The Hacking Games

"Simple to recruit, cheap to deploy, and easy to abandon if they were caught." These chilling words describe two Dutch teenagers recently arrested on suspicion of aiding pro-Russian hackers. Security expert Graham Cluley describes them as "disposable agents." It’s the perfect, tragic analogy for the young cyber talent being groomed and weaponised off chat rooms and game servers. This isn’t a recent phenomenon; it has been happening for decades. Back in 2011, aged just 17, Marcus Hutchins was approached off of a chatroom and commissioned to make the UPAS rootkit, the predecessor to the malware that would eventually lead to his arrest. Marcus has since not only stopped major cyber attacks, but now dedicates his time advocating for young hackers. He is living proof that these kids aren't always malicious, but often just "curious, thrill-seeking, or simply looking for validation." The tragedy is their actions as teens are final, often resulting in life-altering punishments. What if these unconventional minds had been offered guidance or shown a pathway to channel their skills? Just like Marcus, their skills could be used to create and inform a whole new workforce in cybersecurity. Perhaps the answer lies in a more reformative judicial system where prison time isn't always the first port of call. The one thing that is clear is that we must intervene before we lose a generation of young cyber talent to criminal activity. Read more in the article here: https://lnkd.in/dyRuHZar

Earlier this week, the National Cyber Security Centre released its annual review, showing just how fast cyber threats are evolving in the UK, and the real financial and reputational risks they bring. The report features a letter from Co-op, with whom we've partnered earlier this year. Co-op CEO, Shirine Khoury-Haq, shared what it’s really like when a major cyber attack hits: "The attack has had a significant impact on me, my colleagues and on our members. I will never forget the strain it put on those people making it right, or the concern it has given our members, to whom I answer." This is a timely reminder that cybercrime isn’t abstract - it has real consequences for people and organisations. We’re proud to work with Shirine and the Co-op team to help prevent cybercrime and support the next generation of cybersecurity talent through opportunities, guidance, and meaningful change. You can read the full National Cyber Security Centre Annual Review here: https://lnkd.in/gsPDRdSD

The Hacking Games Virtue Member Glenn Wilkinson breaks into banks, government systems and critical infrastructure for a living, and he openly speaks about it on BBC Radio 5 Live with Nicky Campbell. Glenn runs Agger Labs, a red team consultancy hired to test the defences of organisations by thinking like the people trying to break them. His work sits on the right side of a thin and increasingly blurred line - the same skills used to breach systems for malicious gain can be applied to defend them This ethical career path isn’t new. Red teaming dates back to the Cold War, when militaries employed “opposition forces” to simulate enemy attacks. In cyber, the concept gained traction in the early 2000s, but until recently it remained niche. Now, demand is soaring. The irony is that in a young industry, many of those people are teenagers. Cybercriminal crews like Scattered Spider have made headlines for high-profile breaches, with members as young as 17. Over the last decade, the tools, tutorials and networks needed to start hacking have become widely accessible. What used to require technical expertise now only needs a Discord login. The recruitment pipelines into cybercrime are fast and well-funded. The recruitment pipelines into cybersecurity aren’t. That’s the problem Glenn has been working with us to fix. With the right intervention, the same skills can be redirected into meaningful work.

Warm welcome to Nick Palmer as he joins our Virtue Community. Nick joined Group-IB 9 years ago from a small town in Eastern Canada. Driven by a mission to fight against cybercrime, Nick leads Group-IB's Global Sales Outreach, connecting with many of the world's top financial and retail institutions to share fraud and threat intelligence about adversaries targeting these organisations and come up with unique and novel strategies to combat them. Welcome aboard, Nick.

"Take something that was designed to do one thing, puts it together with something else and makes it do something completely different." This is Hacking. As Chester Wisniewski from Sophos explains, the core skill of a great hacker is the ability to take components and use them for an unintended purpose. It's about taking a problem and solving it sideways, not straightforward. This is the unconventional talent that companies desperately need on the side of defence. It's time to start hiring people who can truly think around a problem. 🔗Catch the full podcast here: https://lnkd.in/eX54hatS

🎙 Next AMA: Getting Work Ready ft. Bianca Lewis (@BiaSciLab). Whether you’re just starting your career or mentoring the next generation, this session offers a unique insider look at how young talent can break through, and what the industry can do to support them. At just 18, Bia is a hacker, speaker, founder of Girls Who Hack, and leader of our C.Y.B.E.R. youth advisory board. From tinkering as a curious kid at DEF CON to becoming one of the most influential young voices in cyber, her story is proof that passion and persistence can open real doors. In this live AMA, we’ll discuss: 💬 How to build real experience before landing your first job 💬 How to stand out (even if you’re self-taught) 💬 What makes a strong cybersecurity candidate in 2025 📅 Thursday, October 30th 🕖 06:00 PM (UK time) Bring your questions, your curiosity, and your drive.

The kids aren’t alright, and cybersecurity needs to admit it. Brilliant piece out this week on computer.co.uk from Penny Horwood on the need for unconventional talent in cyber. The data is clear - the average cybercriminal is now just 19 years old. They're curious, creative, fast...and often completely overlooked by traditional recruitment. Chris Wysopal says it best - the next generation of security leaders won’t all come from computer science. Some will come from gaming, others from psychology, some from criminal paths they almost didn’t escape. We see this daily. Talented Gen Z hackers who don’t tick HR’s boxes, but who can think like attackers because they’ve been in the forums, played with exploits, or seen how systems really get broken. Industry needs to stop hiring the same CVs and start building bridges to the next wave of defenders before someone else recruits them first. Let’s stop gatekeeping and start talent-spotting. You can read the article here: https://lnkd.in/ebYVuzjA

"At dawn on July 10, a clutch of Britain's most wanted cybercriminals were arrested in their pyjamas at their parents' house." - Oliver Pickup (via The New Statesman) This shocking image is discussed in our most recent article feature in The New Statesman, and is even more impactful when you consider its striking resemblance to the arrest scene in this year’s critically acclaimed Adolescence. In recent years, there has been an escalating trend in retail cyber attacks conducted by young adults and teenagers. These kids are not inherently bad people, but rather, as ethical hacker Marcus Hutchins states, "kids who found something they're brilliant at, but nobody showed them how to use it for good." They are bored, curious boundary pushers who simply don't fit in with traditional recruitment methods. Fergus Hay said it best - "The same skills they use for cheating, modding, and game excellence are exactly what we need to make society safer." Why is this happening? The problem is potential, not evil. We need to harness this potential before cyber damage becomes irreversible. Read more in the article here: https://lnkd.in/eKtwZitm

Where is the line between ethical and unethical hacking? Many teenagers who “hack” aren’t trying to cause harm - they’re just curious, experimenting, and learning how systems work. But the law doesn’t always see curiosity the same way. What feels like harmless exploration can still break serious rules. Ethically, it’s even messier. Some actions might feel morally right, but they still cross legal boundaries, as cybersecurity expert John Hammond has emphasised. Former FBI agent Will McKeen raised a great point that while the legal line is usually clear, the real challenge lies in helping young people recognise that line before they accidentally cross it. So a question for you - how do we teach digital ethics in a way that keeps curiosity alive while preventing harm?