I've shared a lot of security knowledge in my tenure as InfoWorld's Security Advisor. But what I've never shared before is that much of my initial computer security defense knowledge, which I turned into my first book, came from trying to stop my teenage stepson from being a malicious hacker.
I was newly dating his mother and he was a precocious 15-year-old who liked messing around with electronics and computers. He and his closest friends also flirted with malicious hacking, including harassing "ignorant" users, DoS-ing popular computer networks, making malware, and all sorts of unquestionably illegal and unethical hacking behavior.
His neighborhood computer hacking club eventually suffered a big takedown by the authorities. Luckily for him, and us, he had dropped out of illegal hacking activity a year before -- but not before he fought against me and his mom's rules and disguised his continuing hacking activities for many months. It was a daily (and nightly) battle of my latest defense against his new workaround. His mom and I even found previously unknown network cabling run through the attic and several hidden servers, proxy servers, and VPN switches. I learned a lot about hacking by trying to defeat his methods, and he learned that new potential stepdads trying to impress his mother were just as persistent -- and at times smarter.
His mom and I recently celebrated 16 years of marriage, and we're a happy family. In the years since fighting my stepson, I have detected many teenage hackers and have been asked by readers to counsel their hacking kids. No doubt a fairly substantial percentage of teenagers are maliciously hacking on a daily basis under the radar of their parents, who usually think their children are simply exploring what their computers can do and innocently conversing with their computer friends.
Hacking can provide a new world of acceptance and empowerment, especially for smart teenagers who are not doing all that well in school, are bored, or are getting harassed by other teens or by their parents because they "aren't working to their full potential." In the hacking world, they can gain the admiration of their peers and be mini-cyber rock stars. It's like a drug for them, and a good percentage can turn permanently to the dark side if not appropriately guided.
The following signs can help you ascertain whether a young person in your life is involved in unethical, illegal hacking. Some of the signs may be typical teenage behavior, given their grave interest in privacy, but enough of these signs together can point toward something more problematic. If you do find suspicious malicious activity, rest assured that you can turn a young hacker onto using their hacking skills for ethical, positive purposes, as I outline below.
1. They flat out tell you (or brag about how easy it is to hack)
It may be hard to believe, but many parents hear their children make direct claims about their hacking activity, often multiple times, and blow it off. They either don't know what "hacking" means, or they assume good little Johnny isn't doing anything stupid. Well, they might be.
Most hacking is easy: You read a hack how-to and then do it. Often it's as easy as downloading a tool and pushing the GO button. On TV, hackers are always portrayed as masterminds. In reality, they're usually more ordinary than genius. They read and learn. Persistence is their most outstanding trait.
Kids who get into malicious hacking often feel guilty about crossing the ethical line early on. Telling close friends and even their parents about their newly gained skills can be a way of reaching out and communicating that sense of guilt. Though most don't realize it, they often want their parents to offer guidance at this critical junction. Sadly, most parents and friends who hear these claims and confessions don't know what to make of them, leaving their child or friend to sort out the conflict on their own. The results aren't always for the best.
2. They seem to know a little too much about you
Kids who hack often start with those closest to them: Their parents. If your child seems to know something they could know only by reading your email or other online activities, your radar should be up.
It's not uncommon for hacking kids to monitor their parents' online activities, usually in hopes of capturing admin passwords or to learn how to turn off any anti-hacking devices, such as firewalls and parental controls, that you may have set up. (And you thought the monitoring was the other way around.) But then curiosity gets the best of them and they end up reading their parents' emails or social media chats.
I've had more than one parent tell me they couldn't figure out how their kids were getting around parental blocks, until they looked into the logs and saw that their parental blocks were being disabled and re-enabled frequently. Or their child made a snide remark or alluded to something they could have known only by reading a parent's confidential communications. If your hacking kids seem to know more about you than you've shared, it's a sign. Pay attention.
3. Their (technical) secrecy is off the charts
Every teenager wants 100 percent confidentiality on their online activities, regardless of whether they are hacking. But sophisticated protection, including encryption of all communications, files, folders, chats, and applications, may be a sign there's something else going on besides garden-variety teen secrecy.
