Student brings passion for ‘white hat’ hacking to Northeastern

David Dworken, CS’21, poses for a portrait at Northeastern University on Sept. 5, 2016. Photo by: Matthew Modoono/Northeastern University

David Dworken’s interest in cybersecurity took shape somewhat accidentally, by finding vulnerabilities in his high school’s website during a technology class. By his senior year however, he was hacking into the Pentagon as part of a federally-supported project to uncover weaknesses in Defense Department websites before U.S enemies could find them.

The idea to hack Pentagon websites started in the car on the way to school one day. Dworken, then a high school senior, heard a radio program about a pilot program run by the U.S. Department of Defense that invited friendly hackers—otherwise known as “white hat” hackers—to try to break into some of its websites.

The program piqued his interest, Dworken recalled, but with Advanced Placement exams on the horizon, he didn’t think too much of it. That is, until about a month later.

David Dworken, CIS'20, meets with U.S. Secretary of Defense Ash Carter in July following a federally-supported "bug bounty." Photo courtesy of David Dworken

David Dworken, CIS’20, meets with U.S. Secretary of Defense Ash Carter in June following a federally-supported “bug bounty.” Photo courtesy of David Dworken

“I got an email from HackerOne saying that I’d been invited to participate in the program,” he said. “It was a complete shock at first because only select people were invited to participate.”

Dworken, CIS’20, had joined HackerOne—a group that specializes in finding bugs and vulnerabilities in websites—in high school. As a member of the group, and prior to his Pentagon work, he’d helped bolster the cybersecurity of companies such as Western Union, Amazon, eBay, Netflix, MailChimp, Adobe, AT&T, and Uber by discovering and reporting their website liabilities.

All of this, Dworken says, was spurred by the accidental discovery of vulnerabilities in his high school’s website during that technology class years ago.

“That (discovery) was pretty low stakes, but still, as a random 10th grade student, to be able to email these programmers, send them a bug report, and have it be taken seriously—the whole experience was unbelievably satisfying to me,” he said.

I plan to grad­uate in four years with two co-​​ops and a summer intern­ship. The fact that there’s that level of flex­i­bility was really attrac­tive to me.
— David Dworken

More than 1,400 participants took part in the Department of Defense project, according to a Reuters report of the Pentagon findings. They found 138 valid reports of vulnerabilities. The project invited hackers to test the cybersecurity of some public Defense Department sites. The effort was limited to public websites and the hackers did not have access to highly sensitive areas.

Dworken himself reported six vulnerabilities—all while preparing for his Advanced Placement exams.

“It was an especially busy time of year,” he said, laughing. “I was working on it any spare minute I had—during free periods, after school, whenever.” It was worth the work, though. “It was unbelievably exciting. I get excited any time I find a vulnerability, but especially to find some in the Pentagon? That was unbelievably satisfying.”

That type of hands-on experience is what Dworken said drew him to Northeastern.

“That was the No. 1 thing for me,” he said of the university’s experiential learning opportunities. “I plan to graduate in four years with two co-ops and a summer internship. The fact that there’s that level of flexibility was really attractive to me.”