Child hackers who break law helped into high-flying IT jobs to turn them away from a life of cybercrime
‘Extremely young’ people are being drawn into lucrative international cybercrime, authorities warn
Children who have the potential to become dangerous hackers and online criminals are being targeted by a new programme to divert them into legal employment.
Following a similar model to the UK’s controversial Prevent counter-extremism programme, teenagers who are being drawn into illegal online activity will be assessed by a panel to decide what level of intervention is needed.
Chief Constable Peter Goodman, the National Police Chiefs’ Council’s lead for cybercrime, said the “Cyber Choices” initiative would focus on people aged between 13 and 22.
He said: “It’s aimed at making sure that we aren’t disproportionate in what we do with young and vulnerable people, who are behaving recklessly and stupidly rather than criminally.
“They are usually people who are right at the start of the journey and exhibiting behaviours that show they are learning.”
Mr Goodman said hundreds of potential targets had been identified already, either through referrals from concerned parents or teachers, or after buying malware or behaving suspiciously.
Some have already committed offences under the Computer Misuse Act, but at the “very minor end of the scale”, he said, adding: “A lot of the time they don’t realise what they’re doing is wrong in the first place.”
Rob Jones, of the National Crime Agency (NCA), said authorities around the world were seeing “extremely young” children becoming involved in serious cybercrime.
“The starting point is very young people who are very bright, and are involved in online gaming and coding,” he added.
“Getting to those individuals and stopping them from becoming cybercriminals is something we are engaged with. We are trying to stop young people getting criminalised.”
The hacker who caused the 2015 multimillion-pound TalkTalk data breach was only 15 at the time and said he was “just showing off to my mates”.
Another hacker, Zain Qaiser, was recently jailed for six and a half years for targeting hundreds of millions of porn users with ransomware as part of a Russian crime group.
Mr Goodman said the 24-year-old, who made at least £700,000, “had become an international cybercriminal by the age of 18”.
“We know that the most vulnerable people to get involved in this are some of the people who are on the autism spectrum, who find life difficult but are very competent in the internet world and gain confidence and personality on there,” the officer added.
“Gaming and cheating in gaming is a route for people to learn coding and malware, so we are working with the gaming industry and mental health services.”
Young people referred to Cyber Choices will be reviewed by a panel made up of staff from police forces, councils and the NHS. The panel can give support for housing, mental health and social skills.
The youngsters may also be given access to an online portal where they can challenge their coding skills, run hacking tests and be viewed by potential employers.
“We don’t say, ‘Forget the skills you’ve got’, we say, ‘They’re really helpful and it’s going to give you a really good career’,” Mr Goodman said.
One person has already been hired by a cybersecurity firm in Gloucestershire through the programme. Officials hope employment numbers will increase as the scheme spreads nationwide.
The first Cyber Choices panel was set up in London, and will be followed by panels in every region of England and Wales.
Detective Superintendent Andrew Gould, head of cybercrime at the Metropolitan Police, said research suggested that more under-15s in the UK have tried hacking than had sex.
“We think they’re engaged in much safer behaviours but the risk has just changed,” he warned.
“They’re not being taught about criminal offences, they’re just being taught the technology, so they don’t know the boundaries.”
Mr Jones said the skills possessed by young hackers could be a “force for good”.
“Some of these young people are very lonely and in a very difficult place,” he added. “We don’t want them finding a community of individuals that will use them to commit crime.”
The NCA said prevention was becoming an increasing focus of its work – only 3 per cent of the estimated 967,000 cyberattacks experienced by Britons every year are reported.
Mr Jones warned that the issue remained a major national security threat, highlighting the recent attack on the UK’s biggest private forensics company, which caused delays for police nationwide.
“Attacks are proliferating across the world and allow people to extend their reach and attack the UK remotely from a range of locations,” he said.
Mr Goodman admitted that authorities had not done enough to make people aware of when and how they should report incidents, and suggested rebranding and improving the Action Fraud helpline.
But he hailed a year-on-year decrease in experiences of cybercrime, as recorded by the Crime Survey of England and Wales, falling from 1.5 million instances in 2017-18 to less than 1 million in 2018-19.
In the same period, the number of people arrested for cybercrimes rose by 65 per cent to 102 and the number of convictions was up by 60 per cent to 54.
Mr Goodman said: “People are realising that there are consequences, we are making the UK a hostile place to be a cybercriminal.”