The tip-off? If you get on your child's computer and can't see any of their activity. If they always clear their log files and browser history, every time, and use special programs to encrypt files and folders, that's a possible sign. Or if encryption settings on their applications are set to a level stronger than the program's defaults. Any indication that they feel the built-in disk encryption and separate user profile protections aren't enough should have you asking, for what kind of activity?
4. They have multiple accounts you can't access
Many kids have multiple email and social media accounts. That's normal. But if your child has a main email and social media account they don't mind you reading and you come across signs that they have other accounts and log-ons they will not share, make a note of it. It may not be malicious hacking; it could be porn or some other activity you would not approve of (talking to strange adults, buying alcohol, purchasing weapons, etc.). But any sort of absolute privacy should be investigated.
My stepson and his hacking friends had a half-dozen account names. I could see them when I read through the firewall and packet filtering logs. I knew he had them, even when he was denying it. He was surprised to learn that PGP (Pretty Good Privacy) encryption didn't encrypt the whole email. I explained how all email encryption had to allow the email headers to remain in the clear so they could be appropriately routed and handled. After that conversation, all the "secret" accounts disappeared from my future log captures. He didn't stop using them; he just downloaded a new email encryption program, which did perform complete, end-to-end encryption. (Refer to the previous sign about encryption, above.)
5. You find hacking tools on their computer
If you suspect your kid is hacking, take inventory of all the programs and tools you can find on their system. If your kid doesn't think you'll do it or doesn't know you've done it, you might get lucky and they might not be encrypted -- yet. In fact, if you find lots of encrypted files and programs, that's a red flag, too.
Port scanners, vulnerability scanners, credential theft programs, denial-of-service tools, folders of stored malware -- these are strong signs your kid is hacking. If you're not computer-savvy enough to recognize these tools, note the file names and search the internet. If more than one of the unknown programs points back to a hacker (or a computer security defender) website, you probably have a problem.
Why are tools to help defend against hackers a red flag? Isn't that a sign your child wants to become a high-paid computer security consultant when they grow up? Sadly, not usually. I've yet to meet the kid who decided to become a computer security expert before college, unless they'd been defending themselves against other aggressive hackers as a teen.
Young hackers usually end up getting hacked by others, either from their own hacking groups or other hacking groups. Once they've been actively targeted and broken into once or twice, they will often concentrate on their own defenses. You'll see firewalls they've downloaded and configured (the built-in ones aren't enough in their eyes) and proxies (to hide their IP address or ports), and they will be scanning all the computers in the house for vulnerabilities, which they will admonish you to fix.
My stepson even let us know he had called the cable company and gotten us a new IP address. When I asked why, he told me that hackers were attacking us. I wondered why that might be, but then again the firewall was always showing hundreds to thousands of unauthorized probes and packets every day anyway. What I didn't know was that he was engaged in an all-out cyberwar with a competing hacking group.
6. You overhear them using hacking terms
Every generation has its slang, in part to keep older generations from catching on to what's being said. As with unknown file names above, it's worth looking up what you hear to get an inkling. And if what comes back is computer hacking slang -- "pwnd sites," "DDoS," "doxing," and the like -- pay attention.
7. Your internet provider tells you to stop hacking
One sad fact of the internet is that nary a day goes by without some inexplicable communication from an entity you either don't know or can't quite be sure is legit. At least a few times when my stepson was in a computer hacking gang, I received emails from strangers and our internet provider warning me that if I continued hacking I would have my internet connection terminated or even face criminal and civil actions and fines.
Of course, at the time I didn't know my stepson was a hacker, so I was caught completely off guard. I got angry and confrontational. I asked for details, and when I got them, I was livid because none of the websites, email addresses, or IP addresses had anything to do with me. I may have even threatened to take my own civil action against our cable provider if they cut us off.
It wasn't until the third such call in a year that I noticed my stepson listening to my half of the conversation and then trying to shrink into the background. That's when I realized there may have been a culprit in the living room. I distinctly remember cupping the phone so the cable rep couldn't hear and asking my stepson if he was hacking anyone. Up until that point I was clueless. He responded, "What?" And then, "Maybe."
