I got an email yesterday asking if teenage hacking is on the rise. At first I balked. Teenage hackers have always been in abundance, so the question seemed stupid to me. Then I remembered something about teens that the SANS Institute's Alan Paller mentioned at a conference last week.
Let's start with that press release, which framed the scenario this way:
Is Teenage Hacking On The Rise?
Since the dawn of the personal computer, the words “teenage” and “hacker” have often been inextricably linked.
And classic films such as "Hackers," "Sneakers" and "Wargames," –not to mention one of the greatest hackers in pop culture Ed from the anime “Cowboy Bebop”-- about young hackers who find themselves in precarious situations involving government and espionage operations, serve to reinforce images of brilliant, misunderstood youth who in the end use their computer acumen to fight the bad guys and save the day.
But, as previously discussed in a FortiGuard blog, it seems as though the image of the teenage hacker has gone from iconic, to prolific -so much so that it seems that publications from The York Times, to CNN, to the niche tech blogs all regularly contain stories on the hacking shenanigans of today's youth.
Quantifying the precise number of youth hackers or attacks initiated by teenagers proves more difficult than one might think. An advanced search for articles on teenage hackers between April 2011 and April 2012 shows 100 search results. The same search criteria for the preceding year shows a decline to 59 search results. And prior years continue this downward trend, plummeting sharply to 21 search results between April 2005 and April 2006, representing a decrease by a factor of 5x over the last seven years.
Now, Google search results are hardly concrete data, and the fact that stories on teen hacking have almost doubled in the last year could largely be attributed to raised awareness and public interest in the computer prowess of today's youth and increased means of detecting exploits.
And needless to say, the mischievous teens that did happen to make headlines likely represent a small minority of miscreants who actually managed to get themselves caught. However, in recent years, there have been a few developments in the IT landscape that could potentially facilitate a rise in youth hacking, if not cybercrime altogether.
Now let's rewind to last Wednesday, when Paller gave a talk at the ISSA-LA's Security Summit IV event. He mentioned these teen hackers, describing how hacking is like playing video games to them. His larger talk was on what makes the characteristics of a great security leader, and one of the last bullet points was about a leader's ability to find talent.
"You need to find the talent -- the people with the technical skills. These people are the tanks in the next war," he said.
One example of how to find talent, he said, is to organize cyber camps and have hacking contests. He noted that for many of today's youth, hacking is the new video game. Kids are out there breaking into systems every day, and by holding cyber camps and contests you can find the more talented among them.
On the surface he's stating the obvious. But when you consider the typical, more adult vetting process for filling security positions, it's easy to forget that kids today aren't like most of us were. Teens spend much of their time in the online world, which didn't exist when I was a teen. Many of them do try to break into websites and larger networks for fun.
But their morals are still developing. Whether they use their skills for good or bad depends on the role models who step in their path.