August 30, 2022 By Jennifer Gregory 4 min read

The search to find the mastermind of the attacker group Lapsus$ led to a home outside Oxford, England. The suspected leader was a 16-year-old. He helped take down some of the world’s biggest companies, including Microsoft, from his mother’s house. The BBC reported the teen is alleged to have earned $14 million from his attacks. The search for other group members led researchers to the arrest of six other teens.

The Lapsus$ group is just the latest example of teen cyber criminals. In 2021, Canadian police arrested a teen for stealing about $36.5 million in cryptocurrency using a SIM swap attack. Another teen, Ellis Pinsky, began stealing crypto when he was 15 and passed the $100 million mark by the time he was 18.

Why and how teenagers become attackers

Reducing cyber crime committed by teenagers starts with knowing their motivation and paths. Of course, each person has their own reasons for their actions. Many teens start hacking because the challenge and fun entice them. Other teens turn to cyber crime because of their beliefs regarding a specific issue. Money is also a common reason, as in the case of Lapsus$.

Many teens stumble into cyber crime by mistake as they cross the line between ethical and unethical activities. In episode 112 of Darknet Diaries, a teenager who identifies himself as Drew shares his journey. Drew started by running a discounted server for a video game that led to selling stolen usernames.

While some teens start out with video games and piracy, new tools have created new paths into cyber crime for teenagers. Crypto is quickly emerging as a gateway, with a 13-year-old becoming a multimillionaire selling NFT art. Cybercrime related to NFTs is also increasing, including phishing, fake art and crypto wallet cracking. Both NFTs and related cyber crime may rise. It’s likely that many teen cyber criminals will start their journey with NFTs.

Listen to the Podcast: Lured To The Dark Side — The Criminal Hacker Journey

4 ways to help keep teens from becoming cyber criminals

Teens who become cyber criminals often have a passion for, and expertise in, technology. The key to reducing the number who put on the black hat starts with focusing on using their interest and skills in positive ways instead of negative. The media often glorifies attackers, which can cause teens to gravitate toward the dark side. What if the industry focuses on increasing coverage and accolades for cybersecurity workers? That way, teens can see white hat roles or other professional careers in cyber defense.

Here are other ways to keep teens on the white hat path:

  1. Encourage ethical hacking. Simulations are the best way for businesses to prepare for a real cyberattack. Therefore, they need ethical hackers to play the role of the red team. Teens can see how they can get the same thrill by helping prevent cyber crimes instead of committing them. Share with teens about how if you walk into the office of Bluescreen in the UK you will find numerous former teen hackers now using their skills to help protect against attackers. Other teens may want to play the role of the defenders. After all, the role of a defender requires much greater skill than an attacker. As cybersecurity advisor Jay Hira explained, defenders must get it right 100% of the time, but attackers only need to be successful 1% of the time.
  2. Introduce digital badges and specializations. For teens who aren’t yet ready to earn certifications, digital badges are a positive way to begin. These badges teach skills that can lead to careers. Middle and high schools can encourage students to earn badges such as Cybersecurity Basics and Cybersecurity Compliance and System Administration. Teens who excel at those badges can combine badges to earn specializations, such as the Cybersecurity IT Fundamentals Specialization, which can help lead to a job in the industry. By starting this focus early in school, teens can start down a positive path before they are exposed to the possibility of committing cyber crimes.
  3. Educate teens on the consequences of cyber crimes. Many teens don’t view cyber crime as an actual crime because they don’t see a victim. By including education on cyber crime in schools and presenting cases where teens have served jail time, teens learn the consequences of these actions. Education should also focus on what constitutes a cyber crime and related laws. That can help aspiring hackers know when they are crossing the line into illegal activity.
  1. Share career paths for cybersecurity. Many teens are enticed by the money to be made as cyber criminals. Showing them that many high-paying careers exist in cybersecurity can often lead them to stay on the ethical side. Schools and parents: tell your kids that many lucrative cybersecurity positions do not require college degrees. Show what type of jobs they can land with certifications. Savvy students can even begin earning certifications while in high school so that they can be ready for their next step upon graduation. By showing that they can use their skills to earn money legally and have a very lucrative career, teens often stay interested in the positive side of cybersecurity. You can also share about white hat or ethical hacking as a career path, where they help organizations test their cybersecurity in a controlled environment.

The cybersecurity industry needs more workers to help reduce the skills shortage and the high number of open positions. And at the same time, the industry needs to reduce the number of cyber criminals. Focusing on educating teenagers, especially younger teens, can help accomplish both goals. By encouraging careers in cybersecurity, the industry can gain the professionals needed to combat increasingly high-volume and sophisticated attacks.

More from Risk Management

Cost of a data breach: Cost savings with law enforcement involvement

3 min read - For those working in the information security and cybersecurity industries, the technical impacts of a data breach are generally understood. But for those outside of these technical functions, such as executives, operators and business support functions, “explaining” the real impact of a breach can be difficult. Therefore, explaining impacts in terms of quantifiable financial figures and other simple metrics creates a relatively level playing field for most stakeholders, including law enforcement.IBM’s 2024 Cost of a Data Breach (“CODB”) Report helps…

How Paris Olympic authorities battled cyberattacks, and won gold

3 min read - The Olympic Games Paris 2024 was by most accounts a highly successful Olympics. Some 10,000 athletes from 204 nations competed in 329 events over 16 days. But before and during the event, authorities battled Olympic-size cybersecurity threats coming from multiple directions.In preparation for expected attacks, authorities took several proactive measures to ensure the security of the event.Cyber vigilance programThe Paris 2024 Olympics implemented advanced threat intelligence, real-time threat monitoring and incident response expertise. This program aimed to prepare Olympic-facing organizations…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today