Research published last week by IT security experts, Tufin Technologies, reveals that 23% of college and university students have hacked into IT systems. Of these hackers, 40% waited until after their 18th birthday before their first hacking attempt. On a positive note, 84% of 18-21 year olds recognised that hacking is wrong. However, 32% identified that hacking is ‘cool’ and worryingly, for the targets of hackers in this age group, 28% considered hacking to be easy.
This research, which was supported by the Association of Chief Police Officers (ACPO) – builds on a study carried out in March amongst teenagers. The teenage research survey revealed similar attitudes towards hacking, although only 18% considered hacking to be easy, suggesting that hackers’ experience develops through their teenage years. Both surveys found that there was no gender bias in hackers with an equal split between boys and girls.
The survey which was carried out amongst 1000 College and University students from across 5 London Universities and 3 Northern Universities showed that just over one in three students said that they hacked for fun. A further 22% cited curiosity as their main reason for hacking. An entrepreneurial 15% revealed that they hacked to make money. This was further reflected in the types of sites that had fallen victim to these youngsters. The survey found that 37% had hacked facebook accounts, 26% email accounts with 10% breaching online shopping accounts. Although 39% of hackers use their own computer, others have used public computers and networks with 32% a university machine and 23% using an internet café.
Unfortunately, the study also discovered that nearly half of the students (46%) had fallen foul of hackers having had either their social networking or email accounts breached. A further 41% said that they had had their passwords to university networks abused by a third party.
Speaking about these findings, Shaul Efraim – VP Products, Marketing and Business Development of Tufin Technologies said, “It is clear we have a smart new generation emerging who understand how to get around computer systems – some are doing it just for fun others with slightly more sinister intent! It’s imperative that we begin to educate this generation about the good, the bad and the ugly side of the Internet and channel these skills appropriately and legally. Looking at these findings, from an IT security perspective, it would be good to see these talented individuals pursue a career in the security sector to ensure all organisations benefit from their obvious ability to strengthen security systems and stop the data breaches that litter the news sites today, and preventing hackers in the future - whether they’re seven or 70.
ACPO lead on e-crime prevention and President of the Society for the Policing of Cyberspace (POLCYB), Deputy Chief Constable Stuart Hyde said:
“What this survey clearly highlights is that hacking into personal online accounts whether email or facebook is happening regularly among the student population. It illustrates the importance of keeping your passwords strong, secure and changing them regularly to help protect your accounts from unscrupulous people of all ages. We live in a world where social networking, email and the internet is embedded into our everyday lives from a far younger age so early education is essential to ensure young people know the devastating consequences this activity can have. What is concerning is the attitude of many of those surveyed felt that hacking (i.e., using someone else’s account) was acceptable, or even something to be admired – it is not. Hacking is illegal and we need to ensure everyone understands that.”
Efraim concluded “Our research has consistently found that the best defence against hackers consists of well designed and followed upon automated processes at firewalls, server operating systems and the application level."
*** Deputy Chief Constable Stuart Hyde is ACPO lead on E-Crime Prevention and President of the Society for the Policing of Cyberspace (POLCYB). POLCYB brings together law enforcement and industry to increase people’s personal and professional knowledge of cyber crime issues.