Turning kids away from cybercrime

A pen tester, an educator and an ex-cop on efforts to channel burgeoning skills in a positive direction

Turning kids away from cybercrime

Image:
Turning kids away from cybercrime

As cybercrime continues to rise so do efforts to divert young people from the dark side, but are they doing enough?

Everyone knows about the yawning cyber skills gap that leaves organisations, particularly smaller ones, unprotected against the terrors that roam the web. The fact that kids learn fast and that teenagers who have grown up in a digital world often possess cyber talents leave their older peers in the dust is also common knowledge. Could a mutually beneficial solution be found?

Certainly, there are many efforts in this area, but there's a fairly hefty caveat: some kids are active perpetrators of cybercrime. In a recent talk for Computing, Chris White, head of cyber and innovation at the South East Cyber Resilience Centre (SECRC), said the average cyber offender is aged just 17-and-a-half, compared with 27 for most other types of crime.

In a previous article we looked at how the signposts to a career in cybersecurity are not always clear, and how projects like Cyber Explorers, run by training company QA for the government, are highlighting the opportunities and dangers of the online world to 11-to-14-year-old pupils in schools.

We'll return to this and other schemes shortly, but first what drives young people to step over the line into knowing criminality, and what can parents, guardians, teachers and organisations do to persuade them to use their talents to more legitimate ends?

A dangerous game

For young people, transgressions online often happen in a grey area where the line between experimentation and criminal intent is unclear. Its just like getting to another level in a game.

Online games occupy a major role in children's lives, one that increased during the lockdowns. They can also provide their first taste of hacking.

"There is a massive market for hacks for games," said Gillian Vanhauwaert, pen test team lead at Stevenage-based cybersecurity services company Bulletproof. "There's even software as a service, where people will pay a monthly or weekly fee to get a hack for that long."

For most teenagers, hacking games and getting access to in-game content are of more interest than dealing on the dark web, Vanhauwaert said. She doesn't believe money is the primary motivation, at least not at first.

"It can be bragging rights within the gaming communities, I want to get access to the newest game or I want to see if I can break this game, get myself in-game credits or something, and then people tend to psych each other on. If you're in a group and one person says 'hey, if you want in-game credits, I can do that for you,' then that definitely puts them a step up on the ladder, especially at an impressionable age."

But while money may not be the initial draw, teenagers can earn a tidy income selling game hacks this may be a gateway to darker pursuits, she added.

Others just want to hit back at authority or to right a perceived wrong.

"Some get annoyed at school and say, 'let's see if I can bring the network down'. And I heard of a threat actor who started because they kept hearing about animal abuse and they got really angry. He wanted to do something, but he didn't want to go on streets and protest."

For those who knowingly cross the line or who are in it for the thrills, the anonymity of the web means they don't see the real-world consequences of their actions. To them, it may be just another game, a victimless crime.

Whatever their initial motivation, the liberating anonymity of gaming chatrooms, where you can be whoever you want to be, also provides cover for people looking to groom children and coerce them into criminal activities. Adults may be slow to spot the signs or know the best way to reduce the risk, Vanhauwaert said.

"It's very difficult. Some kids spend all day behind a screen, but that doesn't mean they're hackers. If you have an open relationship, you can talk about it and steer them in the right path. But there's a line between how much do you want to spy on your kids as well."

Vanhauwaert recommends that cyber professionals become more proactive. They should make a point of visiting schools and colleges to talk about their work. Not only can they hopefully nudge kids off a dangerous path they may be on, but they will also raise the profile of their organisations and potentially help with the skills gap. "Planting that seed really early on is something that businesses can definitely do. I have personally gone to schools to try and show people that it is a really fun job."

Encouraging the ethical use of technology

To tackle the problem of young people getting involved in cybercrime, teachers, parents, guardians police and government must all work together, and there are a variety of programmes designed to do that, one of which is Cyber First and its offshoot Cyber Explorers.

Cyber Explorers operatives help teachers to recognise the warning signs and are in regular contact with the Regional Organised Crime Agencies, according to CyberFirst project manager Mark Baldwin. The programme promotes Cyber Choices - the National Crime Agency (NCA)'s programme to reduce cyber crime - and talks about the Computer Misuse act, and it maintains multiple connections with the industry.

"We take part in national steering groups and cyber clusters throughout the UK, such as UKC3. The NCSC [National Cyber Security Centre] has remained a close partner in feeding into content development and has taken an active role in the platform, and we have also partnered with the British Computing Society to help promote and support the programme nationally. We work with the regional STEM ambassadors too," Baldwin said.

"The main message of Cyber Explorers is to encourage ethical use of technology, we do this by not glorifying criminal activity and continually, yet subtly, reiterating that crime doesn't pay."

We need to stop using the easy methods and be disruptive

However, cybersecurity consultant and former police officer Shelton Newsham fears there are too many cracks in the system for the most disadvantaged kids to fall through. Newsham calls for better coordination and collaboration.

"There are so many initiatives it's hard to keep track", he told Computing. "Whilst they have different objectives, by collaborating we could create more impactful projects."

According to Newsham, while the easier-to-reach participants are well catered for, with the same schools typically engaging every year, those electively home educated or outside mainstream education are often neglected. Unfortunately, these are the very kids who are often targeted by cybercriminals in online forums.

"It's not easy and it takes a lot of work, but there are individuals who haven't been provided ethical computing guidance, and who have more unmonitored and potentially unrestricted access to the internet, including the dark net. Programmes could make a significant impact here, but I still hear a lot of talk but not enough activity. I know a few officers try, but this needs national focus more than words.

"Kids are still falling into crime and visibility is poor. Schools and clubs who actively engage year-on-year know about the schemes, but you be hard-pressed to see any promotional material elsewhere.

"We need to stop using the easy methods and be disruptive. That's what the criminals do and that's why they continue to succeed."