Nowadays, hacktivism is a way of life for many people. Conspiracy websites and news are highly popular, and the rise of groups like Anonymous, The Shadow Brokers, and individuals like Cthulhu, is giving hacking a noble and chivalrous image. Young people (who are often exposed to political and anti-capitalist conspiracies via social media) look up to hackers who “take on the system.”
Websites like Wikileaks lend an air of legitimacy to the image of hackers and whistleblowers. In addition, stories like those of Edward Snowden and Chelsea Manning make children look up to people who set data free for the masses. Snowden is revered as a true hero for his disclosures about government snooping, and the recent Vault 7 leaks are (rightly) considered exciting and a “win” for the people.
What’s more, TV shows like Mr. Robot further glamorize hacking culture, making it seem exciting and subversive. In many ways, hacking is today’s counter-culture, rivaling rock and roll and punk in its popularity, and drawing children into its fold by filling them with ambitions of being the next Guccifer.
A new report released by the UK’s National Crime Agency (NCA) reinforces this belief. It claims that it has become a matter of importance to educate children about the dangers of hacking in their early teens, in order to curb the growing army of children in their later teens who are turning to cybercrime.
What is interesting is that while the vast majority of cybercrime is about making cold hard digital cash, for young people ethics and morality are much more important. In addition, the online social status that comes with being a member of an anonymous hacking collective – or a name like Guccifer – is a prize that young people desire.
The NCA study was conducted by interviewing eight young people who had been cautioned or sentenced for hacking offences. According to the report, the average age that a young person is likely to begin committing cybercrime is 17. The report blames the availability of low-level hacking tools for encouraging “criminal behavior.”
What the NCA is referring to, is the “script kiddie” boom of recent years. Exploit codes are freely available online, and YouTube videos (and other tutorials found on Google) allow young people to learn how to hack. A raspberry pi can be purchased for very little money and, using existing computer scripts or codes to hack, allows script kiddies to become hackers without any real expertise.
Of course, the concern is that what starts as an “ethical” pastime may mature into full blown cybercriminality. After all, everyone has to start somewhere, and despite the fact that children seem unmotivated by money there is a risk that hacking tools will serve as a “gateway drug” into worse future habits. Sadly, this is a real risk and there will always be a certain number of script kiddies who have the brainpower, will, and determination, to mature into cybercriminals.
Unfortunately, making the leap from innocent script kiddie to cybercriminal isn’t as tough as one might think. These days, there are plenty of hacking tools available online. Some allow hackers to begin mounting much more serious and competent attacks with ease, without needing to know much in terms of coding.
In addition, once in awhile very serious hacking tools that are meant for government spy agencies are leaked to the internet. These are powerful hacking suites that give their users vast capabilities for hacking others and delivering payloads like ransomware (which can also be acquired online).
Mustafa Al-Bassam is one of the young people who was interviewed by the NCA for its report. In 2011, he was arrested and later convicted for hacking offences – he was just 16 years of age. Al-Bassam says he was inspired by the likes of Anonymous:
“I kind of got involved in serious hacking from a political, activist perspective.
To me it was a form of civil disobedience and I knew it was illegal. But that didn’t stop me. Because I didn’t understand the likelihood of being caught.
When asked when his interest in hacking first flourished, Al-Bassam responded:
“I started learning how to program from a very early age, when I was about nine or 10. And from there I realised the ways that computer programmers could make mistakes that would introduce computer vulnerabilities into their software, which would allow hackers to gain access to their systems. And I realised that this was a really powerful tool.”
For Al-Bassam, however, despite a conviction at an early age, hacking didn’t turn into a life of crime. Instead, the young man now works as a security researcher, earning good money.
Jake Davis is another of the young people convicted for hacking offences. Like Al-Bassam, he was arrested in 2011, and later pleaded guilty to the offences. Davis says he was a member of both Anonymous and Lulzsec at the time of his conviction. Davis has described his early forays into hacking:
“Within the hacker community itself there’s large amounts of one-upmanship and kudos – if hacker A manages to take down a large website then hacker B thinks ‘well I can do this’.
It becomes so gamified that a lot of people, including myself, I think lose focus of what the hacking entails.”
However, like Al-Bassam, Davis turned his abilities in the field of IT into a prosperous business. He now runs Spyscape, a publishing company.
Both those stories end well, and there is no doubt that many young people who are inspired to get into IT at an early age (because of hacking culture) are learning skills that will stand them in good stead.
Career in Cybersecurity
Cybersecurity is a huge market offering high salaries, yet it is massively understaffed around the world. Yearly reports indicate that there is a massive gap between the amount of job openings available and the number of highly-skilled cybersecurity professionals around to fill them.
Bear in mind that many cybersecurity experts working in some of the best firms come from a background of government hacking for the military. Tel Aviv, for example, is a booming center for cybersecurity excellence, and the vast majority of those people got the skills necessary to start security firms in the Israeli army.
Why? As Al-Bassam himself mentioned, when it comes to an education in cybersecurity there is nothing that rivals the experience that comes from learning to hack. In fact, employers have been known to criticize university courses for leaving students without the practical knowledge needed to actually perform well in the field of work.
Parents whose children are obsessed with Mr Robot, Anonymous, the Clinton hacking scandal, AND appear to spend too much time on their PCs, may want to keep a watchful eye on their offspring. However, in many ways they would have to be mad to dissuade their youngsters from pursuing their passion.
On the other hand, the power to hack in the hands of the disenfranchised, greedy, or mentally ill, could lead to catastrophic life decisions that seriously jeopardize a young person’s future. Prison is a very serious possibility for children who mature into cybercriminals. For that reason, education and clear communication on the part of parents is strongly advised. In the end, we can but hope that the prospect of a lucrative and morally upright future in cybersecurity will be enough to deter young people from the risks of cybercrime.
Opinions are the writer’s own
Title image credit: Hung Chung Chih
Image credits: Gil C/Shutterstock.com, fatmawati achmad zaenuri/Shutterstock.com, Ollyy/Shutterstock.com