He calls it “wasted talent”. Gifted 13-year-olds or children as young as 10 are getting involved in cybercrimes, thinking it is cool among peers, said Mr Steven Wilson, head of the European Cybercrime Centre at Europol.
Their career path often begins with a simple hack. And then it escalates when teens realise they can make money out of it.
Mr Wilson, 50, said: “They start to develop their expertise. They interact with criminals who are more organised and that’s when they are brought into groups… becoming more professional in their actions.”
He spoke to The New Paper on the sidelines of Wednesday’s Interpol-Europol Cybercrime Conference held here at the Interpol Global Complex for Innovation (IGCI).
Mr Wilson, a former police officer in Scotland dealing with counter-terrorism and covert policing, added: “I recall on some operations, it’s sad that I’ve seen young children, who are supremely gifted in relation to technology, become involved in cybercrimes…
“What we need to do is identify the potential of these children at a very early stage and actually use them for a good purpose.”
At the conference, which was attended by 200 people from 56 countries, the experts spoke about the cybercrime fallout across the globe.
Among the threats identified by Europol’s Internet Organised Crime Threat Assessment 2016, ransomware, DDoS attacks, encrypted communication among cyber criminals, and credit card fraud continue to cause heavy losses in some business sectors.
Locally, cyber security experts like Associate Professor Steven Wong, president of the Association of Information Security Professionals, said Singapore sees similar threats.
He said: “Ransomware is recognised as the top threat for 2016…
“If you look in recent years, the number of methods of Ransomware have increased tremendously.”
Ransomware is a malicious software that blocks access to a computer system or mobile phone until the owner pays up.
When ransomware was first detected, around 2010, it came out with only one or two permutations a year, said Assoc Prof Wong.
Likewise, the cyber sleuths at Trend Micro lists ransomware among its top threats for Asia.
Its country manager for Singapore, Mr David Siah, told TNP in an e-mail reply that in 2016, Trend Micro detected 80 million ransomware threats globally.
Of those, 16 million threats, or 20 per cent, came from Asia.
Mr Siah said: “In Singapore, from January to August 2016, we have blocked more than 211,000 ransomware attacks, averaging 870 cases on a daily basis.”
Cyber criminals will exploit any vulnerability, especially when there is an opportunity to make money or sell their expertise, said Mr Wilson.
He said: “Cyber criminals can make $1 or $2 here, thousands of dollars there, or millions of dollars.
“Collectively, it becomes a massive effect on the economy across the world, not just a region.”
Despite facing an unseen enemy working across borders, the good guys occasionally win.
In June, the seventh Global Airline Action resulted in the arrest of 140 individuals suspected of airline ticket fraud.
The two-day operation involved 74 airlines and 43 countries and took place in more than 130 airports around the world. It was coordinated by Europol in The Hague, Interpol Singapore, Ameripol in Bogota and other agencies.
There have also been other successful anti-cybercrime busts.
Mr Noboru Nakatani, executive director of IGCI, attributed the success to the sharing of information and help from private sector partners like banks, financial institutions and academia.
He said: “We need to change the mentality from need to know, to need to share.”
The more law enforcement understands its other partners fighting cyber threats, the better all parties can address cyber threats, he said.
Cybercrime on the rise here
The number of cases reported under the Computer Misuse and Cybersecurity Act (CMCA), which covers offences including unauthorised access to computer material and unauthorised use or interception of computer service, has increased.
The Singapore Police Force said 178 cases were reported under the CMCA between January to June 2016, a 20.3 per cent jump from the 148 cases reported in the same period last year. .
It was the same from 2013 to 2015, with 169 cases registered in 2013, 197 cases in 2014, and 280 cases in 2015.
According to the chairman and co-founder of the Singapore Cybersports & Online Gaming Association (Scoga), Mr Nicholas Khoo, cybercrime activities such as DDoS attacks or ransomware are not carried out by young people in Singapore.
Some online misbehaviours, however, are worrying.
These include youngsters embracing the ideals of hacker groups, participating in in-game online betting, and misrepresenting their age.
Mr Khoo said: “Sometimes, online misbehaviour can be as simple as not declaring your real age.
“Some games have a minimum age, but some youth claim to be older than they are to play these games. But is this considered cybercrime?”
Scoga observed that a majority of the at-risk young people referred to them are from vulnerable families, with the youngest just 12.
Mr Khoo said: “Family issues – such as tension within the family, or parental neglect – may make them more susceptible to online misbehaviours.
“Struggles in school or with prevailing social norms may also compel them to embrace alternative, more radical ideas online.”
Scoga reaches thousands of game enthusiasts and counsels five to 10 young people aged 11 to 21 every year.
It conducts cyber wellness workshops across schools, and trains befrienders.
But country manager for the cyber security firm Trend Micro, Mr David Siah, said they have seen some high-profile cybercrime acts carried out by young people in Singapore.
He cited the example of an 18-year-old student who hacked the Istana’s website by using a cross-site scripting attack in 2013.
– Additional reporting by Kintan Andanari.
STAYING CYBER SAFE
Advice from Mr Kelvin Lew Chee Hoe, security consultant at sgcybersecurity.com
- Do not reuse passwords for your social accounts.
- Adopt two-factor authentication (two-step verification which requires username, password, and an added type of credentials before having access to the account)
- Consider what information to store and share online.
- Configure privacy settings for all social accounts.
- Do not click hyperlinks from any unknown e-mail sources.
- Do not use a simple password; add in symbol characters.
- Reset passwords periodically.