11 signs your kid is hacking -- and what to do about it

Here’s how to find out if your child is involved in malicious online activity -- before the authorities do

I've shared a lot of security knowledge in my tenure as InfoWorld's Security Advisor. But what I've never shared before is that much of my initial computer security defense knowledge, which I turned into my first book, came from trying to stop my teenage stepson from being a malicious hacker.

I was newly dating his mother and he was a precocious 15-year-old who liked messing around with electronics and computers. He and his closest friends also flirted with malicious hacking, including harassing "ignorant" users, DoS-ing popular computer networks, making malware, and all sorts of unquestionably illegal and unethical hacking behavior.

His neighborhood computer hacking club eventually suffered a big takedown by the authorities. Luckily for him, and us, he had dropped out of illegal hacking activity a year before -- but not before he fought against me and his mom's rules and disguised his continuing hacking activities for many months. It was a daily (and nightly) battle of my latest defense against his new workaround. His mom and I even found previously unknown network cabling run through the attic and several hidden servers, proxy servers, and VPN switches. I learned a lot about hacking by trying to defeat his methods, and he learned that new potential stepdads trying to impress his mother were just as persistent -- and at times smarter.

His mom and I recently celebrated 16 years of marriage, and we're a happy family. In the years since fighting my stepson, I have detected many teenage hackers and have been asked by readers to counsel their hacking kids. No doubt a fairly substantial percentage of teenagers are maliciously hacking on a daily basis under the radar of their parents, who usually think their children are simply exploring what their computers can do and innocently conversing with their computer friends.

Hacking can provide a new world of acceptance and empowerment, especially for smart teenagers who are not doing all that well in school, are bored, or are getting harassed by other teens or by their parents because they "aren't working to their full potential." In the hacking world, they can gain the admiration of their peers and be mini-cyber rock stars. It's like a drug for them, and a good percentage can turn permanently to the dark side if not appropriately guided.

The following signs can help you ascertain whether a young person in your life is involved in unethical, illegal hacking. Some of the signs may be typical teenage behavior, given their grave interest in privacy, but enough of these signs together can point toward something more problematic. If you do find suspicious malicious activity, rest assured that you can turn a young hacker onto using their hacking skills for ethical, positive purposes, as I outline below.

1. They flat out tell you (or brag about how easy it is to hack)

It may be hard to believe, but many parents hear their children make direct claims about their hacking activity, often multiple times, and blow it off. They either don't know what "hacking" means, or they assume good little Johnny isn't doing anything stupid. Well, they might be.

Most hacking is easy: You read a hack how-to and then do it. Often it's as easy as downloading a tool and pushing the GO button. On TV, hackers are always portrayed as masterminds. In reality, they're usually more ordinary than genius. They read and learn. Persistence is their most outstanding trait.

Kids who get into malicious hacking often feel guilty about crossing the ethical line early on. Telling close friends and even their parents about their newly gained skills can be a way of reaching out and communicating that sense of guilt. Though most don't realize it, they often want their parents to offer guidance at this critical junction. Sadly, most parents and friends who hear these claims and confessions don't know what to make of them, leaving their child or friend to sort out the conflict on their own. The results aren't always for the best.

2. They seem to know a little too much about you

Kids who hack often start with those closest to them: Their parents. If your child seems to know something they could know only by reading your email or other online activities, your radar should be up.

It's not uncommon for hacking kids to monitor their parents' online activities, usually in hopes of capturing admin passwords or to learn how to turn off any anti-hacking devices, such as firewalls and parental controls, that you may have set up. (And you thought the monitoring was the other way around.) But then curiosity gets the best of them and they end up reading their parents' emails or social media chats.

I've had more than one parent tell me they couldn't figure out how their kids were getting around parental blocks, until they looked into the logs and saw that their parental blocks were being disabled and re-enabled frequently. Or their child made a snide remark or alluded to something they could have known only by reading a parent's confidential communications. If your hacking kids seem to know more about you than you've shared, it's a sign. Pay attention.

3. Their (technical) secrecy is off the charts

Every teenager wants 100 percent confidentiality on their online activities, regardless of whether they are hacking. But sophisticated protection, including encryption of all communications, files, folders, chats, and applications, may be a sign there's something else going on besides garden-variety teen secrecy.

The tip-off? If you get on your child's computer and can't see any of their activity. If they always clear their log files and browser history, every time, and use special programs to encrypt files and folders, that's a possible sign. Or if encryption settings on their applications are set to a level stronger than the program's defaults. Any indication that they feel the built-in disk encryption and separate user profile protections aren't enough should have you asking, for what kind of activity?

4. They have multiple accounts you can't access

Many kids have multiple email and social media accounts. That's normal. But if your child has a main email and social media account they don't mind you reading and you come across signs that they have other accounts and log-ons they will not share, make a note of it. It may not be malicious hacking; it could be porn or some other activity you would not approve of (talking to strange adults, buying alcohol, purchasing weapons, etc.). But any sort of absolute privacy should be investigated.

My stepson and his hacking friends had a half-dozen account names. I could see them when I read through the firewall and packet filtering logs. I knew he had them, even when he was denying it. He was surprised to learn that PGP (Pretty Good Privacy) encryption didn't encrypt the whole email. I explained how all email encryption had to allow the email headers to remain in the clear so they could be appropriately routed and handled. After that conversation, all the "secret" accounts disappeared from my future log captures. He didn't stop using them; he just downloaded a new email encryption program, which did perform complete, end-to-end encryption. (Refer to the previous sign about encryption, above.)

5. You find hacking tools on their computer

If you suspect your kid is hacking, take inventory of all the programs and tools you can find on their system. If your kid doesn't think you'll do it or doesn't know you've done it, you might get lucky and they might not be encrypted -- yet. In fact, if you find lots of encrypted files and programs, that's a red flag, too.

Port scanners, vulnerability scanners, credential theft programs, denial-of-service tools, folders of stored malware -- these are strong signs your kid is hacking. If you're not computer-savvy enough to recognize these tools, note the file names and search the internet. If more than one of the unknown programs points back to a hacker (or a computer security defender) website, you probably have a problem.

Why are tools to help defend against hackers a red flag? Isn't that a sign your child wants to become a high-paid computer security consultant when they grow up? Sadly, not usually. I've yet to meet the kid who decided to become a computer security expert before college, unless they'd been defending themselves against other aggressive hackers as a teen.

Young hackers usually end up getting hacked by others, either from their own hacking groups or other hacking groups. Once they've been actively targeted and broken into once or twice, they will often concentrate on their own defenses. You'll see firewalls they've downloaded and configured (the built-in ones aren't enough in their eyes) and proxies (to hide their IP address or ports), and they will be scanning all the computers in the house for vulnerabilities, which they will admonish you to fix.

My stepson even let us know he had called the cable company and gotten us a new IP address. When I asked why, he told me that hackers were attacking us. I wondered why that might be, but then again the firewall was always showing hundreds to thousands of unauthorized probes and packets every day anyway. What I didn't know was that he was engaged in an all-out cyberwar with a competing hacking group.

Join the CSO newsletter!

Error: Please check your email address.

Tags parentinghacking

More about BossPGPPretty Good Privacy

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Roger A. Grimes

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place