There’s no doubt that cybersecurity is serious business, but in some cases, compromising a device or penetrating a network can be child’s play. Hacktivist groups like Anonymous as well as hacker forums and chatrooms have growing ranks of underage hackers joining in.
While some children are learning to be “white hat” security researchers, like Reuben Paul, an 11 year-old boy who demonstrated how to hack a teddy bear at cybersecurity conference, an unfortunate number of other computer-minded young people engage in illegal and destructive acts. Some researchers in the cybersecurity community have organized events to help shape young people’s interest in computers in a more positive direction, such as DEF CON Kids (now called r00tz Asylum), which runs parallel to the main DEF CON event, or competitions like Pico CTF. Even with a growing number of these events and competitions, the lure of fame, glory, and cash can prove too hard to resist.
In 2011, a British teen going by the handle of “Topiary” was arrested by UK officials in connection with a series of hacks and cyber vandalism related to the infamous LulzSec group, which was responsible for attacks on the CIA and major corporations. In 2016, another British teen was arrested in connection with attacks on the FBI and CIA, using sophisticated security tools that made him difficult to track.
In 2012, German police raided the houses of over 100 suspects, investigating links to hacktivism activities related to the group Anonymous, and it was reported that a majority of those suspects were underage. Later in 2012, several accounts owned by journalist Mat Honan were hacked by a young hacker going by the handle “Phobia”. The teen used an alarmingly simple process to gain access to Honan’s AppleID, Gmail, and Twitter accounts, which he detailed with the journalist over a series of anonymous Twitter direct messages.
Another major data breach was caused by a group of hackers, at least one of which was only 16 years-old at the time. The teen was arrested for hacking the UK telecom company Talk Talk, and admitted he did it because he was “showing off to [his] mates”. The Talk Talk breach allegedly cost the firm £42 million, including a £400,000 fine.
While it’s clear the state-sponsored hacking and insider threats are major causes of concern for data breaches, cybersecurity researchers should also keep an eye out for young adults who are recruited by hacktivist groups, and who can learn the tricks of the trade with a simple search of the dark web.