The first time I walked into a UK courtroom with teenage hackers standing to face charges, I was taken aback by their age.
LulzSec members, ranging from 18 to 26 years old, were sentenced in 2013 for their roles in compromising the computer systems of organizations including Sony, Nintendo, News Corp., the CIA, and Serious Organised Crime Agency (SOCA).
Some of the teenagers turned up suited and booted, whereas others appeared in jeans and casual clothing, looking somewhat bewildered at the situation they were in.
It is ironic that while the cybersecurity industry as a whole is generally short-staffed, kids are learning from the sanctity of their bedrooms how to cause utter chaos for enterprise companies with lax security -- and these teenagers may not realize the full impact of their activities, or the potential consequences.
However, it is these teenagers who have an interest in hacking and cybersecurity that might also be encouraged to turn their talents to white, rather than black, activities.
At least, that is what law enforcement in Europe hope is the case.
On Tuesday at the International Conference on Cybersecurity at Fordham University, police officers from the UK and the Netherlands described a new campaign aimed at first-time offenders in cybercrime.
As reported by Cyberscoop, the "Hack_Right" campaign is geared towards hackers between 12 and 23 years of age who may -- or may not -- be aware they are committing crimes, and it is hoped that educating these teens might keep them from one day ending up behind bars.
Over 400 youths in the UK have received a form of intervention since last year when the pilot launched.
Officials say that it is often the case that teenagers want to learn hacking tricks to impress their friends, and while their intentions aren't malicious, they may still be criminal -- but these kids do not necessarily understand the social context which turns these activities illegal.
Gregory Francis from the National Crime Agency (NCA) told attendees that the aim of the scheme is to find these teenagers before they need to be "locked up" and the emerging field of cybercrime is a "societal problem" rather than strictly a law enforcement challenge.
Teenagers suspected of conducting cybercrime can be entered into Hack_Right if it is their first offense and they are willing to change their behavior. Rather than threatening criminal action, police will visit the suspect, and should they confess, the teenager will be made to undergo up to 20 hours of ethical computer training.
If this form of 'rehabilitation' is completed, the teenagers are rewarded by being connected to cybersecurity professionals who can discuss potential career paths with them.
It's an interesting idea and one that might become crucial in the future given a generation growing up with digital identities and mobile technology. We need white hat cybersecurity professionals both now and to fulfill future roles, and so giving these kids a chance before their potential is wasted could be a way not only to reduce cybercrime but also to fill the gaps in recruitment.
The key point here is that only the first offense will be treated with leniency. This could also prove to be a warning shot across the bow, but should hackers -- no matter their age -- persist, there will be criminal consequences.
Previous and related coverage
- Remote code execution vulnerability in VLC remains unpatched
- Your business hit by a data breach? Expect a bill of $3.92 million
- Google wraps up lawsuits over age discrimination, Wi-Fi snooping, child data sharing
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0