August 30, 2022 By Jennifer Gregory 4 min read

The search to find the mastermind of the attacker group Lapsus$ led to a home outside Oxford, England. The suspected leader was a 16-year-old. He helped take down some of the world’s biggest companies, including Microsoft, from his mother’s house. The BBC reported the teen is alleged to have earned $14 million from his attacks. The search for other group members led researchers to the arrest of six other teens.

The Lapsus$ group is just the latest example of teen cyber criminals. In 2021, Canadian police arrested a teen for stealing about $36.5 million in cryptocurrency using a SIM swap attack. Another teen, Ellis Pinsky, began stealing crypto when he was 15 and passed the $100 million mark by the time he was 18.

Why and how teenagers become attackers

Reducing cyber crime committed by teenagers starts with knowing their motivation and paths. Of course, each person has their own reasons for their actions. Many teens start hacking because the challenge and fun entice them. Other teens turn to cyber crime because of their beliefs regarding a specific issue. Money is also a common reason, as in the case of Lapsus$.

Many teens stumble into cyber crime by mistake as they cross the line between ethical and unethical activities. In episode 112 of Darknet Diaries, a teenager who identifies himself as Drew shares his journey. Drew started by running a discounted server for a video game that led to selling stolen usernames.

While some teens start out with video games and piracy, new tools have created new paths into cyber crime for teenagers. Crypto is quickly emerging as a gateway, with a 13-year-old becoming a multimillionaire selling NFT art. Cybercrime related to NFTs is also increasing, including phishing, fake art and crypto wallet cracking. Both NFTs and related cyber crime may rise. It’s likely that many teen cyber criminals will start their journey with NFTs.

Listen to the Podcast: Lured To The Dark Side — The Criminal Hacker Journey

4 ways to help keep teens from becoming cyber criminals

Teens who become cyber criminals often have a passion for, and expertise in, technology. The key to reducing the number who put on the black hat starts with focusing on using their interest and skills in positive ways instead of negative. The media often glorifies attackers, which can cause teens to gravitate toward the dark side. What if the industry focuses on increasing coverage and accolades for cybersecurity workers? That way, teens can see white hat roles or other professional careers in cyber defense.

Here are other ways to keep teens on the white hat path:

  1. Encourage ethical hacking. Simulations are the best way for businesses to prepare for a real cyberattack. Therefore, they need ethical hackers to play the role of the red team. Teens can see how they can get the same thrill by helping prevent cyber crimes instead of committing them. Share with teens about how if you walk into the office of Bluescreen in the UK you will find numerous former teen hackers now using their skills to help protect against attackers. Other teens may want to play the role of the defenders. After all, the role of a defender requires much greater skill than an attacker. As cybersecurity advisor Jay Hira explained, defenders must get it right 100% of the time, but attackers only need to be successful 1% of the time.
  2. Introduce digital badges and specializations. For teens who aren’t yet ready to earn certifications, digital badges are a positive way to begin. These badges teach skills that can lead to careers. Middle and high schools can encourage students to earn badges such as Cybersecurity Basics and Cybersecurity Compliance and System Administration. Teens who excel at those badges can combine badges to earn specializations, such as the Cybersecurity IT Fundamentals Specialization, which can help lead to a job in the industry. By starting this focus early in school, teens can start down a positive path before they are exposed to the possibility of committing cyber crimes.
  3. Educate teens on the consequences of cyber crimes. Many teens don’t view cyber crime as an actual crime because they don’t see a victim. By including education on cyber crime in schools and presenting cases where teens have served jail time, teens learn the consequences of these actions. Education should also focus on what constitutes a cyber crime and related laws. That can help aspiring hackers know when they are crossing the line into illegal activity.
  1. Share career paths for cybersecurity. Many teens are enticed by the money to be made as cyber criminals. Showing them that many high-paying careers exist in cybersecurity can often lead them to stay on the ethical side. Schools and parents: tell your kids that many lucrative cybersecurity positions do not require college degrees. Show what type of jobs they can land with certifications. Savvy students can even begin earning certifications while in high school so that they can be ready for their next step upon graduation. By showing that they can use their skills to earn money legally and have a very lucrative career, teens often stay interested in the positive side of cybersecurity. You can also share about white hat or ethical hacking as a career path, where they help organizations test their cybersecurity in a controlled environment.

The cybersecurity industry needs more workers to help reduce the skills shortage and the high number of open positions. And at the same time, the industry needs to reduce the number of cyber criminals. Focusing on educating teenagers, especially younger teens, can help accomplish both goals. By encouraging careers in cybersecurity, the industry can gain the professionals needed to combat increasingly high-volume and sophisticated attacks.

More from Risk Management

Working in the security clearance world: How security clearances impact jobs

2 min read - We recently published an article about the importance of security clearances for roles across various sectors, particularly those associated with national security and defense.But obtaining a clearance is only part of the journey. Maintaining and potentially expanding your clearance over time requires continued diligence and adherence to stringent guidelines.This brief explainer discusses the duration of security clearances, the recurring processes involved in maintaining them and possibilities for expansion, as well as the economic benefits of these credentialed positions.Duration of security…

Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

4 min read - On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE-2024-1708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code.While ConnectWise initially reported that the vulnerabilities had proof-of-concept but hadn’t been spotted in the wild, reports from customers quickly made it clear that hackers were actively exploring both flaws. As a result, the company created patches for…

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today