The search to find the mastermind of the attacker group Lapsus$ led to a home outside Oxford, England. The suspected leader was a 16-year-old. He helped take down some of the world’s biggest companies, including Microsoft, from his mother’s house. The BBC reported the teen is alleged to have earned $14 million from his attacks. The search for other group members led researchers to the arrest of six other teens.

The Lapsus$ group is just the latest example of teen cyber criminals. In 2021, Canadian police arrested a teen for stealing about $36.5 million in cryptocurrency using a SIM swap attack. Another teen, Ellis Pinsky, began stealing crypto when he was 15 and passed the $100 million mark by the time he was 18.

Why and How Teenagers Become Attackers

Reducing cyber crime committed by teenagers starts with knowing their motivation and paths. Of course, each person has their own reasons for their actions. Many teens start hacking because the challenge and fun entice them. Other teens turn to cyber crime because of their beliefs regarding a specific issue. Money is also a common reason, as in the case of Lapsus$.

Many teens stumble into cyber crime by mistake as they cross the line between ethical and unethical activities. In episode 112 of Darknet Diaries, a teenager who identifies himself as Drew shares his journey. Drew started by running a discounted server for a video game that led to selling stolen usernames.

While some teens start out with video games and piracy, new tools have created new paths into cyber crime for teenagers. Crypto is quickly emerging as a gateway, with a 13-year-old becoming a multimillionaire selling NFT art. Cybercrime related to NFTs is also increasing, including phishing, fake art and crypto wallet cracking. Both NFTs and related cyber crime may rise. It’s likely that many teen cyber criminals will start their journey with NFTs.

4 Ways to Help Keep Teens From Becoming Cyber Criminals

Teens who become cyber criminals often have a passion for, and expertise in, technology. The key to reducing the number who put on the black hat starts with focusing on using their interest and skills in positive ways instead of negative. The media often glorifies attackers, which can cause teens to gravitate toward the dark side. What if the industry focuses on increasing coverage and accolades for cybersecurity workers? That way, teens can see white hat roles or other professional careers in cyber defense.

Here are other ways to keep teens on the white hat path:

  1. Encourage ethical hacking. Simulations are the best way for businesses to prepare for a real cyberattack. Therefore, they need ethical hackers to play the role of the red team. Teens can see how they can get the same thrill by helping prevent cyber crimes instead of committing them. Share with teens about how if you walk into the office of Bluescreen in the UK you will find numerous former teen hackers now using their skills to help protect against attackers. Other teens may want to play the role of the defenders. After all, the role of a defender requires much greater skill than an attacker. As cybersecurity advisor Jay Hira explained, defenders must get it right 100% of the time, but attackers only need to be successful 1% of the time.
  2. Introduce digital badges and specializations. For teens who aren’t yet ready to earn certifications, digital badges are a positive way to begin. These badges teach skills that can lead to careers. Middle and high schools can encourage students to earn badges such as Cybersecurity Basics and Cybersecurity Compliance and System Administration. Teens who excel at those badges can combine badges to earn specializations, such as the Cybersecurity IT Fundamentals Specialization, which can help lead to a job in the industry. By starting this focus early in school, teens can start down a positive path before they are exposed to the possibility of committing cyber crimes.
  3. Educate teens on the consequences of cyber crimes. Many teens don’t view cyber crime as an actual crime because they don’t see a victim. By including education on cyber crime in schools and presenting cases where teens have served jail time, teens learn the consequences of these actions. Education should also focus on what constitutes a cyber crime and related laws. That can help aspiring hackers know when they are crossing the line into illegal activity. 
  1. Share career paths for cybersecurity. Many teens are enticed by the money to be made as cyber criminals. Showing them that many high-paying careers exist in cybersecurity can often lead them to stay on the ethical side. Schools and parents: tell your kids that many lucrative cybersecurity positions do not require college degrees. Show what type of jobs they can land with certifications. Savvy students can even begin earning certifications while in high school so that they can be ready for their next step upon graduation. By showing that they can use their skills to earn money legally and have a very lucrative career, teens often stay interested in the positive side of cybersecurity. You can also share about white hat or ethical hacking as a career path, where they help organizations test their cybersecurity in a controlled environment.

The cybersecurity industry needs more workers to help reduce the skills shortage and the high number of open positions. And at the same time, the industry needs to reduce the number of cyber criminals. Focusing on educating teenagers, especially younger teens, can help accomplish both goals. By encouraging careers in cybersecurity, the industry can gain the professionals needed to combat increasingly high-volume and sophisticated attacks.

more from Risk Management

A Response Guide for New NSA and CISA Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) recently published a report highlighting a range of critical security vulnerabilities requiring attention from organizations of all types. The report was published with input from the National Security Agency (NSA) and similar agencies worldwide. It should be considered essential reading.  Many of the vulnerabilities in the report are not new. Instead, the report…