Peer pressure, not money, lures youngsters into cybercrime – report

Are teenage dreams so hard to beat?


Teenage hackers get mixed up in cybercrime mostly to gain bragging rights over peers rather than to get rich, according to a new study.

The National Crime Agency report fingers peer pressure and kudos as a key reason for youngsters in getting mixed up with online crime. Few if any of those who stray on to the wrong side of the law in cyberspace would have committed conventional crimes.

The study [PDF] published Friday, titled Pathways into Cyber Crime, was based on debriefs with offenders and those on the fringes of criminality. Financial gain is not necessarily a priority for young offenders. The sense of accomplishment at completing a challenge and proving oneself to peers in order to increase online reputations can be more important factors in driving cyber-offending.

Some youngsters got involved with cybercrime because they thought it was "cool". Availability of free and easy-to-use hacking tools such as DDoS-for-hire services and Remote Access Trojans (RATs) is also a factor. Some offenders begin by participating in gaming cheat websites and "modding" forums before progressing to criminal hacking communities.

Many offenders that come to the attention of the NCA are young, with an average age of just 17. The report identifies education and opportunities to use skills positively as helpful in steering potential offenders towards the light side, a career in cybersecurity.

"There is great value in reaching young people before they ever become involved in cybercrime, when their skills can still be a force for good," said Richard Jones, head of the National Cyber Crime Unit's Prevent team, in a statement.

"The aim of this assessment has been to understand the pathways offenders take, and identify the most effective intervention points to divert them towards a more positive path. That can be as simple as highlighting opportunities in coding and programming, or jobs in the gaming and cyber industries, which still give them the sense of accomplishment and respect they are seeking."

Dr Jamie Graves, chief exec of cybersecurity firm ZoneFox, commented: "Instead of spending resources looking to suppress these highly intelligent young individuals and put them behind bars, we should be identifying them and nurturing and encouraging them to contribute positively in roles that can utilise their skills, both in the private and public sectors. This will not only empower them for good, but also boost the economy and safeguard the nation."

Other security firms praised the report as a step towards coming up with an effective strategy towards engaging young people and channelling those with an interest in computers towards productive activity rather than criminal hacking.

Ollie Whitehouse, CTO at NCC Group, said: "Although hacking can start off as a hobby, with attacks motivated by popularity on forums rather than money, it can easily evolve into something more sinister.

"Therefore, the security industry has a duty to engage with young people to develop their cyber skills and educate them about how they can use their abilities legitimately. Hackathons, code clubs and courses aimed at school and university students can encourage them to pursue opportunities in the cyber security industry and help to steer them away from criminal activity."

James Maude, senior security engineer at Avecto, added: "For young people, when hidden behind the faceless anonymity of a computer, it's all too easy for a moral compass to point in the wrong direction.

"Last year's TalkTalk hack is a prime example of how a young person working alone in their bedroom can significantly impact an entire business. Cybercrime is now the biggest threat facing businesses and it is more crucial than ever for companies to understand the processes and motivation behind hacking. The security industry is already invested in engaging young people and helping them use their skills for good but, at the same time, organisations need to stop making life easy for cybercriminals by getting the basics right and implementing an effective cybersecurity strategy." ®

Similar topics

Broader topics

Narrower topics


Other stories you might like

  • World Economic Forum wants a global map of online crime
    Will cyber crimes shrug off Atlas Initiative? Objectively, yes

    RSA Conference An ambitious project spearheaded by the World Economic Forum (WEF) is working to develop a map of the cybercrime ecosystem using open source information.

    The Atlas initiative, whose contributors include Fortinet and Microsoft and other private-sector firms, involves mapping the relationships between criminal groups and their infrastructure with the end goal of helping both industry and the public sector — law enforcement and government agencies — disrupt these nefarious ecosystems.  

    This kind of visibility into the connections between the gang members can help security researchers identify vulnerabilities in the criminals' supply chain to develop better mitigation strategies and security controls for their customers. 

