In an exclusive interview with Cyber Intelligence, Fergus Hay, the CEO and co-founder of The Hacking Games, explains how teenage hackers hold the keys to the future of cybersecurity.
Cyber Intelligence: How widespread and serious is the problem of young teenage hackers attacking companies and individuals online?
Fergus Hay: It’s no longer fringe, it’s everywhere. Teenagers as young as 13 are breaking into enterprise systems, holding schools and hospitals to ransom, or selling access to infrastructure on Telegram. We’re not talking about a handful anymore, this is a generational shift in who’s wielding power.
Take Scattered Spider, for example, who recently hacked into UK infrastructure. They managed to bypass multi-million-dollar security setups. The average age of the attackers was just 19 years old. They were posing as IT staff, tricking helpdesks, and walking out with sensitive data worth millions. These aren’t seasoned criminals, they’re digital natives who grew up gaming and learning from YouTube tutorials.
Cyber Intelligence: To what extent is this rapidly becoming a teenage cult in the US and the UK?
Fergus Hay: Use of the word ‘cult’ is interesting. Cult implies they have a joint set of beliefs. I tend to see it as a digital subculture. Think skate culture in the ‘90s, Rage Against The Machine “I won’t do what you tell me”, but with malware and a lack of accountability.
In both the US and UK, it’s not just about crime, it’s identity. Young people find purpose, community, and even status by flexing exploits online. Groups form around usernames. There’s one 15 year old in Leeds who became a minor celebrity in his scene for hijacking a regional internet service provider (ISP)’s dashboard and replacing it with Rick Astley. In his community he was a legend.
Cyber Intelligence: In what ways can American and English teenagers be more dangerous than seasoned professional cybercriminals?
Fergus Hay: Because they don’t think like professionals. They don’t have the same sense of limits or long-term risk, they’re often just looking to impress peers or go viral with their creativity. A teenager might trigger a global incident just to get more followers. Many don’t need traditional training, they’ve grown up reverse-engineering games and hacking Roblox servers. This is why we’re building HAPTAI, to take these skills and use them as a force for good.
Cyber Intelligence: What role does easy-to-use off-the-shelf malware, such as Ransomware as a Service (RaaS) play in accelerating the teenage hacking trend?
Fergus Hay: It means that anyone can perfect the process. RaaS kits mean you don’t need to write code or even be particularly technical. You can subscribe, pay a fee, and launch attacks with a graphical user interface (GUI). There are even customer support lines and HR departments! It’s like Shopify, but for crime. Pair that with the new AI wave in ChatGPT jailbreaks and Discord support servers, and suddenly a talented 14-year-old with zero formal skills can hit a small business and demand Bitcoin.
Cyber Intelligence: What kind of companies are most at risk from ‘The Community’?
Fergus Hay: All companies. No one’s immune, and sometimes the targets are totally unexpected. If you’re online and holding data, you’re a target.
Cyber Intelligence: How can companies best defend themselves against such attacks?
Fergus Hay: There’s no silver bullet, but there is a mindset shift required. Start with people. Many attacks start with social engineering, so you need to train your staff, especially your helpdesk and junior admins as they’re often the entry point.
Multi-factor authentication (MFA) everything. Use hardware keys where possible, SMS isn’t enough anymore. Don’t let interns or junior staff have broad admin rights, attackers often escalate from low-level accounts.
Endpoint and email protection. Teen hackers often poke around for days or weeks. Anomalous login patterns or privilege escalation should be flagged immediately.
Above all…run realistic simulations. Know how you’d respond if a 15-year-old in Ohio locks down your Salesforce at 3:00 am.
Cyber Intelligence: What can be done longer-term to solve the problem?
Fergus Hay: The only real solution is to redirect the talent. We can’t arrest our way out of this issue without guidance. That’s why we built The Hacking Games – to identify the 14-year-old who’s hacking for attention and give them a path to a six-figure job instead of a six-year sentence. Governments and companies need to hire based on aptitude, not CVs. A kid who’s built their own tools is often more capable than a university grad whose degree is already out of date. If we don’t find these kids, someone else will.
