How teenagers can slip into a life of cybercrime
Former US congressman Beto O'Rourke is perhaps inadvertently the archetypal image of hackers in the public consciousness. As a teenager, he belonged to the legendary hacking group the Cult of the Dead Cow under the alias Psychedelic Warlord, and used his technical gifts to find a sense of community in cyberspace that perhaps he lacked in real life.
The group, which was founded by fellow teenager Grandmaster Ratte', is chronicled in Joseph Menn's recently published book that charts the rise and fall of the group, which charts not only the evolution of the group, but the evolution in attitudes towards hackers more generally. The book deftly crafts the collective as distinct from any notion of a criminal underworld, with the earliest members literally hacking around with the burgeoning internet hardware before evolving into a group whose general mission is a noble one of hacktivism.
At various points in their 30 year existence, the group has taken on the likes of Microsoft and the Chinese state, with tools such as Back Orifice setting the standards for ethical hacktivism, and showcased various vulnerabilities in the Windows operating system. Indeed, they even played a part in the creation of Tor and other tools designed to help keep our privacy safe online.
A reputable profession
Despite this, it’s perhaps fair to say that hacking is still regarded as a largely illegal activity that is likely to get the exponent into trouble with the law. Nonetheless, it’s a path that many young people are inevitably drawn to. A recent study from Flinders Criminology examines the connection between legal online activity and cybercrime, and how the willingness of young people to seek out a sense of power or quick thrills online can rapidly descend into a life of cybercrime.
The study suggests that the very nature of the internet can inadvertently encourage cybercrime, as it blurs the normal social boundaries that exist, which can make it much easier for people to do things online that they wouldn’t dream of doing offline. Couple this with the natural sense of curiosity inherent in most teenagers, and the virtual world can encourage whole new levels of experimentation.
"The internet allows young people to limit their social involvement exclusively to particular associations or networks, as part of a trend we've termed 'digital drift',” the researchers say. “From a regulatory perspective, we're finding this poses significant challenges as it degrades young people's impulse controls."
Seduced by the dark side
The paper describes this drift into the darker reaches of the virtual world as a form of seduction, as activities are often simultaneously attractive and compelling. The addictive nature of the web can make it significantly easier to enter than to leave, and the authors believe more effort needs to be made to better understand the kind of technologies used by young people.
The research builds upon previous research, from the UK’s National Crime Agency (NCA), which highlights how many young people are not driven to cybercrime by the potential of financial reward, so much as they are by the potential for recognition and popularity on online forums and among their peer group. For many, the sense of accomplishment by pulling off cybercrime is a far greater incentive than any financial rewards that may emerge on the other side.
As the Flinders research reminds us, this is often as much an intellectual exploration, and should not be regarded as some form of criminal pathology that will inevitably lead that young person onto a lifetime of crime.
The NCA report cites the example of an 18-year-old who was arrested after breaking into a US government website. After his arrest, he informed police that he did it to impress his peers in the hacking community. It was a form of showing his skills off, and he had little real interest in the government agency in question.
Attempts have been made to allow young people to engage in ethical hacking from an early age, with competitions such as Inter-ACE featuring teams from universities across the UK, each trying to capture and then defend infrastructure from hackers in a virtual war game. The winners of the competition then go forward to the Cambridge v Cambridge transatlantic challenge with university teams from the United States.
The road to redemption
For those who have already stepped onto the wrong side of the law, however, there are signs that it might not be the life sentence it previously was. Companies such as the UK’s Bluescreen IT offer convicted hackers a second chance to ply their skills in a legal way. The company have a direct link with the police to use convicted hackers as a key part of their talent pipeline.
In many ways, this is a sensible approach in an industry that is beset by skills shortages. Despite nearly half of British businesses reporting cyber attacks each year, at a total cost of several billion pounds, organizations have huge trouble finding the talent they need to keep their businesses safe.
Various estimates highlight the scale of the problem, with data from ISC putting the shortfall at around 3 million people worldwide. Indeed, it's estimated that 75% of the people who apply for cybersecurity roles today lack the skills required to do the job effectively. Tapping into a talent pool of youngsters who clearly have these skills, but who have fallen foul of the law, may be an effective way of bridging the skills gap.
As the journey of The Cult of the Dead Cow shows, even among young people who struggle to stay within the boundaries as young people, they can nonetheless make highly valuable and respectable members of society, even if some fall by the wayside and become congressmen. As a society, we’re duty bound to ensure those talents are not lost.