Check out all the on-demand sessions from the Intelligent Security Summit here.
Hackers are often thought of as individuals who sow chaos for the organizations they target. However, some hackers put their abilities to good use to become ethical hackers, making up for the damage caused. Despite there being huge growth in ethical hacking and prosperous career opportunities in this area, black hat hacking continues to attract young people due to their fascination with risky online behavior and tech savviness.
In 2017 the UK National Crime Agency commissioned a report that found the average age of a hacker was 17. Today, this is still true — consider recent incidents, such as when a 17-year-old led the charge on the Uber and Rockstar attacks.
What separates black hat hackers from white hat hackers is intent. Black hat hackers use their technical capabilities to maliciously compromise businesses’ data, while white hat hackers support organizations in finding weak points in their systems. But, at the end of the day, both use the same methods.
>>Don’t miss our special issue: The CIO agenda: The 2023 roadmap for IT leaders.<<
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
Even though there is a thin line between what ethical and unethical hackers do, young people can easily become more interested in attacking organizations due to peer pressure, or to seek social acceptance. This leaves many considering the attraction of unethical hacking and what organizations and communities can do to put young people’s talents to good use.
A slippery slope into a life of cybercrime
The love for coding and hacking often has humble beginnings. Starting out, young people may innocently taunt friends and siblings by hacking into their personal computers. Once hooked, young people begin to unearth more and more forums that outline organizations’ weak points and access tools, making hacking easier. As greater information about hacking comes to light, young people grow their abilities for hacking and cyber stunts.
This is the point where harmless fun can become harmful. Some young people continue to explore the friendly path of hacking — such as trying their skills on Hack the Box. Others, equipped with the capability, are lured into hitting bigger targets: businesses, schools and public organizations. This lure is nurtured by the ability to be anonymous and powerful.
Cybercrime is not like other crimes. Hackers commit the crime but rarely ever ‘do the time’. They hide their identity, location and IP address, making it extremely difficult to link them with their cyber wrongdoings. The anonymity that comes with hacking makes black hat hacking particularly appealing, as the likelihood of being caught for their crime is low.
Only 3 out of 1,000 cyber incidents in the U.S. lead to prosecution. The ease of dismantling an organization and throwing it into turmoil by leaking, compromising and destroying data all from behind a computer makes unethical hacking attractive. Black hat hacking allows young people to become more powerful than the organization.
Signs that young people have been lured to the dark side
Today, teenagers spend an average of more than 7 hours per day with their eyes glued to some kind of screen. With everyday online activities, including school, gaming or social media, spending time online is the norm, rather than the exception. This makes it nearly impossible to spot whether young people are involved in cyber-attacks on private and public sector organizations.
Ultimately, there are no clear signs. Young people spending hours on end behind computers is not a failsafe indicator that they are up to no good. It would be difficult for a parent, guardian or teacher to catch a young black hat hacker in the act unless they installed network monitoring tools. Even then, there’s a delicate balance between intrusion and light surveillance.
Steering young people onto the right path
The minds of young hackers can be packed full of technical knowledge and innovative approaches. There are opportunities for organizations to make something of these capabilities for ethical hacking, more commonly known as penetration testing.
Businesses and established ethical hackers need to put themselves directly in front of younger generations. Organizations, including the police, need to have a wider presence at school and university career events to shine a light on pen testing roles.
This should go beyond presenting a mundane talk. Presenters should run job simulations by demonstrating that ethical hacking is a viable — and even at times thrilling — career. They can also point young people toward pen testing internship and graduate opportunities.
It’s one thing to get young people into ethical hacking, but it’s another to ensure young people remain white hat hackers and do not start dabbling in black hat hacking. This will require businesses to lay out boundaries for all pen testers and fully inform customers of their pen testing objectives.
Organizations and the ethical hacking community have an important role in stopping young people from being led astray. They should actively share their pen testing tales with teenagers and provide opportunities to show that young people can turn their interests into a career. By doing so, we might buck the trend of young people falling into the black hat hacker trap.
Gillian Vanhauwaert is the penetration tester team lead at Defense.com.
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.
If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing an article of your own!