Advertisement

European police hope Google ads will steer teenagers away from a life of hacking

Success is hard to measure, police say.

European authorities are stepping up their efforts to intervene with teen hackers before they might break the law. 

In a series of programs launching this year, law enforcement officials are aiming to identify young people deemed at risk of committing crimes, and provide a metaphorical tap on the shoulder, Floor Jansen, a Dutch police officer involved in the creation of the programs, told CyberScoop.

The program, called the Cyber Offender Prevention Squad (COPS), will target teenagers who exhibit behaviors that they may be flirting with the idea of criminal hacking with online warnings, said Jansen, the COPS team lead. To do so, COPS has since January been using Google AdWords to target teens with warnings that will pop up if they search for information on how to run a distributed denial-of-service attack, for instance, or how to conduct cybercrime, with the goal of informing kids that what they’re likely thinking of doing is unlawful, Jansen said.

“A Cambridge study showed us that Google advertisements were more impactful for potential offenders than, for instance, reading about someone who was arrested,” Jansen said. “We always assumed that reading about somebody who was arrested was scary enough.”

Advertisement

Teenagers skirting the law is not a new trend. In March, the U.S. Department of Justice announced the U.S. had sentenced a Cypriot national for computer-related crimes he had committed as a teenager. That same month a teenager from Florida fessed up to hijacking celebrity Twitter accounts in a cryptocurrency scheme, and was sentenced to three years in prison. 

Since 2018, another European program, called Hack_Right, has been educating hackers in Europe who are first-time offenders about ethics to help them stay out of trouble. Visits from U.K. police to the homes of accused hackers has been enough to convince teenagers to grow up into adults who at Britsh cybersecurity firms, as the BBC has reported

Parents are rarely able to monitor their kids’ internet usage, much less teach them what kinds of hacks might land their children behind bars, Jansen said. When confronted with the fact that their teens have broken the law online, parents often suggest their kids’ hacking is not a serious crime, akin to ding-dong-ditching their neighbors, or ringing doorbells and running away, Jansen said.

“When you’re a regular offender and you nick a snickers from a shop your parents tell you it’s not okay to steal something, there might be alarms going off, there’s people noticing over your shoulder,” Jansen said. “All of these red flags that you have offline are not present online.” 

To combat that imbalance, Jansen and her colleagues are developing a program called Hack_Light, which is tailored for potential offenders. While Hack_Right is aimed at changing the behavior of accused offenders, Hack_Light seeks to teach teens about how to develop cyber skills, and direct them toward career resources. (The program is still in development.)

Advertisement

Benefits for cops and for cyber talent pipelines

Keeping kids out of the clink isn’t the only goal. 

Jansen and colleagues hope their work will free up investigators’ time and attention. Instead of focusing on what they see as preventable crime — hacks carried out by naive young people — detectives might also be able to focus on tracking professional criminals. 

“It means our colleagues who do the most detective work can really focus on the offenders … who choose the cybercriminal career,” Jansen said. 

Meanwhile, steering technically-minded young people into professional environments could help establish a more reliable talent pipeline; the shortage of cybersecurity skills is expected to result in 3.5 million unfilled positions in 2021, according to the nonprofit ISC(2).

Advertisement

“If we go more towards preventing, we think we can prevent damage [and] preserve talent for society, like IT talent that we all need pretty badly,” Jansen said.

Signs of success

If intervention can only happen after teenagers get in trouble, the system itself is broken, argues Gregory Francis, a former police officer with the U.K. National Crime Agency who is working on the COPS initiative.

“If there are a disproportionate amount of young people in a criminal environment that enables them to commit serious damage, then we are failing society if they have to wait until national investigation to receive some sort of intervention,” Francis said. “There’s an absence and lack of balance between online and offline interventions.”

Exactly how to measure the success of those interventions is a topic that remains under discussion. 

Advertisement

For now, the COPS group is working with a criminologist at the Netherlands Institute for the Study of Crime and Law Enforcement to examine which Google AdWords warning messages are resonating with potential offenders most effectively, said Jansen, declining to share more details about this research.

Still, there are signs Jansen and Francis may be onto something, Francis said.

“Recidivism, reoffending rates in traditional crime is about 40% … when we intervene we are quite confident that the reoffending rate is considerably lower,” Francis said. “That’s why we are engaging educational institutions and academics to empirically evidence this because we are quite confident.”

The Hack_Right program, which for the past several years has directed teenage hackers toward educational opportunities, has not had any participants reoffend, according to Jansen.

“We don’t have too many numbers yet,” Jansen said. “But to date, there has been no reoffending at all.”

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts