You may have heard the term “script kiddies”, which usually refers to adults who hack into business networks. However, lately there has been a significant rise in cybercrime attacks from actual school-age children. A new report from the UK’s National Crime Agency has found the average age for DDoS hackers has dropped to 15, with some students being as young as nine years old.

The issue is that DDoS attacks are easy enough for even a kid to carry out. The typical DDoS attack makes use of two types of cloud services that are universally available, called booters and stressers. It’s important to understand the difference between these two as well as their prevalence.

This isn’t the first time we’ve seen reports about young DDoS offenders. Years ago, a then 15-year-old Brit pled guilty to running a booter and stresser service that was used to commit hundreds of DDoS attacks beginning in December 2013, including knocking Sony and Microsoft gaming networks offline, along with security analyst Brian Krebs’ own website.  

Damian Hinds, UK Minister of State for Security, said: “We need to equip this generation with the best digital skills and to assist them in making the right choices online.” To that end, the UK has put together a series of initiatives to try to educate teens and pre-teens about contemplating cybercrimes, including:

• CyberChoices, a website listing a number of resources for kids, parents, and teachers on how to make better choices in the digital world. One of the items listed links to paid summer internships at the GCHQ (the UK government’s central code breaking and spying agency, which plays a role similar to that of the NSA) for students.
• Barefoot Computing, a site containing other resources for young kids (in both English and Welsh), including how to recognize phishing lures and basic cryptography concepts.
• The reconfiguring of a series of elementary and secondary school websites to not universally block access to booter and stresser service, but instead, to display a warning message to educate kids about the consequences (which then redirects to the CyberChoices website). 

The goal of these programs is to influence young people who, for a variety of reasons, may find themselves considering engaging in cybercrime or using their technical skills to carry out malicious activities online. Depending on the success of this effort, the Schools Broadband group could roll this out to college websites as well. So far, an early month-long trial found a significant reduction in DDoS searches on school computers.

Further reading:
Your kids know more about the internet than you do
Are you having the right conversations about online safety with your kids?