Information Commissioner Elizabeth Denham has warned Britain's civil servants that instead of panicking over the cyber threat emanating from Russia, they should be more wary of teenage hackers operating out of their bedrooms.
Even though Russia continues to draw the attention of Britain's cyber experts, teenage hackers in the country continue to pose a major threat to public and private enterprises in Britain.
In a recent speech, Information Commissioner Elizabeth Denham told the heads of civil services and other government departments that rather than worrying about cyber-attacks launched by Russia, they should be concerned about the threat posed by teenage hackers who operate out of their bedrooms.
'We make a mistake if we throw up our hands and worry about state-sponsored attacks – we know those are rare. You should be worrying about the malicious kid in his bedroom who hacks into your system because he can. Or the opportunistic thief who understands the value of the data you hold and knows how to get his hands on it. Because you left the door wide open,' said Denham.
A number of young Brits have, in the last few months, found themselves on the wrong side of the law after testing their cyber skills in real life. According to the National Crime Agency, a number of websites and forums which share cheat codes to get around computer games, also teach young boys new crafts like developing trojans, malware, and DDoS software. As such, the NCA believes that the skill barrier into cyber-crime is lower than ever and that many teenage hackers do not view such activities as crimes anymore.
'In some cases when these individuals have been contacted via a home visit, parents and carers are frequently amazed to discover they have been engaging in illegal activity because they spend so much time in their bedrooms,' said a report released from the agency.
For example, between the age of 15 and 16, Kane Gable managed to gain access to almost every account and device owned by top officials at the CIA and the FBI without being intercepted while staying with his mother in Coalville, Leicestershire. Gable's list of victims included former CIA director John Brennan, former Secretary of Homeland Security Jeh Johnson and former FBI deputy director Mark Giuliano.
Back in September, Jack Chappel, an 18-year old resident of Stockport in Greater Manchester, was arrested after he pled guilty for creating and selling a malicious DDoS software which was then used to crash websites belonging to NatWest bank, Amazon, the BBC, O2, BT, the NCA, EE, Sprint, T-Mobile, Verizon, Netflix and the Massachusetts Institute of Technology, among others.
In April last year, a 20-year old hacker named Adam Mudd was jailed for 2 years for orchestrating as many as 1.7 million cyber-attacks on the likes of Xbox Live, Minecraft and TeamSpeak. He admitted to creating a software named Titanium Stresser using which he launched as many as 600 DDoS cyber-attacks on 181 victims.
Aside from talking about the threat posed by teenage hackers, Denham also spoke about how a majority of cyber-attacks that took place last year were preventable and how insitiutions need to restore public trust and confidence by storing data in a more secure way.
'I ask you to consider the risks. Think of the true cost of a cyber breach, for example. It will cost you money but it will also cost you your reputation, trust, social licence. This is collateral damage.
'Yet most cyber breaches and attacks are preventable. The high profile attacks on TalkTalk and Carphone Warehouse would not have happened if they had put rudimentary protections in place. And if NHS systems had been patched and up to date, they would have been protected from Wannacry,' she said.
She added that GDPR will give 'greater control to people about how their data is used and it compels organisations to be transparent and account for their actions'.
'Sometimes when I speak to the private sector, I can sense the panic, but also the incentive to get it right. So many businesses feel like they are starting from scratch – it’s one of the reasons why we’ve set up helplines and targeted resources to help them prepare.
'Sometimes when I speak to the public sector, I can sense complacency. Because you know data protection. It’s been part of the furniture for years. Now it’s time to redecorate,' she added.