Feature Story

Security: Beware of the Dark Side of Computer Code

by Jason Deign

Youthful hackers are nothing new. But as more people get connected, many kids now have the chance to tinker with code—which is why guidance counts.

Back in the early 2000s Luis Corrons received a strange series of emails. From the name, ‘Jordi', Corrons guessed the sender came from Catalunya, north-east Spain.

Jordi seemed keen to help in the fight against malware, sending Corrons, who is now technical director of PandaLabs, an antivirus laboratory owned by Spanish IT security firm Panda Security, examples of viruses he said he had found on the ‘net.

"What was odd was that these viruses were really shabby," Corrons says. "When we looked at them closely we found some of them even had Jordi's signature on them.

"It was clear he was just a kid who was getting a kick out of creating these things and sending them to us to be ‘discovered'. Obviously, we didn't report him."

Of course, Jordi is not the only youth to have had a fascination with malware, nor the first one.

Since the earliest days of the Internet, the same creative spirit that has led some young people to build web-based business empires has incited others to investigate the darker side of computer code. And not all of them have had as low a profile as Jordi.

In 2000, for example, a high-school student from Quebec, Canada, named Michael Demon Calce, alias MafiaBoy, launched a denial of service attack that brought down the Yahoo!, Ebay, CNN, Amazon, and Dell websites in a matter of days.

And 2003 saw the arrest of 18-year-old Jeffrey Lee Parson after he created a modified version of the Blaster worm that was inflicting havoc on Windows XP and Windows 2000 operating systems at the time.  

In recent years, however, experts note that young coders have largely been overtaken in the malware stakes by a more sinister force: organized crime. "Previously people did this because they were looking for new challenges," states Corrons. "Now we are talking about criminals."

Ram Herkanaidu, education manager at Kaspersky Lab, says his company currently tracks around 125,000 unique malware samples a day, pointing to the existence of a clear profit motive.

"The bread and butter of the malware that we see out there is done by cyber-criminals and not younger people looking for kicks," says Herkanaidu.

That does not mean young hackers have disappeared, however. They are alive and well. And one could be trying to bring down the ‘net right now, from a bedroom near you. "Kids nowadays from the age of three or four are growing up with new technology," Herkanaidu says.

Children are naturally inquisitive and have none of the techno-fear of their elders, he adds. With plenty of ready-made hacking tools now available for free on the ‘net, they can be well down the path to cyber-crime by the age of 10.

Last year DefCon, the global hacker conference, even ran its first special event for children, DefCon Kids, which attracted young attendees as well as plenty of media attention.

The aim of the meeting, repeated this year, was to help young people understand the value of ‘white-hat' hacking. Keeping track of kids who may not be aware of the difference is not necessarily easy, however.

With kids now touting not just computers but smart phones and tablets from a relatively early age, it can be difficult to tell whether your children are simply staring intently at the screen as they update their Facebook status or are in fact trying to knock out NASA.

Herkanaidu says there is little research on the behavior of young hackers. And potential tell-tale signs of a youthful malware writer, such as spending large amounts closeted in a bedroom, are challengingly similar to the tell-tale signs of any kid approaching or going through adolescence.

As a result, the best advice for parents is simply to try to steer their children away from the dark side of computing. "With very young users, don't let them have a computer in their room," says Corrons.

"Keep it in the living room and check on what they are doing; they may not be conscious of what actions may be illegal."

Herkanaidu adds: "To my mind what we need to do is feed this natural creativity. It's just about getting young people to use common sense online and show them the right way to do things."

And if all else fails, the good news is that with the IT security market now on track to reach USD$120 billion by 2017, the chances of your kid being able to bring down Yahoo! or the Pentagon are vanishingly remote.


Jason Deign is a freelance writer located in Barcelona, Spain.

The contents or opinions in this feature are independently generated and may not necessarily represent the views of Cisco. They are offered in an effort to encourage continuing conversations on a broad range of innovative technology subjects. We welcome your comments and engagement.

We welcome the re-use, republication, and distribution of "The Network" content. Please credit us with the following information: Used with the permission of http://thenetwork.cisco.com/.