Hacking is ‘not murder’, so give cyber crooks a second chance, says talent-spotter-in-chief
Youngsters arrested by police for crimes under the Computer Misuse Act should be offered a chance to mend their ways and should even be considered for top jobs in security, says the head of a talent-spotting scheme that works with the UK government.
Dr Bob Nowill, chairman of Cyber Security Challenge (CSC) UK, has told E&T hacking into computer systems should not be regarded as “a sin for life” as it is “not murder” - and he suggested some crooks should be offered incentives like well-paid jobs in cyber-security agencies to tempt them away from a life of online crime.
He said: “We’ve started to work closely with the National Crime Agency and the police on working with kids who’ve crossed the line, who’ve done cease and desist. It’s about showing them there is another way.
“Think of it a bit like the awareness course for drivers who are caught speeding. You’ve got a choice: You can either pay the money or do this.
“We say, you can do all this stuff, but do it in a professional environment with a network of people who know what they’re talking about, within the law. And you can be paid for it.”
He added:“It’s not murder. It shouldn’t be a sin for life if you’ve done a bit of hacking.”
Nowill was speaking at an event at a Ministry of Defence (MoD) training academy, where computer prodigies were tasked with battling against a mock cyber-attack on soldiers wearing Internet of Things gizmos.
The exercise, designed to probe participants' cyber-security skills, involved a fictional hacktivist group hijacking a military system using a man-in-the-middle attack - a sophisticated type of cyber assault in which the enemy intercepts and manipulates communications between two parties without detection.
Candidates were ordered to report to military chiefs to explain why contact was lost, and had to advise on how to respond within international legal guidelines.
This tested their legal knowledge, while side tasks such as puzzles and ciphers hidden around the military site tested their cryptography and problem-solving knowhow.
The room in which the challenge took place was filled with antique military objects including rocket-launchers and cannons, and there were also experts on hand to demonstrate the art of lock-picking and other challenges involved in physical security.
Paul Bleakley, head of cyber awareness and training at the Defence Academy of the United Kingdom, said changing technology meant the scenario used to test participants was now not too far from reality.
He added: “It’s a bit futuristic at the moment, but all of our platforms are obviously interconnected. They’re just mobile networks now, really. We’re increasingly doing stuff where it’s IP-based or it’s network-based.”
Government agencies that are now desperately in need of anti-malware experts have long looked to “turn” people steeped in the world of hacking by offering them contracts of employment that come with enviable salaries.
The National Crime Agency, the UK’s equivalent of the FBI, confirmed in July that it had collaborated with CSC UK to create the country’s first dedicated rehab camp for young cyber villains picked up by the police for various offences.
At the time CSC UK said the pilot scheme offered interventions to young people who “found themselves verging on the wrong side of the law”.
Nigel Harrison, the organisation’s chief executive, said there was a danger that if the right authorities did not intervene early in such cases, up-and-coming hackers and malware developers would be “talent-spotted by cyber-criminals as being somebody who is nicely vulnerable, the right sort of age and doesn’t understand right from wrong, and they’ll use them as a mule”.
The event at the MoD academy close to the town of Swindon took place earlier this month amid a flurry of press stories about fully robotic soldiers and a focus by militaries on artificial intelligence and its application in the battlefield – something Bleakley described as “an arms race”.