Some teen hackers end up criminals, some end up heroes, and one ended up a millionaire. Where should you draw the lines?
During the summer, many students and other young people need a job to augment that crucial time around the local swimming pool catching up with friends. In the past, restaurant work or odd jobs provided a little income and time out of the house away from parents. Recently an intriguing, if not controversial, teen employment possibility has popped up: hacking.
The word can mean many things, from finding bugs for companies to innovating new solutions to breaking into servers. Young people have made headlines on all ends of the spectrum. Here is a look at some recent incidents, suggested ethical guides, and tools to protect yourself from hacking.
Last month an Australian judge both praised and reprimanded a 17-year-old Australian who hacked into Apple’s secure systems twice, once when he was 13. Magistrate David White placed the youth on a $500 bond to be of good behavior for nine months, noting, "He is clearly someone who is a gifted individual when it comes to information technology, that being said, those who have this advantage of being gifted doesn't give them the right to abuse that gift.” The youth told the court he did the hacking in hopes he would get a job. It didn’t work.
Santiago Lopez, a 19-year-old in Argentina, had much better luck. He became the first person to surpass $1 million in rewards on HackerOne, a bug bounty platform that offers money in exchange for finding security vulnerabilities in IT systems from participating companies. HackerOne says he has found nearly 1,800 bugs – all of them hacks he achieved that strengthened the companies in question.
Perhaps no youthful hacking has brought more renown than that of Marcus Hutchins, the British hacker who helped to stop WannaCry, the ransomware epidemic that seized hospital systems and other critical computer networks around the world in 2017. Months after that fame, Hutchins found notoriety when he was arrested for hacking he did in his mid-teens. Hutchins pleaded guilty to charges and awaits sentencing.
Teen hacking has even popped up in the much-watched U.S. presidential campaign, with Democratic hopeful Beto O’Rourke discussing hacking he engaged in as a teen.
Some IT pros and pundits strongly advocate for teen hacking. “Hacking teaches kids to be resourceful in the face of challenges. It shows them how to research, learn and be creative (as well as analytical and systematic). It also promotes empathy to help students understand problems from multiple viewpoints. Most of all, hacking teaches teens grit and urges them to keep trying when they fail,” wrote Pete Herzog on The Institute for Security and Open Methodologies in the blog Security Intelligence.
Richard Barry, a web marketing director for Avast, sees a middle ground. He found legal coding challenges that developed his computer skills as a teen, and cautions that boundaries are needed. “I thought it was cool. And it was fun. I learned a lot by exploring, really. But the ethics have to be there. Otherwise it’s just another kind of trespassing, or worse.”
HackerOne’s guidelines offer these ethical guidelines to hackers:
Respect the rules. Operate within the rules set forth by the Security Team, or speak up if in strong disagreement with the rules.
Respect privacy. Make a good faith effort not to access or destroy another user's data.
Be patient. Make a good faith effort to clarify and support their reports upon request.
Of all the recent incidents involving students and other young people hacking, one hacker’s words ring out as a warning. Vice’s series on teen hacking of schools, Scam Academy, featured this overarching quote from a teen hacker who changed his fellow students’ grades for money:
“IT administrators really underestimate what students can actually do.”
Perhaps a compromise will arise in which admins respect young hackers and young hackers respect the law.