    Continue reading
  • Google: How we tackled this iPhone, Android spyware
    Watching people's every move and collecting their info – not on our watch, says web ads giant

    Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG).

    RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's one of more than 30 outfits Google researchers are tracking that sell exploits or surveillance capabilities to government-backed groups. And we're told this particular spyware runs on both iOS and Android phones.

    We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. It's said that Italian authorities have used this tool in tackling corruption cases, and the Kazakh government has had its hands on it, too.

    Continue reading
  • NSO claims 'more than 5' EU states use Pegasus spyware
    And it's like, what ... 12, 13,000 total targets a year max, exec says

    NSO Group told European lawmakers this week that "under 50" customers use its notorious Pegasus spyware, though these customers include "more than five" European Union member states.

    The surveillance-ware maker's General Counsel Chaim Gelfand refused to answer specific questions about the company's customers during a European Parliament committee meeting on Thursday. 

    Instead, he frequently repeated the company line that NSO exclusively sells its spyware to government agencies — not private companies or individuals — and only "for the purpose of preventing and investigating terrorism and other serious crimes."

    Continue reading
  • Interpol anti-fraud operation busts call centers behind business email scams
    1,770 premises raided, 2,000 arrested, $50m seized

    Law enforcement agencies around the world have arrested about 2,000 people and seized $50 million in a sweeping operation crackdown of social engineering and other scam operations around the globe.

    In the latest action in the ongoing "First Light", an operation Interpol has coordinated annually since 2014, law enforcement officials from 76 countries raided 1,770 call centers suspected of running fraudulent operations such as telephone and romance scams, email deception scams, and financial crimes.

    Among the 2,000 people arrested in Operation First Light 2022 were call center operators and fraudsters, and money launderers. Interpol stated that the operation also saw 4,000 bank accounts frozen and 3,000 suspects identified.

    Continue reading
  • Cloud services proving handy for cybercriminals, SANS Institute warns
    Flying horses, gonna pwn me away...

    RSA Conference Living off the land is so 2021. These days, cybercriminals are living off the cloud, according to Katie Nickels, director of intelligence for Red Canary and a SANS Certified Instructor.

    "It's not enough to pay attention to the operating systems, the endpoints, said Nickels, speaking on a SANS Institute panel about the most dangerous new attack techniques at RSA Conference. "Adversaries, a lot of their intrusions, are using cloud services of different types."  

    And yes, living off the land (or the cloud), in which intruders use legitimate software and cloud services to deploy malware or spy on corporations and other nefarious activities, isn't a new type of attack, Nickels admitted. "But what's new here is the levels to which using cloud services [for cyberattacks] has risen." 

    Continue reading
  • Microsoft seizes 41 domains tied to 'Iranian phishing ring'
    Windows giant gets court order to take over dot-coms and more

    Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India. 

    The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, government, and education sectors: its members would pretend to be job recruiters to lure marks into running malware on their PCs.

    "Bohrium actors create fake social media profiles, often posing as recruiters," said Amy Hogan-Burney, GM of Microsoft's Digital Crimes Unit. "Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware."

    Continue reading
  • Cops' Killer Bee stings credential-stealing scammer
    Fraudster and two alleged accomplices nabbed in joint op

    An Interpol-led operation code-named Killer Bee has led to the arrest and conviction of a Nigerian man who was said to have used a remote access trojan (RAT) to reroute financial transactions and steal corporate credentials. Two suspected accomplices were also nabbed.

    The trio, aged between 31 and 38, were detained as part of a sting operation involving law enforcement agencies across 11 countries: Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Nigeria, Philippines, Singapore, Thailand, and Vietnam. 

    The suspects were arrested in the Lagos suburb of Ajegunle and in Benin City, Nigeria. At the time of their arrests, all three men were in possession of fake documents, including fraudulent invoices and forged official letters, it is claimed.

    Continue reading

Biting the hand that feeds IT © 1998–2022