Countries in Europe are looking into new ways to address underage hacking, increasingly favouring rehabilitation and prevention programmes.
Policies developed to tackle growing levels of cybercrime vary from country to country. Some nations have severe penalties for illegal hacking, but with so many hackers under the age of 30, is a life behind bars really the answer to rising levels of cybercrime?
“Cybercrime knows no age group,” says Mike Jones, a former hacker who goes by the alias H4UNT3D Hacker, “and unfortunately, kids being naive and vulnerable, they’re the majority of what gets turned into that cybercrime group.”
With many nation states uneasy about sending often naive offenders to prison, many countries are now turning to rehabilitation and prevention. Crime agencies and police forces across Europe are setting up schemes to guide young offenders towards legal and often well-paid forms of hacking.
These jobs can help young adults to avoid a life in the penal system and can even enable them to help the very same institutions they were threatening with illegal activity.
How are different countries tackling cybercrime?
The Dutch Model
After seeing an increasing number of young offenders enter the criminal justice system due to illegal hacking, police in the Netherlands decided it was time to take a different approach.
“The Dutch police took the initiative to start coming up with answers in the form of the cyber offender prevention squad (COPS),” explains Floor Jansen, Team Lead Cyber Offender Prevention Squad, Dutch Police.
“Within this squad we work together with private companies, with the public sector and teachers to make these kids more aware and inform them about what is illegal and what are the consequences for themselves and also for victims,” she says.
“In this way they are at least able to make an informed choice, whether they become a criminal or an ethical hacker.”
In order to engage young people, COPS set up HACK_Right, a rehabilitation program for first offenders between the ages of 12 and 30.
“The purpose of the project is to teach tech savvy offenders how they can use their IT skills in a good way. By doing that we try to prevent them from reoffending in the future,” says Jansen.
By rehabilitating young cyber criminals instead of locking them up, the Dutch police are able to preserve the skills of these individuals, which can be put to good use in the service of the economy, government or local and global businesses.
Finland’s Exit Project
The Dutch model has since been replicated in countries such as Denmark and Finland. In the latter, the Finnish police introduced the Cybercrime Exit Project in 2020. Targeted at young people aged between 12 and 25, the operation aims to teach young people the difference between legal and illegal hacking activities and divert them away from a life of criminal activity.
The Cyber Choices Programme, UK
In the UK, the National Crime Agency ran its first weekend camp for cyber criminals back in 2017. The weekend course, hosted by Cyber Security Challenge UK, presented previous offenders with legal ways to use their skills, such as working in cyber security.
The NCA has also set up Cyber Choices, an online portal to help educate parents and guardians about the risks of cybercrime and how to guide technically-gifted children down the right path, while ensuring they are aware of what will happen if they engage in illegal activity.
Is hacking addictive?
Why do so many young people need rehabilitation in the first place? Jones, who now works to help support children involved in illegal hacking, believes it’s because hackers can easily become addicted to their craft.
“Hacking and addiction go hand-in-hand,” he explains. “The reason why I say that is because anybody with an addictive personality can easily get addicted to an adrenaline rush, and that’s exactly what hacking provides, it’s that biofeedback, that rush.”
The 2016 study ‘Youth Pathways into Cybercrime’ produced by Europol suggested that there were parallels between hacking and addiction to substances such as drugs and alcohol, due to the quick dopamine release that hacking induces.
Making legal jobs as exciting as hacking is therefore the challenge for companies who are hoping to recruit former hackers, as Erik van Oosbree illustrates.
“I’m a full time penetration tester, my role is mostly technical penetration testing, web applications, internal network for large organisations and government,” he explains.
“I get the opportunity almost every week to change to a different company, try different systems, so that fulfils the rush for me, because I can already legally do it, and I think this career choice is a really nice career choice to have.”
As well as penetration testing, former young offenders can also consider jobs in cyber security, ethical hacking and even work as government informers, helping to catch other cybercriminals.
Can cybercriminals be reformed?
While reform is often difficult, Jansen believes that interventions are always preferable to putting young offenders behind bars.
“Kids always push boundaries, offline but also online.
“As law enforcement we should be there from the start onwards, with preventative interventions and not only with arrest and pursuit, because that’s just really a waste of time and money and talent.”
While some young hackers know that what they are doing is illegal, for others, preventing a life of crime may be as simple as providing guidance on the boundary between legal and illegal activity so that they don’t step over it.