At the age of 13, Jake Davis was spending all day, every day on his bedroom computer at his Shetland Islands home. It would be another five years before he discovered an Anonymous chatroom and became part of the hacktivist group, going on to form his own group, Lulzsec. With his new group, he went from targeting The X Factor, to the US Senate, the CIA and the Serious Organised Crime Agency, actions that ultimately led to his arrest. He was still a teenager.
Read more: UK gov wants teens to practice cybersecurity in their spare time
This week, the National Crime Agency (NCA) has announced the launch of a hacker ‘rehab’ programme directed specifically at young people like Davis, who is now a white hat hacker and collaborating on upcoming startup Spyscape.
“I would probably have wanted to get involved with a programme like this at the age of around 13, and mostly to interact with better hackers,” Davis told WIRED. “Kids need mentors in all subjects. Hackers are naturally curious. Giving them the opportunity to express themselves is a great idea. It's very simple and effective.”
The Prevent programme is a fledgeling one - the BBC reports that the first ‘camp’ weekend was held in Bristol in July, and that all seven attendees were young people that had been caught committing computing crimes. Not all were arrested, but the NCA’s Prevent programme is targeting young hackers with cautions and police officer visits. According to the BBC article, the NCA has contacted hundreds of young people in this manner. Over the course of a weekend, the group learned forensic analysis skills, carried out hacking games and learnt about bug bounty programmes, where large organisations pay people to find vulnerabilities in their systems.
The work is strides away from Davis’ first experience with the authorities, when he was arrested in his home, carted off to the local airport and bundled into a jet in dramatic fashion, held as a ‘Tier 1’ threat to national security. For hackers like Davis and many others, the route to cyber crime is rarely about a desire to cause criminal activity for nefarious purposes, but more about an untapped curiosity and talent that was not being fostered in any other place than an anonymous online world. One of those attending the ‘rehab’ retreat only became drawn into hacking after “an early fascination with numbers” and an “accidental” hack of a primary school network. The consensus from these individuals was that crimes perpetrated were meant to be for fun, not harm.
The NCA and Prevent, says Davis, are “moving in the right direction”, away from systematic punishment and towards an educational approach that could be beneficial for everyone.
“Dragging young, often vulnerable people through the justice system and potentially ruining their lives with lengthy prison sentences is far from sensible,” he told WIRED. “I'm a fan of anything that harnesses the power of hacking in a positive way, such as bug bounties, online independent research groups, and Information Security conferences and meet-ups.
“It's important to reach out to young people and, rather than give them an overblown lecture in ‘good’ or ‘bad’, encourage them, and show them how their skills can be applied effectively. The next generation of hackers are going to be the most powerful yet and it's important not to patronise them or further stigmatise the art of hacking in general.”
Davis can’t yet reveal any details on Spyscape, where he will be head of hacking, but the company’s website states that it will “engage, educate, entertain and empower across physical and digital channels”. It sounds very much like the grassroots version of what Prevent is trying to achieve - demonstrate to skilled youngsters how they can harness their skills for good, and potentially make a career out of them.
“Hacking can be a real force for positive change,” says Davis. “It's a legitimate and useful skill, and should be nurtured. Treating the art of hacking with proper respect, as you would any other more mainstream profession, is a good start.”
The alternative, he points out, is a system like that in the US, where hackers are demonised and given hefty prison sentences. Davis is still living under the terms of his punishment - he was banned from deleting his internet history until May 2018. But he believes the UK is making “some good steps” in how it approaches young hackers, before their activity escalates to more serious criminal activity.
“Clearly we need to embrace more open source software, anonymisation, and encryption, to increase the privacy and security of all,” he says. However, he refers to the US criminal justice system as “brutal”. “To this day they continue to not only mistreat their own citizens - the case of journalist Barrett Brown, for example - but attempt to essentially kidnap ours, in the case of Lauri Love.
“The UK needs to stand up to these extradition attempts and avoid following US practices on computer law. From prosecutors and police officers to judges and politicians, there are so many in the UK that find the US response to hackers utterly baffling and in need of a serious overhaul.”
The NCA plans to track the progress of the retreat’s attendees, and if the Prevent programme proves successful, it will be rolled out across the UK.
Want to know more about the cyber threats of the future? WIRED Security 2017 returns to London in on September 28 to discuss the latest innovations, trends and threats in enterprise cyber defence, security intelligence and cybersecurity. Join us at King’s Place by booking your tickets today.
This article was originally published by WIRED UK
