Teenage cybercrime: How to stop kids from taking the wrong path

Next story

When we talk about cybercrime and children, it’s often in the context of protecting the young ones from online dangers. That could mean ensuring our kids’ devices have the right parental control software set up, so that the children don’t access dangerous or inappropriate content. The same goes for making sure they have anti-malware installed and privacy settings properly configured.

But what if a child turns out to be the ‘bad guy’? It’s more common than you might think, including because at an early age, many kids don’t realize that their ‘black hat’ activities are illegal (as opposed to ‘white hat’, also known as ethical, hacking).

The good news is that, even if you suspect your own children may be using their technology skills for nefarious ends, it’s not too late to steer them on the right path. And there are many legitimate avenues to channel their cyber-savvy and ultimately help them start a career in cybersecurity.

When computer hacking is child’s play

While this all sounds like the plot from a Hollywood film, the reality is more mundane. In fact, school-aged hackers are increasingly commonplace as the tools and techniques to commit cybercrime become cheaper and more easily accessible. Some kids have displayed an astonishing grasp of technology and threat techniques in their attacks, while others may simply be curious to see how far they can push things.

The UK’s National Crime Agency (NCA) said that data from its National Cyber Crime Unit (NCCU) showed a 107% increase in police reports from 2019 to 2020 of students deploying DDoS attacks. The median age for referrals to the NCCU’s “Prevent” team is reportedly 15, and a recent NCA report revealed that children as young as nine have been caught launching DDoS attacks. However, instances of children engaging in cybercrime are not confined to DDoS attacks.

For example:

  • London schoolgirl Betsy Davies was just seven when she demonstrated in just 10 minutes how to hack a stranger’s laptop via an unsecure public Wi-Fi network. How did she do it? By searching online for a how-to guide. Around 14,000 video tutorials were returned from YouTube alone at the time.
  • Elliott Gunton was 16 years old when he hacked UK ISP TalkTalk in a now infamous case that resulted in the compromise of over 150,000 customer accounts. He was later jailed for separate cybercrime offences and has been indicted for even more serious crimes in the US.
  • An unnamed 16-year-old Australian schoolboy broke into Apple’s internal systems multiple times, making off with 90GB of “secure files” and accessing customer accounts in the process. The youngster’s lawyer said the teenager did it because he admired Apple and dreamed of landing a job in the company.

What are the warning signs?

Parents are anxious about most things. But when it comes to possible illegal hacking activity, they may be right to stay alert to any change in their child’s behavior. A major 2019 study from Michigan State University (MSU) highlighted some of the key traits associated with juvenile cybercrime. These include:

  • Low self-control
  • Peer associations – i.e., knowing other kids who also hack (mainly girls)
  • Time spent watching TV or playing computer games (mainly boys)
  • Opportunity – i.e., having their own computer in a private room, with minimal parental supervision
  • Having access to a mobile phone from an early age
  • Engaging in digital piracy

 

How do you know something’s wrong?

There are also a few signs that your children’s online activity may have got out of hand. For example, they could allude to private matters that suggest they may have been reading your emails/messages or they go to extreme lengths to protect their own privacy and refuse to share their logins.

Of course, this might not indicate anything more than merely kids being kids. In fact, an early interest in some types of software, such as penetration testing tools, could actually be more than welcome.

But as Thomas Holt, lead author of the MSU report, explains, without supervision, innocuous ‘games’ can escalate. Where might it lead? According to the NCA, anything from an official warning from officers, to a penalty fine, arrest, and even incarceration for the most serious offences.

Towards more positive outcomes

Parental control software downloaded to your children’s devices may help to catch the early warning signs of juvenile hacking, such as attempts to access specific cybercrime sites, hacking forums and other shady parts of the internet. But if they’ve already attained an elevated level of tech savvy, they will likely be able to hide any such activity.

 

That makes it more important than ever to find a positive outlet for their skills. Fortunately, there are various paths to take. Some governments run cybersecurity programs for school-aged students to test, hone and develop their skills. The natural progression from here would be towards a fully-fledged career in cybersecurity. An industry that has long experienced major workplace shortages means practitioners command a high starting salary and can expect a long and rewarding career.

There are also government and privately-run hacking competitions where all comers can test their skills against the best in the world, and potentially showcase their talent to would-be employers.

Most important, though, is keeping the lines of communication open. Take an interest in your kids’ hobbies. And if you’re concerned they may be straying into illegality, remind them of the risks of doing so, and nudge them towards more positive and lawful opportunities.

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003. For more information visit www.eset.com or follow us on  FacebookYouTube and Twitter.