(Photo by Matthew Casey - KJZZ)

Hacking outside the Arizona Cyber Warfare Range can bring serious legal consequences. Most people at the Range did not want their picture taken. These budding cyberwarriors agreed, as long it did not show their face.

(Photo by Matthew Casey - KJZZ)

When it comes to cybersecurity, experts say the stakes couldn't be higher. However, the Arizona Cyber Warfare Range maintains a loose, startup environment.

(Photo by Matthew Casey, KJZZ)

Computer servers for the Arizona Cyber Warfare Range take up about a quarter of the room where hackers study their craft. The hackers' goal is to break the equipment so they can learn how to protect it.

Budding hackers huddle in a secure, windowless room as they gulp energy drinks and munch on pizza. Their job is to unleash cyberattacks on the millions of dollars worth of computer equipment at the Arizona Cyber Warfare Range. The goal is to break the gear, so they can learn how to protect it.

“In order to defend yourself from cyberattacks, you need to know the methods and techniques that cybercriminals are utilizing in programs to help defend yourself,” said Joshua Harp, who’s volunteered for years at the Range.

Russian hackers tried to influence the 2016 presidential election. The Chinese may have stolen millions of Social Security numbers. Experts warn incidents like these show the United States is losing the cyberwar.

The Arizona Cyber Warfare Range is a Mesa-based nonprofit seeking to turn the tide by training warriors to defend against hacks. 

But laws, like the Computer Fraud and Abuse Act, make learning how to hack risky, Harp said.

The Range, with its cyber targets, gives people a place to gain these skills without threat of prosecution. It’s an educational environment.

“If I was doing what I did here, without the sanctions that I receive through here, it would mean prison time for me,” Harp said.

Cyberwar adversaries have a different approach to hackers, Harp said. They encourage them.

“Russians want to go to prison for the cybercrimes they commit because that means the Russian government will come to them with a job offer,” Harp said. “In China, if you show aptitude with computers, then you show aptitude to be part of their hacking team.”

The Arizona Cyber Warfare Range works with about 5,000 hackers. Their skill levels vary from beginner to Jedi. A good cyberwarrior is a problem-solver and an adaptive thinker, said Range co-founder, Brett L. Scott.

“Even though everybody says, ‘Oh my God hackers, big scary monster.’ The bottom line is we are an unclassified entity that allows people to come in and learn critical skill sets,” Scott said.

Scott started programming computers when he was 6 years old. His career path eventually led him into cybersecurity, and it wasn’t long before the FBI and Secret Service started coming to his lectures.

“I began assisting Uncle Sam with complex questions that they were not able to obtain answers to, but I had first-hand knowledge of,” Scott said.

By outlawing hacking, Scott said the government keeps cybersecurity professionals from understanding the weapons used against them. He warns that future generations face competition against technology that was invented here but may be stolen by other countries. 

“We are doomed if we do not very quickly generate a capable set of cyberwarriors to change our destiny,” Scott said.

The mood inside the Range doesn’t always reflect the high stakes Scott described. Inappropriate jokes are common. Sometimes the hackers act more like rowdy frat boys than stereotypical computer nerds.

Volunteer Joyce Vogt is one of the few women around. She puts up with this behavior because, at the Range, she can let her skillset shine.

“These guys are cowboys, right? For me, it’s really reinforced that I really like going into environments that are lacking in civility and lacking in structure," Vogt said. "And then standing up structure as part of my work."

There are lots of ways to hack a government, and public-private partnerships are particularly vulnerable, said Vogt, who owns a data analytics firm and a cybersecurity company, which grew out of her work at the Range.

“I think there is just a general attitude of, ‘It hasn’t happened to me. Who am I? Who’s going to want to hack into my network?’” Vogt said.

Cyberdefense is typically reactive. Yet the Range’s founders have compiled a list of global cyberthreats and built a proactive defense network. Vogt and her team plan to bring that to market. Because they think it’s the cybersecurity model that will play out in the next three to five years.

“Any traffic that’s accessing a network — we can run that against the larger database to be able to determine, ‘Is this already a known threat?' 'Cause if it is, we should stop them at the door,” Vogt said.