SAN FRANCISCO — The average age for arrest in the United States is 37 years old, but for cybercrime it drops to just 19 years old.
Experts at the 2024 RSA conference said this is because the United States is not actively intervening enough to protect young people from cybercrime. But the United States could learn lessons from other countries that are already doing so.
And federal officials hope to do just that. In fact, his teenage threat actors like Lapsus$ and members of Com and its subgroup Scattered Spider have made a name for themselves in recent years.
“Increasingly sophisticated cyber crimes are being perpetrated by increasingly young people,” said William McKean, Supervisory Special Agent in Charge of the FBI's Cyber Division. Mr McKean spoke at the RSA. “There are some very serious cybercrimes happening, like the ones that are in the news right now, and different intrusions happening almost every day. So the question is, 'Was that a nation-state actor? Was it an American teenager?'
The problem is serious enough to warrant a new goal in the latest national cybersecurity strategy. The report calls on the FBI, Department of Justice, and Department of Homeland Security to work across government and private sector levels to prevent, deter, and deter youth cybercrime. We also encourage you to do this internationally.
McKean said young people often start playing video games before committing to minor cyber crimes such as website defacement and distributed denial-of-service attacks, before moving on to ransomware and more serious cyber crimes. Stated. Abby Daft, director of policy and strategy in the Office of the Chief AI Officer at the Department of Homeland Security, also spoke at the briefing, saying adult offenders sometimes recruit young people.
Deft also pointed out that low-level cybercrime is more impactful than real-world cybercrime, and that a child defacing a website causes more damage than defacing a building with graffiti.
But light penalties for juveniles may not be enough to scare away teenage hackers, and the U.S. has few cyber-specific intervention programs to deflect them in a better direction, says the Cyber Safety Review Board. The Association stated in its investigation regarding Lapsas Dollar.
And Flor Jansen, team leader at the Dutch Police Cybercriminal Prevention Unit, said it can be difficult for adults to notice children cheating online until they are deeply involved.
“Online, people can build criminal careers at the speed of light without anyone noticing until we kick in their door, and then it's too late,” Jansen said.
So what can you do?
A multifaceted intervention program in the Netherlands aims to deter young people from cybercrime and turn them into careers in cybersecurity. Jansen said there are many ways to get into the cybercrime pipeline, but there also needs to be more ways to get out of it.
One early intervention is to have police or cybersecurity experts give an hour-long talk about cybercrime in schools. Janssen said the session will conclude with a test aimed at identifying students with good technical skills and who are at high risk for criminal activity. Students who score high in both areas will be invited to attend free online workshops on risk and cybersecurity careers and connect with peers with shared interests. The program was popular and we had very few no-shows.
In the U.S., the FBI expects schools, the private sector and nonprofit organizations to be the mainstays of intervention, McKean said. Said. He envisioned a cyber awareness campaign and games for K-12 students, as well as a “strong coaching” effort to distract at-risk teens. In a current US university pilot program, a young man who commits a low-level cybercrime will be redirected to his 12 weeks of free online classes to earn college credit.
Another intervention is even simpler. Janssen said that because children can easily find how-tos for cyberattacks through online searches, some countries are now running warning ads that pop up next to the same searches and imposing penalties for hacking. It is said to be detailed. These anti-hacking ads are low-cost, easily scalable, and effective because they can catch individuals at the moment they are about to commit an attack.
Jules Pattison Gordon
The Netherlands also offers a community service program for first-time cybercriminals up to age 30 who are re-entering society. It's the kind of restorative justice approach that McKean said the FBI wants to help build in the United States. Participants work in the Netherlands. Mr. Jansen said he is expected to put his technical skills to good use and give back to society under the supervision of a probation officer. For example, one participant developed her website to test whether an Internet of Things (IoT) device is part of a botnet. So far, he is the only participant who has rejoined.
Failure to intervene means a missed opportunity to permanently recruit technology talent, prevent cybercrime, and steer young people away from lifelong criminal careers. McKean points out that a felony record in the United States often creates barriers to employment, housing, financial services, and civic volunteer work.
Providing opportunities for children to use their skills in legitimate ways can make a huge difference.
“We need to do more to give all these children the option to become cyber experts rather than cyber criminals,” McKean said.