All the past phone calls and the emails from strangers telling me to stop hacking suddenly made sense. They weren't idiots blaming me for something I wasn't doing. Maybe I was the idiot for not connecting the dots.
8. Their close (computer) friends have been investigated
Two years after I became intimately aware of the extent of my stepson's hacking activities, my wife and I read about some arrests related to computers at his school. Some of the kids I had previously heard that my stepson hung out with had been arrested for a variety of illegal computer deeds. These included hacking the school's computers, changing grades, and even, very unfortunately for all involved, posting nude photos of one of their girlfriends to a public website -- the latter of which resulted in multiple felonies.
Our family's saving grace was our early recognition of our son's questionable hacking activities and our dedication to putting a stop to them. It wasn't easy, and it didn't happen without a fight. But luckily, by the time his group's activities got noticed by local school and law enforcement activities, his hacking days were long over. We fretted for a few weeks about whether the larger investigation would find trails leading back to our son. Fortunately, they did not.
9. They consistently switch to 'boss screens' when you walk into the room
While this may simply be a privacy issue, it's worth noting. And if you work in an office, you're likely familiar with this behavior. "Boss screens" are fake screens, often mimicking legitimate spreadsheets and school projects, that can quickly replace whatever the computer user is truly doing. Boss screens look legitimate, but rarely change.
If you notice that your kid is always moving their hands (usually it is a Crtl or Alt key combination) or mouse every time you come into the room (that is, they are never just reading from the screen without moving their hands), pay more attention to what's on the other windows on their PC. One way to do this is to call them away from the computer to do a chore, while directly looking at them, and then perform a quick investigation of the various windows after they walk away.
10. Your monitoring tools never show any activity
The absence of activity is rarely a good thing. A normal kid doing normal things will occasionally trigger events in system or parental blocking logs. It's hard to surf the web looking for normal things without the internet bringing back something illegitimate from time to time. If you've caught your kid doing something unsanctioned or nefarious on the internet once or twice before, and you know they are still interested in that subject, the absence of activity in a related log file is more likely a problem than not.
I remember unduly congratulating myself when my stepson's hacking activity appeared to go away after we caught him a few times. "He's finally listening to us," I remember thinking. Nope. He was just a master at using local and remote proxy servers to hide his illegal activity. At the time I had heard about these sort of port proxies, but I didn't fully understand how they worked.
What he and his friends had done was set up proxies on other people's computers, which tunneled their illegal activities across the internet. They had installed the proxies when other people asked them to look at their computers to repair or troubleshoot something. Grandma never did understand why her cable company was accusing her of hundreds of illegal downloads. She never was a big fan of Britney Spears or Good Charlotte.
He would also connect to my neighbors' unprotected wireless networks. When I asked my neighbors within wireless reach to add passwords, he hacked into their routers. I learned more about how easy it is to hack wireless WEP security from my stepson than from years of working in the security field.
He also learned that he could change his computer's time to 10 years in the past, and all the local event and system logs would store new alerts at the bottom of the indexed stack of messages. I didn't learn about this trick until he forgot to switch the time back a few times and I kept finding strange file time and date stamps.
11. Failing grades suddenly improve to top scores
Failing grades are among the most common hacking targets. Teenage hackers love hacking their school's computer system. And even though schools have greatly improved their security, having nearly every hacker wannabe test those defenses is bound to turn up vulnerabilities.
If your kid suddenly turns a failing grade to an A or B without any noticeable additional effort, while at the same time expressing some of the previous signs discussed above, you might have a grade hacker. This is easy to check; just call the teacher and (proudly) ask what your kid did to drastically improve their grade. Hopefully the teacher won't sound surprised and it was just the result of harder work.
A word of caution
Given the tumultuous nature of the teenage years, behavior like that outlined above may not mean your child is a malicious hacker. The desire for extreme privacy, curiosity, the desire to fit in -- many of the above behaviors could very well be considered normal for teens. I'm sure many of you have encountered one or more of the above behaviors and your kids have not been involved in illegal or unethical hacking. But it's important to share these signs, so you won't be caught blindsided like me and my wife were, or like many of the readers who write me have been. Awareness is a good thing.
