Computer crime is a persistent challenge in the digital age, yet our collective understanding of it is skewed. Many would like to believe that people associated with criminal organizations or state-sponsored hacker collectives are the only people capable of devious behavior online. That is simply not the case. Individuals can perpetuate computer crime by not fully understanding the consequences of their actions, and they do not even need to be that old to do so. Indeed, it would appear that those responsible for committing illegal acts online are increasingly getting younger. As reported by The Guardian, the National Crime Agency (NCA) of the United Kingdom has found that the average age of those accused of criminal acts in the digital space has dropped to 17, as compared to 24 last year. This development, the NCA reasons, in part reflects the growing popularity of two common tools: ready-to-buy distributed denial-of-service (DDoS) packages, such as the Lizard Stresser DDoS platform created by the Lizard Squad hacking group following its Christmas DDoS attack against XBox Live and PlayStation Network last year, and remote access Trojans (RATs), which attackers can use to "slave" target computers and sextort their victims for money. Using either of these tools could result in serious consequences for offenders regardless of their age, the NCA explains. These could include the imposition of a penalty or fine, the seizure of all computer equipment, and/or prison time of up to 10 years. To impress upon teenagers the severity of computer-related offenses, the NCA has created the #CyberChoices initiative. A program targeting parents of children aged 12-15, #CyberChoices seeks to highlight not only the criminal tools that teenagers unwittingly flock to but also what the consequences might be if their children are found to have violated the Computer Misuse Act, which is in part evident in the arrests of several teenagers following the TalkTalk hack earlier this fall.
"Over the past few years the NCA has seen the people engaging in cyber crime becoming younger and younger," explains Richard Jones from the NCA's National Cyber Crime Unit. "We know that simply criminalising young people cannot be the solution to this and so the campaign seeks to help motivate children to use their skills more positively."
In a discussion of its program, the National Crime Agency notes that children may demonstrate a "healthy and positive" interest in computing by coding, spending significant quantities of their free time online, and consulting independent learning materials. For some, however, this interest could lead teens into the world of online crime, a transition which may manifest itself in a variety of behavioral changes. These include:
- They are resistant when asked about what they do online.
- They receive an income from their online activities.
- They spend all of their time online.
- They have irregular sleeping patterns.
- They seem more socially isolated.
Such behaviors are not automatically indicative of criminal activity. Fortunately, the NCA has identified this qualification:
"Many of the signs [above] are just normal teenage behaviours," the crime agency admits. "Taken in isolation they don't necessarily suggest a young person is at risk of getting involved in cyber crime. These are just possible indicators that your child is getting into the wrong activities."
The NCA goes on to recommend two courses of action. First, if a teen is found to be exhibiting any of the behaviors mentioned above, parents are encouraged to talk with them and to "assess their computer proficiency" so they can understand what their children are doing. To be fair, many parents might not grasp the full extent of their teenagers' skills, a fact which is depicted in a video created by the NCA. Even so, parents can still articulate the consequences of computer crime to their children and hope that what they say leaves an impression. Second, parents may decide to introduce their children to an organization that promotes information security training, such as Cyber Security Challenge or CREST. But this could have a limited impact.
"My observation is … that diverting a student to the nearest person whose job has anything to do with 'cyber security' is not likely to end with that student showing up at a security research lab," explains 'throwawayukcyb,' a user on Hacker News. "Similarly, I think it's a laughably bad idea to try to get a kid who is already checking out of school to prep for something like a CREST certification exam."
Instead, 'throwawayukcyb' recommends that parents focus on providing their children with anything that engages their intellect and not necessarily on matters that relate to security. That's a fair point. While we can hope that children with computer skills would find information security interesting, other non-computer-related pursuits would nevertheless divert their energies away from online crime, thereby leaving security personnel with one less computer criminal to worry about. Either way, a win-win for both children and infosec professionals. Title image courtesy of ShutterStock
