In 2015 the UK saw a series of teenagers allegedly involved in high-profile hacking incidents. These included a British teenager who worked as a ‘hacker for hire’ and was spared a prison sentence after cyber attacks from his bedroom targeted global institutions which allegedly ‘almost broke the internet.’ He was just 13 when he joined a network of online hackers.
Many were surprised by the young age of some of those involved in these hacking incidents, but it’s not really surprising that impulsivity and risk-taking behaviour comes to the fore during the formative teenage years.
The reality is that for some time there have been reports of increasing involvement of youth in criminal activity online. In 2015 the Australian Bureau of Crime Statistics and Research reported that cyber fraud offences committed by people under 18 years of age had jumped by 26% in the previous two years, and 84% in the previous three years.
Acting Fraud & Cybercrime Squad Commander Matt Craft said: “Fraud is a growing crime category, thanks in part to the proliferation of internet-based fraud and other cybercrime.” In a recent survey conducted by an online security company, roughly one in six teenagers in the US, and one in four teenagers in the UK, reported that they had tried some form of internet ‘hacking.’
Hacking is a serious and costly cybercrime. Dido Harding, the Chief Executive of TalkTalk, said that the total bill in the wake of the TalkTalk cyber attack would cost, including profit loss and exceptional costs, around £60m. Recent statistics suggest that there is an increase in the amount of cybercrime being perpetrated worldwide.
As noted in a Europol report, cybercrime has evolved from a few small groups of hackers to a thriving criminal industry that costs global economies between $300 billion and $1 trillion a year.
Interestingly, the Director of the FBI has stated that, “there are only two types of companies: those that have been hacked, and those that will be.”
What is curious to note is not necessarily how fatalistic or pessimistic that statement is – but how odd it would seem if it were made in the context of real world physical security. The combination of emergent cyber juvenile delinquency, the cost of cybercrime and hacking, and a somewhat pervasive resigned approach to the inevitability of these crimes are all causes for concern for the global economy.
So what can we do? The answer may lie in developments in the scientific community.
Cyberpsychology is the study of the impact of technology on human behaviour. Approximately 30 peer-reviewed journals now publish an estimated one-thousand articles every year on topics related to cyber behaviour, a field that is expected to enjoy exponential growth in coming decades due to the pervasive and profound impact of technology on mankind.
Unfortunately, I cannot help but observe that the behavioural sciences have been somewhat blindsided by rapid evolutions of online behaviour.
In terms of a scientific investigative approach, we really need to question if traditional psychological or sociological concepts are sufficient in understanding online behaviour. As scientists, will we need to develop new theories – or modify existing ones?
As a cyberpsychologist my job is to deliver insight at the intersection between humans and technology – or as law enforcement say ‘where humans and technology collide.’ While there are substantial benefits associated with technology, it can also be problematic. Consequence is critical – what happens in the cyber world can impact on the real world, and vice versa.
My research to date has focused on applying forensic cyberpsychology to criminal behaviour, ranging from cyber stalking to technology- facilitated human trafficking. The one thing that I have observed is that whenever technology intersects with base human inclinations, the result are amplified and accelerated.
“There are only two types of companies: those that have been hacked, and those that will be”
One of my specialist areas is the investigation of human factors in cyber security. I argue that online behavioural effects including anonymisation, invisibility, immersion, and disinhibition all seem to be contributing to the increased visibility and presence of cyber criminality in contemporary societies.
Online disinhibition is important in understanding why young people behave the way they do on the internet. Understanding the link between disinhibition online and risky, impulsive behaviour in adolescents is critical.
It’s also important to consider the morality of the issue. Recent research examined ethical belief systems regarding physical shop lifting (e.g. stealing CDs) and digital ‘soft lifting’. It found that moral beliefs would prevent a person from stealing a CD from a record store, but the same person was ambivalent about downloading pirated material. This suggests that there is a disconnection between real world ethical beliefs and online behaviour. So what is the solution for a generation desensitised by the consumption of illegally downloadable music, videos, software and games? And what sort of criminal activities might a generation of ‘virtual shoplifters’ progress to?
On the other hand, it could be argued that as certain negative online practices become normalised, it can become increasingly difficult for young people to make the right judgement calls – and if so, what can we do collectively to address the issues?
First and foremost I am an academic, an educator who cares deeply about the impact of emerging technologies on all of us, and the societies we live in. I am particularly concerned about the effect of technology on developing youth, and the lack of focus on this problem from a societal perspective.
There is a paucity of research in this area. We know a lot about real-world criminology; we know about a kid in a particular home, in a particular neighbourhood, with a particular group of friends that may get involved in juvenile delinquency. But we know very little about cyber juvenile delinquency, – compounding this problem, we know very little about the effect of the minimisation and status of authority in cyber space.
Interestingly, Estonia has just introduced a ‘Web Constable’ initiative, which may in time offer some insights in terms of cybercrime prevention.
In the next few weeks, in collaboration with the European Cybercrime Centre (EC3) at Europol, we will be launching a research initiative investigating ‘Youth Pathways into Cybercrime’.
The project will draw together existing, recent evidence on online behaviour and associations with criminal and anti-social behaviour, specifically exploring the pathways that lead to ‘cyber criminality’.
We will be examining the behaviour of young offenders and victims online, and producing guidelines and information for professionals working in the prevention and intervention of online youth offending, as in the case of hacking.
Additionally, we aim to support victims and agencies who are susceptible to multiple aggressive and significant financial attacks, such as members of the finance and banking sectors. We anticipate that the research outputs will have wide international relevance across the European Union and internationally. Crucially, the findings will aim to inform prevention, practice and policy.
As a cyberpsychologist, I’m often asked what the motive is to engage in hacking. It’s a broad spectrum – motives can range from hacking for profit to hacking ‘just for fun.’ We should not lose sight of the fact that hacking is in fact a skillset; over time it has become a pejorative and negative term.
We have to ask if, as a society, we really want to criminalise 13, 14 and 15 year- olds who offend from their bedroom. Alternatively, do we want to try and understand the behaviour, engage with these incredible skillsets, mentor talented youth, and try to guide them in the right direction?
Let’s not forget that the security community has long fought an uphill and losing battle to recruit new talent.
We have scales for IQ, EQ and CQ (Intelligence Quotient, Emotional Quotient and Creativity Quotient), but we don’t have any scales for TQ – ‘Technology Quotient.’ We need to develop metrics to assess technology related skillsets at the earliest possible stage, identify those who have the potential to excel in this area, and then develop this talent. This problem space is not confined to youth hacking – there are wider societal issues that provide context for the behaviour.
Cybercrime represents a shift to a new world order where privacy, national security and individual rights are being rewritten because traditional checks on anti-social behaviour are absent online. Where is the societal debate? What is the role of governance online or cyber ethics?
I often observe that technology was designed to be rewarding, engaging and seductive for the general population – but did anybody really think about the impact on criminal, deviant or vulnerable groups?