While the problem of teen hacking remains a serious concern -- as highlighted in this previous post on the topic -- infiltrating the networks of kids involved in such activity, taking down their malware distribution Web sites, and convincing them to get out of the cyber-criminal game can be relatively easy, according to FaceTime Labs researcher Chris Boyd, better known in online circles under his Paper Ghost screen name.
The emergence of aspiring hackers among the so-called Echo Generation set continues to move forward, the expert said in his presentation at the RSA Conference 2008 on Thursday.
Growing numbers of teens as young as 12 or 13 years old are becoming actively involved in phishing, online credential theft and nefarious adware distribution, according to Boyd, who is one of the only experts on the planet currently looking into the trend.
However, with a little low-tech research and some relatively harmless scare tactics, many of the teen hackers can be driven to stop their illegal behavior, and in some cases even begin helping to prevent other kids from engaging in e-crime activity, the expert maintains.
The Echo hackers typically get started in the underground world by utilizing and distributing malware programs that can be used to steal account credentials tied to online role playing games such as Worlds of Warcraft, said Boyd.
However, many of the teen attackers then move quickly into far more serious activity, such as stealing credentials for social networking sites including MySpace to flood the electronic message boards with inappropriate content, and creating revenue-generating phishing schemes built around legitimate brands such as PayPal, he said.
One of the reasons why teen hackers are easier to stop than their older, professional counterparts is that most of the kids appear to desire some level of fame and popularity tied to their cyber-crime exploits. This lust for recognition often leads to the teens leaving clues to their real world identities throughout their work, making it far easier to track the individuals down, according to Boyd.
In many cases the Echo hackers become involved in groups of like-minded teens to share information about the programs they use and the attacks they've carried out on underground forum sites.
By tracing the details in those forums to their users' MySpace accounts, YouTube videos and other online resources where the individuals may share additional details about their real-world identities, researchers and law enforcement officials can often gather the hackers' real names, geographical locations and the types of crimes they may have committed, simply by using search engines and some straightforward investigative online footwork, the expert maintains.
"There's typically a paper trail of some kind that allows you to track them down in less than ten minutes; and many of them can be dispensed with to the extent that you know that they're not coming back online to do this sort of thing again anytime soon," said Boyd. "There's a lot of information on these sites such that it only takes a little bit of investigation and you can gather a lot of details about these bad guys."
Unfortunately, even when researchers like Boyd can find Echo hackers who are wreaking serious havoc online, getting ISPs and law enforcement officials to intervene, or even pick up the phone and tell them to stop, is often impossible, he said.
As such, Boyd has begun scaring some of the teens offline himself by showing them just how easily he can piece together their real IDs, and provide evidence of the types of crimes they've been committing.
Often times, once the perpetrators realize how easily their work can be traced to their real identities, they apologize for their malicious activities and bail, he said.
In one case, the researcher notified a teen hackers' mother of her son's exploits, and secretly invited her into an IM chat where her son admitted all the details of the schemes that he had been carrying out online. When the mother identified herself at the end of the chat, it was clear that the teen deeply regretted his actions, said the researcher.
In another instance, Boyd threatened to post an embarrassing and decidedly un-hip YouTube video he discovered of an identified Echo hacker onto the underground message boards that the script kiddie frequented, causing the individual to promise to stop his work as long as the clip never made it onto those pages.
One of the most effective techniques that the researcher has isolated for thwarting the teen hackers is identifying the ring leaders of their online forums, taking those hackers to task, then watching the network of sites and followers they are connected to fall apart rapidly.
"Taking out a forum leader and their sites can have a cataclysmic effect, with their followers and the networks of malware sites falling apart quickly thereafter, often times after the other kids involved begin infighting," said Boyd. "The cumulative effect can be huge; sometimes when you take down the main sites repeatedly sites, you can quickly whittle the users they have down from thousands, to hundreds of users, and then slowly kill it altogether over time. You really can learn a lot of things just by chasing these kids around."