Availability of ready-made exploits helping young get into cyber-crime
Availability of ready-made exploits helping young get into cyber-crime

The National Crime Agency (NCA) has today published research into how and why some young people become involved in cyber-crime.

According to the NCA, the availability of off-the-shelf hacking tools such as DDoS-for-hire services and Ransomware-as-a-Service companies, who have step-by-step tutorials and come at little to no cost, the skills barrier for entry into cyber-crime is lower than it has ever been.

The report also highlights that whilst there is no socio-demographic bias in cyber-crime communities, with people across the country from different backgrounds among offenders, the average age of cyber-criminals is significantly younger than other crime types.

In 2015, the average age of suspects in NCA cyber-crime investigations was 17 years old, compared to 37 in NCA drugs cases and 39 in NCA economic crime cases.

The report emphasises that financial gain is not necessarily a priority for young offenders. Instead, the sense of accomplishment at completing a challenge, and proving oneself to peers in order to increase online reputations are the main motivations for those involved in cyber criminality.

Dr Jamie Graves, CEO at ZoneFox told SC Media UK: “The report details that criminal hackings are considered ‘cool' and done to impress peers. Now is the time for the UK to really focus on tackling this by putting an emphasis on trying to flip young people's attitudes on cyber-security from ‘bad' to ‘good'.”

The report, which is based on debriefs with offenders and those on the fringes of criminality, explores why young people assessed as unlikely to commit more traditional crimes get involved in cyber-crime.

During his debrief, Subject 7, who was jailed for fraud offences and violating the Computer Misuse Act, told officers, “…it made me popular, I enjoyed the feeling…I looked up to those users with the best reputations”.

The report identifies that some offenders begin by participating in gaming cheat websites and “modding” (game modification) forums before progressing to criminal hacking forums.

Subject 1, a member of a hacking collective who sold DDoS tools and Botnet services, told officers that a warning from law enforcement would have made him stop his activities.

Graves added: "Instead of spending resources looking to suppress these highly intelligent young individuals and put them behind bars, we should be identifying them and nurturing and encouraging them to contribute positively in roles that can utilise their skills, both in the private and public sectors. This will not only empower them for good, but also boost the economy and safeguard the nation."

The report also identifies education and opportunities to use skills positively as helpful in steering potential offenders towards a future career in cyber-security.

Richard Jones, head of the National Cyber Crime Unit's Prevent team, said: “The aim of this assessment has been to understand the pathways offenders take, and identify the most effective intervention points to divert them towards a more positive path. That can be as simple as highlighting opportunities in coding and programming, or jobs in the gaming and cyber industries, which still give them the sense of accomplishment and respect they are seeking.”

David Emm, principal security researcher, Kaspersky Lab told SC:  “As the report mentions, a young person's interest in hacking often begins completely innocently, spurred by their curious and impulsive nature to learn about basic programming and game modding. However if this curiosity is not properly harnessed and supervised by parents or guardians, it can potentially turn into something with more serious consequences. As the first truly digital native generation, it's frighteningly easy for children today to find their way into the dark corners of the internet or be exposed to content way beyond their years.”