Full Report
Only a select few continue into later life, mainly for the love of the game Young threat actors may be rebels without a cause. These cybercriminals typically grow out of their offending ways by the time they turn 20, according to data published by the Dutch government.…
Analysis Summary
# Main Topic
Analysis of adolescent cybercrime trends based on data published by the Dutch government, indicating that the vast majority of young threat actors cease their illegal activities by the age of 20.
## Key Points
- Young cybercriminals typically cease offending by the time they reach age 20, aligning with general trends observed across various types of adolescent crime.
- Cybercriminals tend to develop skills early, often through engagement in "hacking games."
- Teenage cyber offenders are among the least common offense types for adolescents, alongside weapons or drug offenses.
- A 2013 study of 323 cybercriminals found that 76% reached peak offending at age 20 before gradually moving away from the trade.
- Only about four percent of early black hat actors maintain a high likelihood of continuing criminality well beyond their 20s.
- The continuation of criminality among the few who persist may be driven by continued curiosity and skill development, rather than solely extrinsic factors like money (per a 2016 study).
- Longitudinal research specific to cybercrime is noted as lacking and potentially outdated compared to studies on traditional crimes.
- The overall social cost of adolescent crime in the Netherlands is estimated at €10.3 billion ($11.9 billion) annually, though the specific cybercrime component was not quantified in the report.
## Threat Actors
- **Target Population:** Young individuals exploring criminal tendencies, often termed "rebels without a cause."
- **Persistence:** Only a select few (around 4%) continue into later life, often driven by a continuing "love of the game" or technological curiosity.
- **Attribution:** No specific named threat actor groups were identified in relation to this developmental trend analysis.
## TTPs
- **Skill Acquisition:** Cyber skills acquisition noted to occur early, often through "hacking games."
- **Peak Activity:** Peak criminality for these younger actors generally occurs around age 20, fluctuating between 17 and 20 depending on the decade examined.
- **No Specific Technical TTPs:** Due to the nature of the report focused on demographics and cessation rates, specific tools or compromise techniques (IoCs) were not detailed.
## Affected Systems
- The report focused on the demographic lifecycle of the offenders, not specific targets or tools used.
- The related economic impact data mentioned costs associated with attacks on major hospitals (£11.14 million per year) and a 2016 estimate of €10 billion in annual costs for Dutch organizations, but these are general context points, not specific victims associated with the adolescent offenders studied.
## Mitigations
- The context provided focuses on a socio-demographic observation about desistance from crime. Therefore, no direct, technical mitigations against specific malicious TTPs were mentioned.
- The underlying implication is that as these actors age out of the behavior, the volume of low-level activity may naturally decrease, though the persistent 4% remains a threat.
## Conclusion
The primary intelligence finding is that adolescent cybercriminality is predominantly transient, with most participants ceasing activity around age 20. While this suggests a natural attrition rate for a segment of the threat landscape, the research acknowledges significant gaps in modern, longitudinal tracking necessary to accurately assess the ongoing social and financial costs associated with the small percentage who do persist and evolve their tradecraft.