The days of Big Tech dismissing young inexperienced hackers as mere “script kiddies” are coming to a close. Yesterday’s teenage hackers are now maturing into a new generation of formidable cybercriminals. A perfect storm of high property prices, falling professional salaries, and increasingly limited career opportunities are drawing growing numbers of the middle class in countries such as the US and the UK into potentially lucrative careers as cyber criminals.
According to research conducted as long ago as 2013-2016 by the UK’s National Crime Agency (NCA), 61 percent of hackers began their illegal online activities before the age of 16 years. The NCA reported that the skills barrier to entering into cyber criminality had never been lower as a result of the availability of off-the-shelf hacking tools on the Dark Web. In the seven years that have passed since the NCA’s research, the sophistication of off-the-shelf malware and ransomware has vastly increased. AI is now also being used by relatively unskilled cybercriminals to create bespoke malware and build detailed profiles of key individuals from their social networks. Credible-sounding emails with weaponized attachments that enable highly targeted spear phishing attacks on corporate executives are likewise a byproduct of AI democratization.
The generation of teenage hackers described in the NCA’s 2013 – 2016 research is, of course, now no longer “script kiddies” but capable twenty-somethings whose knowledge and maturity make a potent combination. At the time of the NCA research, it was generally assumed that most teenage hackers were passing through a hacking phase and their valuable skills would be valuable in the workforce, yet economic tailwinds have become headwinds, pushing many former “script kiddies” back onto the dark web.
Pandemic lockdowns not only meant that young hackers were effectively confined to their rooms and made to live online, but they also interrupted their education and drastically limited their job opportunities. Rising real estate prices, and low interest rates, also mean that many skilled hackers continue to be faced with the bleak prospect of being forced to live with mom and dad for the foreseeable future. This challenging climate makes it all the more tempting to find other ways of generating enough cash to adopt an adult lifestyle.
According to a survey conducted last year amongst 600 parents across the UK by Censuswide on behalf of International Cyber Expo last autumn, a staggering forty percent of parents believe their children will become cybercriminals purely as a result of a chronic lack of cash during the current cost-of-living crisis. This expectation is fuelled by the fact that arrest rates for cybercriminals are far lower than those for traditional offline crimes and that the relatively small chance of being caught is likely to further tempt increasingly large numbers of broke young professionals into a criminal life of easy money.
The tech used to commit cybercrimes, as well as their international nature, makes it incredibly difficult for localized police forces to amass enough hard evidence for a successful prosecution. Even to prosecute a relatively poorly executed cybercrime, law enforcement agencies frequently have to coordinate with international partners, private companies, and government agencies in other regions or countries. It is now, therefore, becoming common knowledge among young would-be cybercriminals that their chances of being caught are far lower than in the case of other crimes and that the potential rewards are extremely high.
And, as yesterday’s unskilled “script kiddies” become confident and mature criminals, the types of cybercrime they are able to commit will multiply. Working online from a bedroom in their parents’ house limits the potential harm that dishonest but computer-literate young people can commit. But once they enter the adult job market, the opportunities for cyber fraud multiply. It is relatively easy for any twenty-something young adult with reasonably up-to-date computer skills to secure a trusted position within a company. Once they possess the digital keys to the corporate kingdom, it is an increasingly simple procedure to monetize this privileged information.
And it is not just twenty-somethings who may be tempted to betray their employers. The cost-of-living crisis plus widespread redundancies in the IT industry are swelling the legions not just of “script kiddies” but also of disgruntled middle-class employees suffering under the current cost-of-living crisis. Corporations are increasingly vulnerable to middle-class professionals of all ages who are tempted to go rogue to support their previous lifestyles.
In the absence of any truly effective global law enforcement when it comes to cybercrime, the only safeguard is for firms to secure their perimeters, constantly keep up to date with threat intelligence, and monitor and control staff access to crucial data by adopting a “zero trust” policy towards all members of staff.
