valuable niche — the deeply technical ability to find and exploit vulnerabilities.”
Sprague added that, in addition to a strong cybersecurity program, Cedarville provides a unique environment to teach hacking skills.
“The core of ethical behavior already built into our program fits nicely into the realm of teaching people how to do dangerous things,” he said. “It would be really scary to train students how to attack computer systems if you didn’t also trust them to be ethical in their approach.”