The Chartered Institute of Information Security events are always a brilliant place to catch up with fellow members, but more importantly to listen to insightful and interesting discussions.
The panel discussions are always interesting and highly informative, and I couldn’t do each of them justice by trying to recount their insights here. So I’ll stick to the first, which was from Joe Tidy’s opening talk.
But suffice to say, if you weren’t there, you missed out on some fascinating conversations that took us from chaos to clarity.
CTRL+ALT+CHAOS – Joe Tidy
After an opening speech from CIISec CEO Amanda Finch, Joe took to the stage to bring us insights from his new book “CTRL+ALT+CHAOS”.
Joe’s presentation delved into the alarming rise and evolution of teenage cybercrime, tracing a recurring pathway from obsessive gaming to online delinquency and, in some cases, to serious criminal activity.
I have to say, that the motivations NOW are not that dissimilar to my own motivations over 40 years ago for getting into tech! When I was a teenager the feeling of being able to do something ‘cool’, that no one else could do was pretty compelling, and I often wonder where I might have ended up had I been introduced to technology now.
Motivations and methods
Joe’s talk explored the motivations, methods, and cultural shifts that have transformed teenage hacking from a niche, often well-intentioned, pursuit into a mainstream phenomenon driven by a desire for infamy, money, and “the lols”.
Joe used high-profile cases, such as those involving Julius ‘Brian’ Kivimäki and groups like Lizard Squad, LulzSec, and Lapsus$, to illustrate the escalating severity and impact of these crimes on companies, victims, and the young perpetrators themselves.
It’s not the Russians!
The presentation highlighted the crucial role of social media, live chat technologies, and cryptocurrency in fuelling this modern wave of cybercrime, concluding with a call to action to break the cycle and redirect these talented but misguided youths towards positive contributions in cyber security.
But be warned! Do not suggest that it has anything to do with the Russians! Joe is very clear in his assessment of the situation we face – “Not everything is coming from Russia! Sometimes kids just do stuff!!” That did make me laugh-out-loud, because he’s right.. not every shadow is a ‘spook’! We need to start looking closer to home for what might be going on rather than jumping at shadows.
Key takeaways
I thought Joe’s summary was intriguing and spotlighted the three reasons he believes there is a ‘rise of teenage hackers’…
- Twitter (now ‘x’): The platform’s mechanics of likes and retweets provide instant gratification and a “dopamine hit” for hackers, who can gain massive followings and notoriety.
- Live Video and Voice Chat (Discord, Telegram): These tools have transformed cybercrime into a “team sport,” enabling real-time collaboration and relationship-building among hackers globally, which was impossible on older bulletin boards.
- Bitcoin: The advent of cryptocurrency provided a straightforward and difficult-to-trace method for teenage hackers to monetise their illegal activities.
So what does all of this mean to us? What can we do to combat this ‘rise of the teen hackers’? Here are some of the takeaways from the talk and what I believe we need to be doing…
Recognise the Pattern: Be aware of the common pathway from gaming to delinquency to cybercrime. This understanding is the first step in identifying at-risk individuals and intervening early. And this doesn’t just mean in the work place – Remember these are teenage hackers. They are someone’s brother, sister, son, or daughter – they might be YOUR children. Remember; We need to look closer to home rather than overseas!
Understand the ‘Why’: Move beyond just the technical ‘how’ of attacks and consider the social and psychological drivers – the desire for fame, the thrill of chaos, and the influence of online culture. This context is crucial for developing effective deterrents.
Look for the ‘Calling Card’: This one was an interesting one for me; Teenage hacking groups often can’t resist leaving a signature or taunting their victims (Joe gave the example of the ‘Wet Bandits’ from the film ‘Home alone’! 😀 Brilliant!! ). These behavioural clues can be valuable for law enforcement and threat intelligence in linking different attacks to the same group.
Break the Cycle: Joe said that the ultimate goal is to find ways to interrupt this destructive cycle. This involves not only protecting organisations but also finding methods to redirect these talented young individuals towards constructive paths, potentially turning them into the “future cybersecurity experts” instead of criminals.
For me, that final point of ‘break the cycle’ is key, and takes us back to the first point on recognising the patterns.
We all have a duty of care, and while we are so quick to point to these hackers as delinquents, we need to go deeper and look at their motivations, and drivers. This sometimes might include having some challenging conversations at home, and not just in the office too.