The most dangerous person is a bored 12 year old!

“Ninety-six per cent of hackers are men, most are highly gifted in maths and sciences, and start down a cyber-crime path between the ages of 12 and 15 years old.” —Misha Glenny, from the book DarkMarket: Cyberthieves, Cybercops and You

A pre-teen hacker: If that doesn’t scare you, then you need to have your head examined.  I have been saying for the last couple of years that the scariest person on the planet is a bored 12-year-old with a computer and an internet connection.  It seems that Mr. Glenny’s research is starting to back that up.

Two of the largest problems with teenagers having access to the internet is that they do not fully know right from wrong, and they are still developing their social skills.  This lack of maturity is one of the reasons that cyber criminals target them.  Give a twelve- or fourteen-year-old the opportunity to unleash a Trojan or deface a corporate website, and he may not see past the thrill of breaking the rules.

These junior criminals aren’t limited by the shortcomings of their coding skills, either.  Anyone can get onto the internet, download a cyber-crime package, set it up and put it to use in a minimal amount of time.  These packages include virus toolkits and denial-of-service programs; they can cause harm to ordinary home computer systems as well as corporations and government agencies.

When executing a harmful program is as easy as a few keystrokes, the only thing holding potential criminals back is something that comes with age: a conscience that dictates what is allowed and not allowed, what is and is not a good idea.  The developing brain of a 12-year-old does not understand the consequences of the damage he can do on the internet.

In addition to exploiting others, these 12-year-olds are exploited by the cyber-crime syndicates.  In most cases the automated systems they download and install have hidden components that “talk” to the criminals and send them information about the users:  Who they are and what they do. 

In addition to that, the information that is gained from all of the people that they target shows an in-depth cyber profile of most of us.   The criminals know their targets well—underage hackers don’t receive payment for their exploits, but will do it for the thrill and virtual street cred.

Cyber-crime packages used by the “script kiddies” go above and beyond standard malware, as they are specially developed for the crime gangs to exploit the younger generation.  This malware has the normal command and control features that come with any infected system; the difference is that this information goes back directly to the criminal hierarchy.  

Malware of this type spreads easily.  And the problem is only getting worse.  Normally these systems can only be used on devices running Windows and Linux, but recently an Apple variant was also discovered.  It will not be long before stripped-down versions of this criminal-based software are available for Android.  When that happens, every computer, tablet and smartphone user had better hope they don’t get infected.

It may sound like a paranoid fantasy, but it’s real:  The cyber criminals are targeting our teens, and using systems that are specifically aimed at targeting our work and home systems.  But as always, there are a number of things that you can do to protect yourself.

These exploit packages target vulnerabilities in standard software.  Every operating system and piece of software offers regular updates with the aim of patching these security holes.  The best protection is to use the newest versions of any operating system or application, and promptly install updates from the manufacturer. 

And if you have a 12-year-old—especially a precocious computer whiz—it’s a good idea to talk to them about the dangers of hacking, before it’s too late.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.