Download the poster in different languages.
It is not unusual for teenagers and young people to get involved in cybercriminal activities at an early age. Some do it for fun without realising the consequences of their actions – but the penalties can be severe. Cybercrime isn’t a victimless crime and it is taken extremely seriously by law enforcement. The minors that become involved in cybercrime often have a skill set that could be put to a positive use. Skills in coding, gaming, computer programming, cyber security or anything IT-related are in high demand and there are many professional careers and opportunities available to anyone with IT talent and an interest in these areas.
WHAT ARE SOME EXAMPLES OF CYBERCRIMES THAT INVOLVE PREDOMINANTLY YOUNG OFFENDERS?
- Hacking – involves gaining access to someone’s computer network without their permission and then taking control, and/or taking information from an organisation, agency or individual. Basic examples may include accessing a secure area on a school’s computer network to look for test paper answers or trying to change test scores.
- Malicious software - making, supplying, or obtaining malware, viruses, spyware, botnets, and Remote Access Trojans (RATs) is a criminal activity. These programmes allow cybercriminals to get into other people’s computers without their permission. “Pranking”, by remotely accessing a friend’s computer without their knowledge and messing around with it, is illegal.
- DDoS - a Distributed Denial of Service (DDoS) attack, or ‘booting’, consists of sending a large amount of internet traffic towards a website to stop somebody or anybody from accessing it. Booting someone offline whilst playing online games may seem like a harmless joke, it may be challenging and entertaining - but it is illegal.
- In most countries, if someone is caught doing something even as simple as using a stresser to boot another player out of an online game, he/she could get under the radar of the police and, if they keep doing it, even a prison sentence.
- Less tech-savvy youngsters, also known as ‘script kiddies’, could use stressers to attack a website they dislike, or even their school’s website. They are often unaware that this is illegal and see it as a simple prank. However, it is a criminal activity and the consequences can be serious!
- Becoming involved with DDoS attacks is considered a gateway crime, leading to more serious activities, including ransomware attacks. Even though the youngsters involved do not pursue this activity for the financial rewards, they could become entangled in various illegal activities and even organized crime groups.
WHAT CAN GO WRONG?
Consequences vary from country to country, but young people who get involved in cybercrime could face the following:
- A visit and a warning from the police, as well as a penalty fine
- Arrest and a prison sentence for serious offences
- Their computers being seized and/or being prevented from accessing the internet
ADVICE FOR TEACHERS
- TALK - If you are worried about one of your students, speak to them about what they are doing, try and point out the difference between harmless exploration/curiosity online and illegal online activity. Tell them about the consequences of cybercrime for the offender and for the victim. Try mentoring them and showing them positive ways to use their skills. If you are very concerned, you should consider alerting the students’ parents.
- DETER- The best way to help to deter tech-savvy and talented students from getting involved in entry level cybercrimes is to offer them constructive and positive alternatives.
REPORT - If you believe that your school is the victim of a cybercrime attack or that a student is engaging in cybercriminal activities, you should report it to the school and to the local police: Report Cybercrime Online
ADVICE FOR PARENTS
Given the past years’ fast technological progress, is it quite common for children to easily become tech-savvy. However, they still need your help and guidance to make sure that they stay on the right path. Unfortunately, their talent could be exploited by cybercriminals rather than put to good use in the world of cybersecurity. Once they are on the radar of law enforcement, their professional and educational futures might be compromised. Cybersecurity companies tend to avoid hiring convicted hackers, regardless of how talented and tech-savvy they might be.
Some of the indicators that your child may be at risk of becoming involved in cybercrime include:
- They spend most of their time online and are often secretive about their activities;
- They are excessively interested in coding;
- They seem to gain an additional income from their online activities, but they do not talk about how they do it;
- Your home network’s monthly data allowance is often met;
- They socialize more in the online world than offline
Many children will have an active interest in coding and programming, spend a lot of time online and have independent learning materials. These are all signs of a healthy and positive interest in computing and the development of those extremely valuable skills should be encouraged – but in a lawful way.
The research paper “Youth Pathways into Cybercrime” attempts to explain the pathways that lead some young people into cybercrime. The report highlights the need to develop effective prevention and intervention strategies as well as the importance of promoting alternatives, positive (and legal) ways of channelling young talents toward careers in the tech and security sectors.
Youth Pathways into Cybercrime: case study
Teenage hacking of online forum
Luke, a teenage boy, is thrilled by the challenge of hacking into websites. He starts learning hacking skills by asking questions on forums and experimenting with freely available hacking tools. Luke learns about Hydra, a network logon cracker program that automatically tries username and password combinations from a large list of known usernames and passwords to “lockpick” access to the target website. Hydra frequently succeeds, because users tend to choose simple passwords and reuse them on different websites. Luke starts using Hydra to hack into web forums.
At first he uses a list of usernames and passwords publicly available on the Internet, but once he succeeds in getting administrator access to a forum, he expands his list with the contents of the compromised forum database, which makes Luke more effective at hacking other online forums.
Although Luke's technical skills are not very advanced, the combination of freely available hacking tools, tutorials and advice from other hackers allowed Luke to be an effective hacker for a time. His hacking is eventually discovered by the administrator of a popular online forum and Luke is apprehended by the police.
Download the research Youth Pathways into Cybercrime.
WHAT CAN YOU DO?
- TALK – chat with your child/teenager about acceptable online behaviour. Take an interest in what they do, help them understand the difference between right and wrong in the cyber world, just as you would do in any offline world situation
- BEHAVIOUR - talk to them about ethical behaviour online. Some real life rules apply in the online world too. The following types of behaviour are to be avoided:
Stealing or using anything online that is not free or doesn’t belong to them.
Harming anyone – while it might not be as obvious as in the real world, cybercrime is not victimless.
Bullying anyone, through chat, social media or any other online means.
Being disrespectful or impolite online – they should not use their digital knowledge to hurt others.
Hacking - using RATs, DDoS attacks, stressers/booters to attack others is not just unethical, but illegal.
- LISTEN - try to learn about and understand how they spend their time online. Try to assess their level of cyber knowledge and offer them alternatives. If your child is passionate about computing, make sure you look into opportunities to further their education.
Remember - your children might not be aware that their actions could lead to a criminal conviction. In spite of what their friends tell them, law enforcement is always going to catch up with illegal online activity and identify the perpetrators. Europol’s European Cybercrime Centre is often coordinating operations involving such targets. Operation TarPit and Operation Neuland are two examples of such operations.