The Black Hat Hacker’s Trap: Why Unethical Hacking Lures Young People

Hackers are often seen as individuals who wreak havoc on the organizations they target. However, some hackers put their abilities to good use to become ethical hackers and make amends for the damage done. Despite the huge growth in ethical hacking and prosperous career opportunities in this field, black hat hacking continues to attract young people due to their fascination with risky online behavior and technical knowledge.

In 2017 the UK National Crime Bureau commissioned a report showing that the average age of a hacker was 17. This is still true today – think of recent incidents, such as when a 17-year-old led the charge on the Uber and Rockstar attacks.

What separates black hat hackers from white hat hackers is intent. Black hat hackers use their technical capabilities to maliciously compromise corporate data, while white hat hackers help organizations find vulnerabilities in their systems. But in the end, both use the same methods.

>>Don’t miss our special issue: The CIO Agenda: The Roadmap for IT Leaders in 2023.<

While there is a fine line between what ethical and unethical hackers do, young people can easily become more interested in attacking organizations as a result of peer pressure or to seek social acceptance. This leaves many thinking about the appeal of unethical hacking and what organizations and communities can do to make good use of young people’s talents.

A slippery slope to a life full of cybercrime

The love of coding and hacking often has humble beginnings. For starters, young people can innocently taunt friends and siblings by hacking into their PCs. Once hooked, young people increasingly start digging up forums that outline the weaknesses of organizations and access tools, making hacking easier. As more information about hacking comes to light, young people are developing their skills for hacking and cyber stunts.

This is the point where harmless fun can become harmful. Some young people continue to explore the friendly path of hacking like trying their skills Hack the box. Others, equipped with the capacity, are tempted to achieve greater goals: businesses, schools, and public organizations. This lure is fueled by the ability to be anonymous and powerful.

Cybercrime is not like other crimes. Hackers commit the crime, but rarely take the time to do it. They hide their identity, location and IP address, making it extremely difficult to link them to their cyber crimes. The anonymity that comes with hacking makes black hat hacking particularly attractive, as they are unlikely to be caught for their crime.

Only 3 out of 1,000 cyber incidents in the US lead to prosecution. The ease with which an organization can be dismantled and thrown into turmoil by leaking, compromising and destroying data, all from behind a computer, makes unethical hacking attractive. Black hat hacking enables young people to become more powerful than the organization.

Signs that young people have been lured to the dark side

Today, teenagers spend on average more than 7 hours a day with their eyes glued to some kind of screen. With everyday online activities including school, gaming or social media, spending time online is the norm rather than the exception. This makes it almost impossible to see if young people are involved in cyberattacks on organizations in the private and public sector.

In the end, there are no obvious signs. Young people sitting in front of computers for hours at a time is not a reliable indicator that they are up to no good. It would be difficult for a parent, guardian or teacher to catch a young black hat hacker in the act unless they have network monitoring tools installed. Even then, there is a delicate balance between intrusion and light surveillance.

Guiding young people on the right path

The minds of young hackers can be brimming with technical knowledge and innovative approaches. There are opportunities for organizations to take advantage of these ethical hacking capabilities, known as penetration testing.

Businesses and established ethical hackers need to get straight to the point with the younger generations. Organizations, including the police, should be more present at career events in schools and universities to raise awareness of the role of pen testing.

This should go beyond having an everyday conversation. Presenters should run job simulations by demonstrating that ethical hacking is a viable — and sometimes even exciting — career. They can also point young people to pentest internships and graduation opportunities.

It’s one thing to get young people to hack ethically, but it’s another thing to make sure young people remain white hat hackers and don’t engage in black hat hacking. This requires companies to set limits for all pentesters and fully inform customers of their pentesting objectives.

Organizations and the ethical hacking community play an important role in preventing young people from being led astray. They should actively share their pen testing stories with teens and provide opportunities to show that young people can turn their interests into a career. By doing this, we can counter the trend of young people falling into the trap of the black hat hacker.

Gillian Vanhauwaert is the team leader of the penetration tester Defence. com.