We know that cybercriminals are almost always seeking financial gain, but it seems that this is not usually what young cybercriminals have in mind when they take their first steps over to the “dark side”, says Carey van Vlaanderen, CEO at ESET South Africa.
Many are not necessarily motivated by financial reward. In fact, recognition from their peers, popularity in the forums they belong to, and a sense of success, are bigger influencing factors.
There is another major factor that tempts many youngsters to get involved in the world of cybercrime: a feeling that it isn’t a crime in the ‘traditional sense’, and that they won’t be arrested for carrying out a cyberattack.
In fact, many teenagers who get involved in cybercrime would probably not get involved in ‘traditional crimes’.
Another factor that attracts them is the ease with which they can start launching attacks or malicious activities. There are all kinds of tools available online which are neither expensive nor difficult to use.
For example, there is a cybercrime business model, which consists in selling packages or tools that can easily be used by anyone, even those with little technical knowledge. Hence new phenomena like ransomware-as-a-service have appeared, offering the sale of ransomware services and other forms of fraud, attacks, and malware “as a service”.
Very little skill is needed to begin criminal activity online. With tools such as booters and Remote Access Trojan (RAT), users can make a small payment (or often not payment), and begin breaking the law.
Unfortunately, the availability of step-by-step tutorials and video guides make the transition to criminality all too easy. Once the law is broken, subsequent transgressions become easier.
However, the guidance of a mentor and early intervention can dissuade young people from entering the world of cybercrime. This way, the gap between them and the authorities won’t be closed.
In cybercriminal forums, the law and its consequences are seldom, if at all, discussed, and so youngsters only become aware of the consequences of their actions when someone they know is arrested.
In truth, there are always opportunities to work “on the positive side” in technology. In fact, we are constantly talking about the lack of cybersecurity professionals, and how there aren’t enough people to fill the posts available. Why then do these youngsters feel the need to try out the “dark side” before someone comes along and rescues them?
Of course, lots of security professionals experimented with hacking in their youth and perhaps even took it beyond mere fun before deciding what they wanted to do with their knowledge. In the corporate world though, people naturally ask themselves, “Can it really be a good idea to hire someone who has developed a piece of malware, has run a botnet, or made money by infecting people with ransomware?”
The debate on whether to hire self-confessed “hackers” has been raging for years and will likely never end – the answers as to whether it is a good idea or not generally depend on the context of each case.
In conclusion, the worrying thing is that it is too easy for young people to get involved in the world of cybercrime, and that they may see it as being risk-free – as well as feeling that they lack opportunities and role models.
By Carey van Vlaanderen, CEO at ESET South Africa.
