Peer pressure, not money, lures youngsters into cybercrime – report
Are teenage dreams so hard to beat?
Teenage hackers get mixed up in cybercrime mostly to gain bragging rights over peers rather than to get rich, according to a new study.
The National Crime Agency report fingers peer pressure and kudos as a key reason for youngsters in getting mixed up with online crime. Few if any of those who stray on to the wrong side of the law in cyberspace would have committed conventional crimes.
The study [PDF] published Friday, titled Pathways into Cyber Crime, was based on debriefs with offenders and those on the fringes of criminality. Financial gain is not necessarily a priority for young offenders. The sense of accomplishment at completing a challenge and proving oneself to peers in order to increase online reputations can be more important factors in driving cyber-offending.
Some youngsters got involved with cybercrime because they thought it was "cool". Availability of free and easy-to-use hacking tools such as DDoS-for-hire services and Remote Access Trojans (RATs) is also a factor. Some offenders begin by participating in gaming cheat websites and "modding" forums before progressing to criminal hacking communities.
Many offenders that come to the attention of the NCA are young, with an average age of just 17. The report identifies education and opportunities to use skills positively as helpful in steering potential offenders towards the light side, a career in cybersecurity.
"There is great value in reaching young people before they ever become involved in cybercrime, when their skills can still be a force for good," said Richard Jones, head of the National Cyber Crime Unit's Prevent team, in a statement.
"The aim of this assessment has been to understand the pathways offenders take, and identify the most effective intervention points to divert them towards a more positive path. That can be as simple as highlighting opportunities in coding and programming, or jobs in the gaming and cyber industries, which still give them the sense of accomplishment and respect they are seeking."
Dr Jamie Graves, chief exec of cybersecurity firm ZoneFox, commented: "Instead of spending resources looking to suppress these highly intelligent young individuals and put them behind bars, we should be identifying them and nurturing and encouraging them to contribute positively in roles that can utilise their skills, both in the private and public sectors. This will not only empower them for good, but also boost the economy and safeguard the nation."
Other security firms praised the report as a step towards coming up with an effective strategy towards engaging young people and channelling those with an interest in computers towards productive activity rather than criminal hacking.
Ollie Whitehouse, CTO at NCC Group, said: "Although hacking can start off as a hobby, with attacks motivated by popularity on forums rather than money, it can easily evolve into something more sinister.
"Therefore, the security industry has a duty to engage with young people to develop their cyber skills and educate them about how they can use their abilities legitimately. Hackathons, code clubs and courses aimed at school and university students can encourage them to pursue opportunities in the cyber security industry and help to steer them away from criminal activity."
James Maude, senior security engineer at Avecto, added: "For young people, when hidden behind the faceless anonymity of a computer, it's all too easy for a moral compass to point in the wrong direction.
"Last year's TalkTalk hack is a prime example of how a young person working alone in their bedroom can significantly impact an entire business. Cybercrime is now the biggest threat facing businesses and it is more crucial than ever for companies to understand the processes and motivation behind hacking. The security industry is already invested in engaging young people and helping them use their skills for good but, at the same time, organisations need to stop making life easy for cybercriminals by getting the basics right and implementing an effective cybersecurity strategy." ®