It’s never too late to prevent children from being dragged to the dark side and to ensure their skills are a force for good.
When we talk about cybercrime and children, it’s often in the context of protecting the young ones from online dangers. That could mean ensuring our kids’ devices have the right parental control software set up, so that the children don’t access dangerous or inappropriate content. The same goes for making sure they have anti-malware installed and privacy settings properly configured.
But what if a child turns out to be the ‘bad guy’? It’s more common than you might think, including because at an early age, many kids don’t realize that their ‘black hat’ activities are illegal (as opposed to ‘white hat’, also known as ethical, hacking).
The good news is that, even if you suspect your own child may be using their technology skills for nefarious ends, it’s not too late to steer them on the right path. And there are many legitimate avenues to channel their cyber-savvy and ultimately help them start a career in cybersecurity.
When computer hacking is child’s play
While this all sounds like the plot from a Hollywood film, the reality is more mundane. In fact, school-aged hackers are increasingly commonplace as the tools and techniques to commit cybercrime become cheaper and more easily accessible. Some kids have displayed an astonishing grasp of technology and threat techniques in their attacks, while others may simply be curious to see how far they can push things.
RELATED READING: What motivates some young people to become cybercriminals?
The UK’s National Crime Agency (NCA) said that data from its National Cyber Crime Unit (NCCU) showed a 107% increase in police reports from 2019 to 2020 of students deploying DDoS attacks. The median age for referrals to the NCCU’s “Prevent” team is reportedly 15, and a recent NCA report revealed that children as young as nine have been caught launching DDoS attacks. However, instances of children engaging in cybercrime are not confined to DDoS attacks.
- London schoolgirl Betsy Davies was just seven when she demonstrated how to hack a stranger’s laptop via an unsecure public Wi-Fi network in just 10 minutes. How did she do it? By searching online for a how-to guide. Around 14,000 video tutorials were returned from YouTube alone at the time.
- Elliott Gunton was just 16 years old when he hacked UK ISP TalkTalk in a now infamous case which resulted in the compromise of over 150,000 customer accounts. He was later jailed for separate cybercrime offences and has been indicted for even more serious crimes in the US.
- An unnamed 16-year-old Australian schoolboy broke into Apple’s internal systems multiple times, making off with 90GB of “secure files” and accessing customer accounts in the process. The youngster’s lawyer said the teenager did it because he admired Apple and dreamed of landing a job in the company.
What are the warning signs?
Parents are anxious about most things. But when it comes to possible illegal hacking activity, they may be right to stay alert to any change in their child’s behavior. A major 2019 study from Michigan State University (MSU) highlighted some of the key traits associated with juvenile cybercrime. These include:
- Low self-control
- Peer associations – i.e., knowing other kids who also hack (mainly girls)
- Time spent watching TV or playing computer games (mainly boys)
- Opportunity – i.e., having their own computer in a private room, with minimal parental supervision
- Having access to a mobile phone from an early age
- Engaging in digital piracy
READ NEXT: Digital addiction: How to get your children off their screens
How do you know something’s wrong?
There are also a few signs that your child’s online activity may have got out of hand. For example, they could allude to private matters that suggest they may have been reading your emails/messages or they go to extreme lengths to protect their own privacy and refuse to share their logins.
Of course, this might not indicate anything more than merely kids being kids. In fact, an early interest in some types of software, such as penetration testing tools, could actually be more than welcome.
But as Thomas Holt, lead author of the MSU report, explains, without supervision, innocuous ‘games’ can escalate. Where might it lead? According to the NCA, anything from an official warning from officers, to a penalty fine, arrest, and even incarceration for the most serious offences.
Towards more positive outcomes
Parental control software downloaded to your child’s devices may help to catch the early warning signs of juvenile hacking, such as attempts to access specific cybercrime sites, hacking forums and other shady parts of the internet. But if they’ve already attained an elevated level of tech savvy, they will likely be able to hide any such activity.
READ ALSO: Controlling children’s use of technology: a preventive measure or an invasion of privacy?
That makes it more important than ever to find a positive outlet for their skills. Fortunately, there are various paths to take. Some governments run cybersecurity programs for school-aged students to test, hone and develop their skills. The natural progression from here would be towards a fully-fledged career in cybersecurity. An industry that has long experienced major workplace shortages means practitioners command a high starting salary and can expect a long and rewarding career.
There are also government and privately-run hacking competitions where all-comers can test their skills against the best in the world, and potentially showcase their talent to would-be employers.
Most important, though, is keeping the lines of communication open. Take an interest in your kids’ hobbies. And if you’re concerned they may be straying into illegality, remind them of the risks of doing so, and nudge them towards more positive and lawful opportunities.
There are some useful articles from the NCA to share with your kids here and here.
To learn more about more dangers faced by children online as well as about how technology can help, head over to Safer Kids Online.
written by Phil Muncaster, ESET