The UK’s National Crime Agency has run a pilot weekend camp that aims to push youth away cybercrime to a path that leads to legitimate employment.
The trial camp was run this weekend in Bristol and may be rolled out across the UK if it’s deemed a success.
The camp hosted seven youths who's been busted for committing a computer crime. A former hacker turned cyber-security entrepreneur offered the attendees advice about career options on the defensive side.
According to the BBC, attendees learned about forensic analysis, network protection and “red teaming” or using almost any means possible to breach a willing participant’s defences.
Participants also took part in coding challenges, learned about bug bounties, and were taught about responsibly using computer skills.
The camp was run by the NCA’s Prevent team, a unit that aims to deter young people who are caught flirting with cybercrime from falling deeper into its clutches.
The group is responsible for sending “awareness” letters and emails to youth whose details have been found on hacker forums. The letters also suggest they take part in the UK’s Cyber Security Challenge. In more serious cases, youths can expect a home visit from police, while others are arrested.
As detailed in a 2015 paper by NCA and the UK’s CREST, NCA Prevent separates those it sent letters to into four tiers. At the apex were actual cybercriminals who would likely be the targets of an arrest. Below this were malware developers and senior hacking forum members. Then came junior hacking forum members, users of remote access trojans, and those buying stresser services for traffic attacks. At the very bottom were gaming hackers experimenting with hacking.
The Prevent group aims to deter people from climbing up the ranks of cybercrime as early as possible. NCA has also looked at what motivates young people to commit computer offenses.
The trial weekend camp also follows NCA’s 2015 “CyberChoices” campaign which tapped former LulzSec hacker, Ryan Ackroyd, to explain how hacking skills could be put to legitimate use. Ackroyd was arrested in 2011 for his role in several high-profile breaches attributed to the hacking group.
While the NCA has sent these letters to hundreds of young cyber-criminals, the seven in attendance at the camp had been caught for more serious offenses.
The BBC notes that one participant was given a two-year suspended sentence for defacing a website, another had knocked a company's servers offline, and another had hacked his school network using a network flaw and social engineering.
One attendee apparently was not aware that cyber-security existed but was now keen to get into after the weekend.
The participants’ progress after the weekend will be monitored and if it’s considered a success the NCA may roll out similar weekends elsewhere in the UK.