The other thing to note is that not all hacking is bad. In fact most hacking is positive. Going beyond the normal confines of a GUI, investigating what computers and networks do -- hacking can be a vital expression of curiosity and experimentation. If you think your kid is hacking, it's important to determine whether they are doing something unethical or illegal before taking away their computer privileges. After all, most of the computing industry finds its roots in the hacking ethic of the young.
How to put a stop to malicious activity
If you do find that your kid is participating in unethical or illegal hacking activity, there are steps you can take to turn them around, but it won't always be easy.
First, realize that kids who hack maliciously can be reformed. Most give up illegal activities as they mature and find enough stimulation from legitimate computing work. Only a very small portion make a career out of black hat activities. The key is to help guide a hacking child who knows they are doing wrong to using their developing skills for good.
Second, be firm in telling them that you know what they are doing and that it is unethical, illegal, and could lead to their arrest. Long gone are the days when companies and authorities were clueless entities that rarely arrested someone for computer-related crimes. Hackers are arrested every day. It happened to some of my stepson's friends. I have co-workers that to this day cannot accompany me on certain high-profile engagements because their criminal record prevents them. This is serious business.
Third, let them know you will be monitoring their activities for as long as you feel they need to be monitored. Tell them that you won't be telling them what you'll be doing, but that they've been warned. And if you catch them doing anything even slightly unethical or illegal, that every electronic device they have will be taken from them for a long time. They need to know there are consequences to their actions. Most importantly, follow up on your threats if they break the rules.
Meanwhile, move their computers into the main living area where you can monitor their use. They've lost the privilege to use a computer behind closed doors. Set a rule that prevents them from using a computer when you're not home and not monitoring. This rule should be in place until you can trust them again.
Once again, follow through. You will need to monitor what they are doing on any computer in the home, even in front of you. My stepson did really well at first with the computer in the central room, but after a while he noticed that his mom and I were too busy to monitor him closely. Old habits crept back in, and we ended up getting another warning call from the cable company.
Along with the forfeitures and potential punishments, be sure to give guidance. This is probably the most important thing. Explain the importance of ethics, and that any hacking activity is illegal if they don't have the explicit permission of the legal owner or custodian of the systems involved. Even borderline hacking activity, such as uninvited port or vulnerability scanning, is unethical and can be illegal.
Positive outlets for reforming hackers
There are many websites that permit and encourage hacking, and are worth searching out to placate the itch in an innocuous way. Hacking certifications, such as EC-Council's Certified Ethical Hacker, are available to work toward and are very valuable. I've been hacking for nearly 30 years and every certification I've earned has taught me something I did not know and made me a better hacker.
Lastly, connecting your hack-curious teen with a mentor, especially one who has turned their hacking creativity into a legal and well-paying career, can be invaluable. If you don't know anyone else, consider sending me an email. I'll be glad to add yours to the list of kids that I mentor. I can lend guidance similar to what is outlined here and introduce them to other, more dedicated white hat hackers. Most kids think black hat hackers are the super-smart ones. Without a doubt the best hackers I've met have been defenders. After all, these pros build systems that can withstand constant challenges from malicious hackers.
If your child or someone else's child is possibly doing unethical or illegal hacking, show them this article. Those curious teenagers with a love of hacking can always be turned around to the good side.
And that malicious hacking stepson? He's doing great. He has a good, well-paying web programming supervisor job, and he's a great son, father, and ethical human being. I couldn't love him more. We laugh about those many months when it was us against him in the digital world. He thanks me and his mom for stepping in when he needed a little guidance to move away from the darker aspects of hacking.
- 11 signs you've been hacked -- and how to fight back
- Be paranoid: 10 terrifying extreme hacks
- 10 reasons why phishing attacks are nastier than ever
- 19 open source GitHub projects for security pros
- 6 hard truths security pros must live with
- 10 security blunders that will get you fired
- 10 dumb security mistakes sys admins make
- The most innovative and damaging hacks of 2015
- 6 lessons learned about the scariest security threats