The search to find the mastermind of the attacker group Lapsus$ led to a home outside Oxford, England. The suspected leader was a 16-year-old. He helped take down some of the world’s biggest companies, including Microsoft, from his mother’s house. The BBC reported the teen is alleged to have earned $14 million from his attacks. The search for other group members led researchers to the arrest of six other teens.

The Lapsus$ group is just the latest example of teen cyber criminals. In 2021, Canadian police arrested a teen for stealing about $36.5 million in cryptocurrency using a SIM swap attack. Another teen, Ellis Pinsky, began stealing crypto when he was 15 and passed the $100 million mark by the time he was 18.

Why and How Teenagers Become Attackers

Reducing cyber crime committed by teenagers starts with knowing their motivation and paths. Of course, each person has their own reasons for their actions. Many teens start hacking because the challenge and fun entice them. Other teens turn to cyber crime because of their beliefs regarding a specific issue. Money is also a common reason, as in the case of Lapsus$.

Many teens stumble into cyber crime by mistake as they cross the line between ethical and unethical activities. In episode 112 of Darknet Diaries, a teenager who identifies himself as Drew shares his journey. Drew started by running a discounted server for a video game that led to selling stolen usernames.

While some teens start out with video games and piracy, new tools have created new paths into cyber crime for teenagers. Crypto is quickly emerging as a gateway, with a 13-year-old becoming a multimillionaire selling NFT art. Cybercrime related to NFTs is also increasing, including phishing, fake art and crypto wallet cracking. Both NFTs and related cyber crime may rise. It’s likely that many teen cyber criminals will start their journey with NFTs.

Listen to the Podcast: Lured To The Dark Side — The Criminal Hacker Journey

4 Ways to Help Keep Teens From Becoming Cyber Criminals

Teens who become cyber criminals often have a passion for, and expertise in, technology. The key to reducing the number who put on the black hat starts with focusing on using their interest and skills in positive ways instead of negative. The media often glorifies attackers, which can cause teens to gravitate toward the dark side. What if the industry focuses on increasing coverage and accolades for cybersecurity workers? That way, teens can see white hat roles or other professional careers in cyber defense.

Here are other ways to keep teens on the white hat path:

  1. Encourage ethical hacking. Simulations are the best way for businesses to prepare for a real cyberattack. Therefore, they need ethical hackers to play the role of the red team. Teens can see how they can get the same thrill by helping prevent cyber crimes instead of committing them. Share with teens about how if you walk into the office of Bluescreen in the UK you will find numerous former teen hackers now using their skills to help protect against attackers. Other teens may want to play the role of the defenders. After all, the role of a defender requires much greater skill than an attacker. As cybersecurity advisor Jay Hira explained, defenders must get it right 100% of the time, but attackers only need to be successful 1% of the time.
  2. Introduce digital badges and specializations. For teens who aren’t yet ready to earn certifications, digital badges are a positive way to begin. These badges teach skills that can lead to careers. Middle and high schools can encourage students to earn badges such as Cybersecurity Basics and Cybersecurity Compliance and System Administration. Teens who excel at those badges can combine badges to earn specializations, such as the Cybersecurity IT Fundamentals Specialization, which can help lead to a job in the industry. By starting this focus early in school, teens can start down a positive path before they are exposed to the possibility of committing cyber crimes.
  3. Educate teens on the consequences of cyber crimes. Many teens don’t view cyber crime as an actual crime because they don’t see a victim. By including education on cyber crime in schools and presenting cases where teens have served jail time, teens learn the consequences of these actions. Education should also focus on what constitutes a cyber crime and related laws. That can help aspiring hackers know when they are crossing the line into illegal activity.
  1. Share career paths for cybersecurity. Many teens are enticed by the money to be made as cyber criminals. Showing them that many high-paying careers exist in cybersecurity can often lead them to stay on the ethical side. Schools and parents: tell your kids that many lucrative cybersecurity positions do not require college degrees. Show what type of jobs they can land with certifications. Savvy students can even begin earning certifications while in high school so that they can be ready for their next step upon graduation. By showing that they can use their skills to earn money legally and have a very lucrative career, teens often stay interested in the positive side of cybersecurity. You can also share about white hat or ethical hacking as a career path, where they help organizations test their cybersecurity in a controlled environment.

The cybersecurity industry needs more workers to help reduce the skills shortage and the high number of open positions. And at the same time, the industry needs to reduce the number of cyber criminals. Focusing on educating teenagers, especially younger teens, can help accomplish both goals. By encouraging careers in cybersecurity, the industry can gain the professionals needed to combat increasingly high-volume and sophisticated attacks.

More from Risk Management

The Role of Finance Departments in Cybersecurity

Consumers are becoming more aware of the data companies collect about them, and place high importance on data security and privacy. Though consumers aren’t aware of every data breach, they are justifiably concerned about what happens to the data companies collect. A recent study of consumer views on data privacy and security revealed consumers are more careful about sharing data. The majority of respondents (87%) say they wouldn’t do business with companies that appear to have weak security. Study participants also…

What Does a Network Security Engineer Do?

Cybersecurity is complex. The digital transformation, remote work and the ever-evolving threat landscape require different tools and different skill sets. Systems must be in place to protect endpoints, identities and a borderless network perimeter. The job role responsible for handling this complex security infrastructure is the network security engineer. In a nutshell, the network security engineer is the person who is responsible for the design and implementation of the organization’s security system, ensuring there are no gaps or vulnerabilities for…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

What is Reverse Tabnabbing and What Can You Do to Stop It?

Tabnabbing is a phishing method in which attackers take advantage of victims’ unattended browser tabs. After hijacking an inactive tab and redirecting it to malicious URLs, an attacker can perform a phishing attack and execute scripts. With reverse tabnabbing, on the other hand, attackers can actually rewrite the source page after a victim clicks a malicious link. Usually, this means replacing a source page with a phishing site before the victim navigates back to that original tab. Here, the redirection…