Everyone remembers being a teenager and having to choose between right and wrong. How often did you pick the latter – a forbidden party for instance – because it was more exciting than the alternative? Youngsters are impressionable and often make decisions to boost their reputation or get a quick kick. Hackers are no different, but their poor decisions can have far-reaching consequences.
A report by the National Crime Agency (NCA) found that UK cybercrime suspects are on average just 17 years old, with some as young as 12. This is far lower than the average age of those arrested for drugs (37) and financial crime (39). Many of those young suspects wouldn’t have broken the law before, and would be unlikely to do so in the real world. So what drives them to commit crime digitally, and can those forces be overcome?
How young people fall into cybercrime
Youngsters who commit cybercrime typically have a passion for tech which stems from legitimate interests, such as gaming. Their competitiveness (a desired cyber trait) may lead them to forums where they can share tips and learn to hack games. But these forums are often hotbeds for malicious activity, with like-minded youngsters encouraging each other to perform increasingly daring stunts, perhaps unaware of their gravity. Cybercriminals also use them for recruitment, though most youngsters turn to the dark arts not for financial gain, but to earn kudos among their peers.
Many technically minded teens are neurodivergent (one in seven people have conditions linked to neurodiversity), meaning they have atypical ways of thinking. Their skill sets differ from their neurotypical counterparts, with attention to detail, logical thinking and problem-solving – desirable cybersecurity traits – all frequently present. These curious individuals are often unchallenged and underwhelmed by their school syllabus material, forcing them to hone their skills unsupervised elsewhere. And with easy-to-use hacking tools so readily available, this absence of leadership can be dangerous.
However young people fall into cybercrime, most consider their teenage kicks harmless fun. Those who do understand their actions often have no intention of committing ‘serious’ crime and consider their chances of encountering law enforcement slim. But things can and do escalate. Take TalkTalk hacker Daniel Kelley for example, who began hacking maliciously when he failed to get the grades to study a college computer course. Kelley first targeted the college that rejected him before moving onto global companies and high level crime. In 2019, he was jailed for four years.
Why we need young hackers on side
Engaging young cyber talent is as much a social issue as an economic one. We don’t just need to help the 30% of UK businesses lacking advanced cyber talent; it’s also our duty as an industry to protect young people. Hackers currently have so few places to practice legitimately that it’s unsurprising some turn to cybercrime – where else can they exploit services or escalate privileges?
Offensive cyber techniques are important (we understand that as well as anyone), so the industry must start building a positive narrative around hacking. The term might be interwoven with criminality at present, but hackers simply do what others thought impossible. Whether for positive or nefarious ends, being a hacker requires an innovative mindset. By damning those involved in hacking from an early age, we risk driving them to the fringes and perhaps even criminality. We should encourage, not admonish, those with the technical abilities to transform industries – or else the next Marcus Hutchins, the bedroom hacker who committed crime but eventually derailed WannaCry, might never be on our side.
How Immersive Labs is helping keep young hackers on track
Creating a secure, exciting space for young hackers to equip themselves with skills is essential, or else they could be tempted to practice illegitimately. Bug bounty providers such as HackerOne are excellent playgrounds for advanced hackers, with one teenager Santiago Lopez making millions through the platform. Even he admits, however, to being tempted by cybercrime – and most teens aren’t at the level required for ethical hacking.
Immersive Labs creates a safe proving ground for young people to test out cyber tools and problem solving techniques. Our approach to skills development puts real malware and threat actor techniques in the hands of those who will eventually be tasked with opposing them. Content is designed to progress users through the concepts, tools and techniques required for a career in cybersecurity, making it an invaluable resource for aspiring hackers. This is why we provide the Students’ Digital Cyber Academy and the Neurodivergent Digital Cyber Academy to qualifying individuals for free.
We also recently ran a fantastic event as part of Unlock Cyber, who aim to open up cyber careers to young people in the South West (UK). Immersive Labs powered the June competition, which saw various schools complete a combined 1,412 labs. All participating students have been granted access to the Students’ Digital Cyber Academy.
James Webber, who teaches at a participating school, said: “The Unlock Cyber competition in partnership with Immersive Labs was a truly fantastic experience for our pupils. The tasks were challenging but pitched at the right level, with the practice labs released beforehand very useful in concentrating pupils’ efforts on key areas of cyber. It promotes cyber to those interested in more than coding and is fantastic for schools in the South West.”We have also partnered with the National Crime Agency (NCA) to provide Cyber4Summer, a summer training and learning opportunity for teenagers. This will give young people the opportunity to develop cyber skills online over the summer holidays and forms part of the NCA’s strategy to train today’s youth via the UK Government’s Cyber Essentials scheme. And this means – when it comes to cyber at least – young people don’t have to choose between what’s fun and what’s right.
16 July 2020
Latest Blog posts
Wicked problems: navigating crises when there’s no clear path
1 April 2021
Play along with our new crisis scenario – Insider Threat: Pharma Drama!
31 March 2021
The People of InfoSec on the People of InfoSec: The Thought Leader’s View
31 March 2021
SaltStack: further injection vulnerabilities
24 March 2021
Immersive Labs Chooses Global Channel-First Strategy With 50 New Partners and Transparent Structure
18 March 2021
The View from the CISO’s Chair
18 March 2021