Is this the return of the young peril? In a conference organized by the Washington Post, Lisa Monaco, the deputy attorney general of the United States, signaled her concern about groups of young malicious hackers. Advanced Persistent Teenagers, jokes the specialized newsletter Seriously Risky Business, a nod to the acronym APT (Advanced Persistent Threat).
Adults and adolescents
A fear to be linked to the attack on the hotel and gaming firm Caesars Entertainment. The company paid a ransom of tens of millions of dollars to prevent the disclosure of the stolen data. However, according to Bloomberg, the group of hackers at work would be a mix of young adults and teenagers. Giving this gang an air of resemblance to Lapsus$. This group which had hit the headlines was led by two English teenagers, had established British justice.
This phenomenon of juvenile hackers is “not so new”, tempers Lisa Monaco. But, she adds in substance, there is a sort of online radicalization of these spotty hackers. The barriers to entry are quite low – ultimately all you need is an internet connection – a teenager can easily be drawn into shady adventures. And whether he has computer skills or not, he can end up doing a lot of damage.
Many examples
There are also numerous examples of young cybercriminals. Sébastien Raoult, this young Frenchman extradited from Morocco to the United States, has just pleaded guilty to having attacked the data of around sixty companies. The 22-year-old young man is part, American justice explained, of the ShinyHunters group, a circle which also includes two other young French people already known to the police.
Another example: in the United States, six young adults aged 22 to 28 were convicted in November 2021 in a high-profile sim-swapping case. This social engineering technique involves taking control of a cell phone number. Gathered in a group called “The Community”, the suspects managed to get their hands on the equivalent of several million dollars by attacking their victims’ cryptocurrency wallets.
“He is improving”
Judicial services sometimes seem helpless when faced with this type of profile. Example with this young Ile-de-France resident, recently sentenced to three years in prison, two of which were suspended by the Parisian justice system. After starting by disrupting online gaming, it expanded its malicious scope to swatting – calls intended to provoke major police interventions – and hacking.
“What we see with the repetition of the facts is that he is improving,” explained the public prosecutor at the hearing. This also suggests that his awareness seems quite light, with a risk of recurrence which seems high to me.” Result: for budding hackers, awareness often comes far too late.