How and why do some young people become involved in cyber crime, given that the average age of suspects and arrests in the UK’s National Cyber Crime Unit (NCCU) investigations in 2015 was 17? Which compares with 37 in National Crime Agency drugs cases and 39 in economic crime (fraud) cases?
The Agency (NCA) has published a report, based on debriefs with offenders and those on the fringes of criminality. Financial gain is not necessarily a priority for the young offenders. Instead, the sense of accomplishment at completing a challenge, and proving oneself to peers to increase online reputations are the main motivations for those involved in cyber criminality.
To read the 17-page report, including an analysis of the debriefs, visit the NCA website. Among the report’s suggestions, offenders perceive the likelihood of encountering law enforcement as low; availability of low-level hacking tools encourages criminal behaviour; and as that implies, cyber crime is not solitary and anti-social. Social relationships, albeit online, are key. They may begin to participate in gaming cheat websites and ‘modding’ (game modification) forums and progress to criminal hacking forums, without considering possible consequences. Forum interaction and building of reputation drives young cyber criminals. Once the law is broken, later transgressions become easier, the report points out; forums are highly social, the law is seldom considered and if it is, it’s dismissed; role models may be the cyber criminal at the ‘top of the ladder’.
The NCCU Prevent team has begun to do behavioural debriefs with former cyber criminals; eight by the time of the report. As one offender during his debrief, later jailed for Computer Misuse Act and fraud offences, told officers, “… it made me popular, I enjoyed the feeling … I looked up to those users with the best reputations”.
The report identifies that some offenders begin by participating in gaming cheat websites and ‘modding’ (game modification) forums before progressing to criminal hacking forums. Off-the-shelf tools such as DDOS-for-hire services and Remote Access Trojans (RATs) are available with step by step tutorials on the open web at little to no cost to the user, making the skills barrier for entry into cyber crime – with the ability to cause significant harm – lower than ever. As the report says, many illegal products are advertised openly on low level hacking or gaming forums.
While there appears no socio-demographic bias, with people across the country from different backgrounds among offenders, the average age of cyber criminals is significantly younger than other crime types.
Subject 1, a member of a hacking collective who sold DDoS tools and Botnet services, told officers that a warning from law enforcement would have made him stop. The report says that 80 ‘cease and desist’ visits have been co-ordinated or carried out directly by NCCU Prevent since November 2013.
The report also identifies education and opportunities to use skills positively as helpful in steering potential offenders towards a future career in cyber security. Autism spectrum disorder (ASD) appears to be more prevalent among cyber criminals than the general populace, though this remains unproven.
Richard Jones, Head of the National Cyber Crime Unit’s Prevent team, said: “Even the most basic forms of cyber crime can have huge impacts and the NCA and police will arrest and prosecute offenders, which can be devastating to their future. That means there is great value in reaching young people before they ever become involved in cyber crime, when their skills can still be a force for good.
“The aim of this assessment has been to understand the pathways offenders take, and identify the most effective intervention points to divert them towards a more positive path. That can be as simple as highlighting opportunities in coding and programming, or jobs in the gaming and cyber industries, which still give them the sense of accomplishment and respect they are seeking.”
For the report in full visit http://www.nationalcrimeagency.gov.uk/publications/791-pathways-into-cyber-crime/file.
Comments
For comment by Ellie Hurst of Advent IM visit https://www.linkedin.com/pulse/im-pondering-those-teenage-hackers-ellie-hurst.
Gavin Millard – EMEA Technical Director of Tenable Network Security said: “While I agree that mentorship and positive opportunities can go a long way toward encouraging the next generation of security professionals, I’m alarmed at the conclusion that curiosity and a talent for computers is a gateway drug to a life of cyber crime. Many security professionals have access to some of the most advanced hacking tools and, aside from the odd speeding ticket, have never broken the law. This isn’t a cyber problem; it’s a socio-economic problem, and it highlights why we need to do more to encourage STEM learning early in the education process and develop a trained and ethical cyber workforce.”
