How Kids Are Taking Down Retailers and Global Businesses

Marcin Kleczynski explains why industry needs to develop a more compelling alternative to cyber crime

Something big has changed. In the past few years, we’ve seen online retail operations disrupted due to ransomware, personal data for sale by the terabyte, and identity theft ruining more lives than ever. Cyber attacks that once affected obscure companies are increasingly affecting everyday life.

If you thought the masterminds behind these attacks were of the Bond villain variety, think again. Industry intelligence reveals that they’re likely teenagers working from their bedrooms. The consequences of their actions increasingly spill over into both consumers’ lives and the wider digital environments we all rely on.

From curiosity to chaos

Kids have always been curious. Many years ago, those on the leading edge of technology created a constantly evolving community of hackers who exposed vulnerabilities in technology for fun. They also did it for the greater good, enabling companies to fix security flaws and make systems safer. This is how I started Malwarebytes at age 19. I was part of a culture built on mentorship and collaboration that rewarded curiosity.

That community has existed for decades, but recently, something strange has happened to it. The rise of social media, for-profit hacking forums, the dark web, and cryptocurrency has created new incentives beyond simply hacking for knowledge and kicks. Teens have stopped becoming hackers for the joy of technical discovery. Instead, they are increasingly motivated by something darker: infamy and money.

They often follow similar paths. In his new book, CTRL+ALT+CHAOS, BBC cybersecurity correspondent Joe Tidy explores how young individuals can drift from harmless game-modding into serious cyber crime – from Julius Kivimaki’s data theft spree to teenaged groups like Scattered Spider.

In the UK, a recent Information Commissioner’s Office (ICO) review found that students are responsible for more than half of insider cyber incidents in schools. The warning follows the National Crime Agency (NCA) finding that one in five children aged 10-16 have engaged in illegal online activity.

Why everyone is vulnerable now

These groups perpetrate mischief through sophisticated social engineering campaigns that rely more on confidence than technical expertise. They trade their stolen digital assets on the dark web, where the keys to victims’ digital lives are bought and sold.

These crooks often work with overseas ransomware-as-a-service (RaaS) gangs like DragonForce, which provide technical expertise in exchange for a cut of the profits. It’s another sign that what was once a home-grown community of enthusiasts has been overshadowed by organised crime groups who use misguided teens at the sharp end.

Now, AI is accelerating the threat by lowering the barriers to entry. Online criminals are already using it to automate convincing phishing campaigns at scale, while deepfakes allow them to spoof audio and video for social engineering.

Protecting ourselves

Vigilance has never been more critical. Luckily, basic cyber hygiene remains the best protection. This means long, unique passwords, stored in a password manager – or even better, passkeys. This means multi-factor authentication, which protects users against 99% of attacks. And better awareness of social engineering. Monitoring is also key, including alert services for breaches.

“With imagination and effort, we can redirect teenage energy into more productive pursuits”

These habits don’t just protect individuals; they reduce the chances of malicious activity spilling into workplaces and shared digital spaces. Good hygiene at home strengthens resilience everywhere.

Businesses must also be aware that, as their legal obligations grow, GDPR continues to exact heavy penalties. Even without regulatory pressure, reputational damage is permanent. Customer trust takes years to build, but it’s fragile.

The right path

Protection today is only part of the equation. We must also build a better foundation for tomorrow by guiding our young digital natives on the right path.

With imagination and effort, we can redirect teenage energy into more productive pursuits. Bug bounty programmes that pay for security flaws are a powerful incentive, as are cybersecurity competitions and hackathons. With a global cybersecurity workforce gap of 4.8 million and a large pool of young talent, there’s plenty of opportunity.

We’re at a crossroads now as cybercrime continues to grow. The battle isn’t technological; it’s about understanding human behaviour and building a welcoming, inspiring cybersecurity culture that creates stimulating alternatives to cyber crime. Together, we can inspire the next generation to build and learn, rather than seek and destroy. Ultimately, we all play a role in shaping a safer online future.