Meet the Japanese hacker training a generation of female cyberwarriors

TUESDAY, JULY 17, 2018
|

Asuka Nakajima is a “white hat hacker”. Also described as cyberhijackers working for justice, white hat hackers seek out faults in personal computer software to identify possible security holes.

“If I discover ‘holes’ in computer systems of governmental entities, medical institutions or companies before they are hit by cyberattacks, it can help protect the world,” Nakajima, 27, says.
“Such discoveries can [reveal] the necessity of installing certain functions because there are certain ways of exploiting the holes. Then users’ safety can be secured. I want to be able to make as many discoveries as possible like that.”
Nakajima works in Musashino, Tokyo, for NTT Secure Platform Laboratories, which conducts research on security technologies on the Internet.
She is also the head of CTF for GIRLS, a group of female information technology engineers that empowers women working in the field.
Software products contain faulty points called “vulnerabilities”, which are caused by bugs in programs or errors in the design of the software.
Malicious hackers make use of the vulnerabilities, send computer viruses, and conduct cyberheists.
In contrast, white hat hackers strive to find the vulnerabilities earlier than the black hats by using the same technologies and techniques.
“I liked reading books, and I was IT-illiterate,” Nakajima explains, describing her pre-hacker life. “There were some years in which I got absorbed in reading about 300 books a year, mainly fantasy novels and science fiction.”

Life-changing novel
A job transfer for her father resulted in Nakajima living in New York as a schoolgirl. It became difficult for her to obtain copies of Japanese books, and so she grew interested in online novels.
When she was 14, she discovered “Project SEVEN” – about a schoolgirl who saves the world as a hacker.
“With one computer, we can conquer the world or save the world. Because we only live once, I wanted to find something about which I could be passionate. Soon, I became willing to bet my life on this,” Nakajima says.
In 2009, she returned to Japan and enrolled at Keio University and promptly asked Professor Keiji Takeda, a renowned information security expert, if she could join his lab.
“I took as many courses as possible on subjects related to IT, such as programming and computer systems,” she says.
Nakajima was then chosen to participate in a national programme for IT experts under the age of 22.
However, her confidence suffered a strong blow when she participated in an international hacking contest in the same year
Tested on telecoms data, she was unable to grasp even a starting point for her task. Her mind went blank.
 “But I enjoyed the event and I did benefit from it. … I became strongly aware that there are people with deep knowledge on levels that are beyond my imagination.”
Nakajima then took internships at Google and Microsoft, where she deepened her knowledge of security affairs. But she began to feel uncomfortable that the number of female workers in her field was so small.
“When I attended study meetings and contests, women accounted for only 10 or 20 per cent. This job field is a world where everybody can shine if they are capable; their sex doesn’t matter. Rather, I think that communication skills and carefulness required suit women especially.”
In June 2014, Nakajima launched CTF for GIRLS along with five other women. It holds think tanks several times a year, with nearly 100 people participating.
Nakajima’s mentor Prof Takeda notes that “Half of personal computer users are female. She has done a good job.”
Nakajima has written a book titled “Cyber Kogeki” (Cyber-attacks), which was published in January by Kodansha Blue Backs.
Nakajima also serves as a peer reviewer of reports for Black Hat, a global series of summits that draw hackers from all over the world.
However, Nakajima said she thinks that it is too early for her to be called a hacker.
“If, someday in the future, at an internationally renowned academic society, I can announce a security technology or software which can protect the world … then I might identify as a hacker.”