Training Young Hackers To Stop Cybercrime

At the heart of a police operation to defend Britain from attack by cybercriminals, a 14-year-old boy was honing his skills to thwart hackers linked to a rogue state.

Ben Abrahmason was among a group who gathered at a military base in Wiltshire to counter fictional but sophisticated cyber-attacks. Police chiefs and intelligence officers hope young people like Ben will become the latest recruits in the rapidly evolving war. “A lot of it is like normal forensics. There are fingerprints, DNA, except it’s digital,” said Ben, from Leicestershire. “You examine phones, laptops, hard drives: the data on them can help you solve crimes.”

He had passed rigorous online tests to be selected to spend the day being tutored by experts from the National Crime Agency. Police say it is important for them to woo talented hackers who might be tempted, out of boredom or greed, to target companies or even work for criminals.

Colin Lobley, chief executive of Cyber Security Challenge UK, which organises a series of national competitions to identify the best potential “cyber-defenders”, said: “They might be phenomenally talented, but not old enough for us to offer them anything so we have to keep them interested and prevent them going to the dark side.”

He was referring to the network of cybercriminals which Europol has warned is responsible for launching 4,000 ransom attacks a day and whose technological capability threatens critical parts of the financial sector.

The government’s National Cyber Security Centre, in its 2017 annual review, revealed it had responded to 590 significant incidents including attacks on key national institutions such as the health service and the British and Scottish parliaments.

Christopher Williams, 18, from south London, is another who wants to help defend the UK’s critical infrastructure from cyber-attack.

“Anyone who’s a good citizen wants to help their country. It’s exciting to know you can still help protect your community and your country, to defend the UK using forensic skills to provide support for British troops overseas and the likes of MI6,” Williams said .

There was another pressing reason for Friday’s event: a gaping skills shortage threatens the rapidly expanding cybersecurity sector. Robert Hannigan, the former head of GCHQ, the intelligence and security agency, has predicted a “huge skills shortage” by 2025.

Craig Jones, head of preparing cyber-capability at the National Crime Agency, warned that if the UK failed to recruit top-level talent it would not be able to keep pace with criminals. “It’s simple: we are going to struggle. We need the best people to progress, though we also need to recognise that people are not going to stay for a 30-year career in law enforcement,” said Jones.

One area where recruitment must improve is in attracting more women to the sector. On Friday only three of the 30 contestants were women, a ratio that broadly mirrors the UK sector as a whole. Only about 8% of jobs in cybersecurity are filled by women compared with 11% globally.

One of the female contestants, Rhiannon Eason, 23, from Oxford, said: “I have always been interested in forensics and law enforcement, but until recently I had never thought of cybercrime. I’d like to do either forensics or ‘red team’ penetration, where you are an external attacker to test defences. I’m happy to play either side.”

Del Rattenbury joined the National Crime Agency in 2014 and explained that becoming a cybersecurity investigator could make the difference between life and death.

She said that one of her operations had helped reduce deaths from the synthetic opioid, fentanyl, which had been linked to particular drug producers in China and suppliers on the dark web. Other investigations had identified women who had been trafficked.

“You are protecting some of the most vulnerable people in society, saving lives,” she said.

The Guardian:

You Might Also Read:

Cybersecurity Training For High School Students

« Why Mainframe Security Risks Are Largely Unrecognized
The Best Security Is Based On Zero Trust »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Infosecurity Europe

Infosecurity Europe

Infosecurity Europe is Europe’s number one information security conference and exhibition.

Cristie Data

Cristie Data

Cristie have been a trusted, innovative and leading edge data storage, backup and virtualisation solutions provider across all sectors of industry for over 40 years.

IPVanish

IPVanish

IPVanish has its roots in over 15 years of network management, IP services, and content delivery services. Now we're bringing these finely honed skills to VPN.

Rambus Security Division

Rambus Security Division

Rambus Security Division solutions span areas including tamper resistance, content protection, network security, mobile payment, smart ticketing, and trusted provisioning services.

ENEA Qosmos Division

ENEA Qosmos Division

Qosmos, a division of Enea, leads the market for IP traffic classification and network intelligence technology used in physical, SDN and NFV architectures.

SparkCognition

SparkCognition

SparkCognition’s AI-powered solutions enhance cybersecurity, identify and prevent equipment failures before they happen, and provide prescriptive intelligence for maintaining your most critical assets

National Cyber Security Centre (NCSC) - Ireland

National Cyber Security Centre (NCSC) - Ireland

The National Cyber Security Centre (NCSC) is the operational side of the Department of Communications in regard to network and information security in the Republic of Ireland.

Hunters.AI

Hunters.AI

Hunters is the world's first autonomous hunting solution that leverages top-tier cyber expertise and AI to uncover hidden cyber threats.

Patriot Cyber Defense

Patriot Cyber Defense

Patriot Cyber Defense is a Cyber Security and Management Consulting professional services firm.

Britive

Britive

The Britive Platform is a cloud-native security solution built for the most demanding cloud-forward enterprises.

Audea

Audea

Audea is a consultancy firm specialising in cybersecurity, risk and compliance. We provide professional services addressing all areas of Cybersecurity and GRC.

Cyber Defense Technologies (CDT)

Cyber Defense Technologies (CDT)

Cyber Defense Technologies provides services and turn-key solutions to secure and maintain the integrity of your organization’s systems and data against attacks.

Abacus Group

Abacus Group

Abacus Group is a global IT services firm for alternative investment firms, providing an enterprise technology platform specifically designed to meet the unique needs of financial services.

AuthX

AuthX

AuthX provides secure and seamless log-in capabilities through strong authentication and integrations.

DATS Project

DATS Project

DATS Project enables the utilization of high computing power across a number of cybersecurity services, all on a pay-as-you-go basis, eliminating the need for upfront investment costs.

QRC Assurance & Solutions

QRC Assurance & Solutions

QRC is a PCI QSA, QPA, ISO accredited, CPA and CERT-IN empanelled organization with vast experience in conducting certification, regulatory audits, pen testing services, training and more.