I've just read a news item about a nine year old boy who has been accused of hacking into his school's computer system. It seems police claim the nine year old hacked into the Blackboard Learning System used by his school to change teacher's and staff member's passwords, change and delete course content and change course enrollment. Apparently he didn't do too much damage, so no charges were laid. "He's a very intelligent 9 year old" said a police officer, "with no criminal intent".
This all comes on top of a recent survey where it was found that, based on a sample of 1000 teenagers in the US and 1000 in the UK, 16% admitted to hacking, and of those, 34% had already started by age 13. Facebook is the number one target for young hackers in the US, followed by their friend's email accounts. In the US, 16% of students, or roughly one in six hack and exactly half (50%) have had their Facebook or email accounts compromised. The most common reason cited for hacking was for fun (54%) followed by curiosity (30%). 14% that hack aimed to cause disruption and a resourceful. 7% of US kids thought they could generate an income from the activity, with 6% viewing it as a viable as a career path. While in the context of this survey, the term "hacking" involves Facebook or email account compromises, it shows a disturbing trend towards experimentation with hacking out of curiosity, with some teenagers believing they might be able to make money from the exercise and some even thinking it may offer a career path for them.
It seems clear that, while security awareness training of our children is very important, teaching them computer based ethics is actually just as important. As Randy Abrams stated in an earlier blog entry, "Cyberethics is prevention. It attempts to decrease cybercrime by teaching that it really is still crime and not very nice. Cybersecurity is teaching defense."
It has taken years for cybercrime to be taken seriously, and the world is still coming to grips with the size and pervasiveness of the problem. And it has taken many years for cybercrime to be treated as seriously as traditional crime in the courts. It seems we still have work to do with the young people of the world to help them realize that gaining unauthorized access to other people's accounts is not appropriate behavior in our society.
Senior Cybercrime Research Analyst
Author ESET Research, We Live Security