Teenagers who became hackers

They seemed so innocent until these young adults got behind a keyboard.

teenage hackers
Ólafur Páll Geirsson (Creative Commons BY or BY-SA)

Kids these days

The National Collegiate Cybersecurity Competition (NCCDC) is an annual event that seeks to get college students involved in cybersecurity. This year, as usual, the kids were playing defense, but many of the competitors had certain black-hat incidents in their past, having hacked systems as varied as insulin pump, a connect avionics system, and a beer kegerator.

There is of course a very long history of young people getting involved in hacking—it's become almost something of a cliché. We'll take a look at the trouble teens have managed to get into online since almost the beginning of "online" as a concept.

RELATED: National cyber competition reveals top security talent

2 james costa
Bret Simmons (Creative Commons BY or BY-SA)

Second (and third) acts

James Kosta was making $1,500 a year as a computer consultant as a 13-year-old, but then, to put it into his own words, fell in with a "bad crowd." Arrested at 14 after hacking IBM and GE and staring down a 45-year prison sentence, Kosta got extraordinarily lucky when a judge let him sign up for the military instead—a move that got him into the analyst division of the CIA by age 20. He struck it rich in the late '90s dot-com boom and now runs a venture capital firm.

3 jonathan james
Juanglassford (Creative Commons BY or BY-SA)

A reputation you can’t shake

Jonathan James, known as "c0mrade" online, started small, hacking into his school's computer systems, but soon escalated, and by 16 had managed to access computers at the U.S. Defense of Department and get code for the International Space Station. Unfortunately for him, he got caught, then violated his parole and did six months in prison. Tragically, he committed suicide at age 25—apparently believing he was about to be arrested for hacking TJ Maxx, a crime he says he didn't commit.

Michael Calce
abdallahh (Creative Commons BY or BY-SA)

Blame Canada

The Internet was smaller and more innocent in 2000, which is probably why a 15-year-old from Quebec was able to take down most of it. Michael Calce, who went by Mafiaboy online, launched one of the first widespread denial of service attacks against dot-com boom era targets like Yahoo, bringing much of the internet down briefly. Calce served a relatively light prison sentence in Canada and later cashed in with books about internet security and himself.

Mathew bevan

Two Brits get caught

Two British teens, Richard Pryce (who went by "Datastream Cowboy") and Mathew Bevan (who went by "Kuji") managed to remotely install a password sniffer on a U.S. Air Force computer based in Rome, and then managed to leverage that to get access to a system in Korea, worrying U.S. officials that they might set off a war there. Investigators were able to track down the two teenagers not through high-tech infosec but basic human intelligence: their monitoring got them the nicknames the two used online, and from there it was a matter of getting others in the hacker community to turn in their friends, which, after applying varying degrees of pressure, is exactly what happened.


6 microsoft

Did Microsoft mentor a teen hacker? Probably not

A teenage Irish hacker breaks into the servers for Call Of Duty, with the goal of harvesting email addresses for use in a phishing scam. But instead of cracking down and handing him over to the police, Microsoft might have mentored him and possibly offer him a job instead.

It's a feel-good story of the sort that everyone, particularly in the tech community, seems to like, which is why it spread like wildfire—and that turned out to be embarrassing when everyone had to update their posts to admit it never happened. Microsoft never offered the job, the picture that circulated was of a different kid, and the teen hacker may never have existed in the first place.

7 george hotz
George Hotz (Creative Commons BY or BY-SA)

The teen who jailbroke the iPhone

The iPhone hadn't even been on the market for a year when one of its least-loved initial features—that it was locked to AT&T and only AT&T—was cracked. The person who pulled it off was named George Hotz, aka geohot, he was 17 years old, and he did it with a screwdriver. Three years later, Geohot struck again, this time cracking Sony's PlayStation 3, which in turn led to a lawsuit from Sony that was settled out of court.

Hotz later went legit, working for a number of companies on AI software, but it seems you can't entirely undo a hacker's rebellious streak: his attempt to build a kit to make ordinary cars into self-driving vehicles ran into problems with US government regulators, leading him to abandon the project.

teen hackers

Promoting the family business

If you were online in the early '00s, the names "NetSky" and "Sasser" should be familiar to you: worms that briefly ran rampant over much of the connected universe. They were created by Sven Jaschan, an 18-year-old living with his parents in Germany; at the time of his arrest in 2004, by some estimates they represented 70% of the malware active on the internet. Some had speculated that Jaschan had released the worms to gain customers for his parents' PC support business, though the infection obviously quickly outpaced the ability of a German mom-and-pop store to contain.

Neal Patrick
Absecon (modified) (Creative Commons BY or BY-SA)

“Young, male, intelligent, highly motivated, and energetic”

Neal Patrick and his posse of teenage hackers in Milwaukee, the 414s, had some good timing. Their exploits came to light in the early '80s, right around the time that War Games was released, earning them sympathetic and admiring coverage for their exploits, which included hacking into Sloan-Kettering Cancer Center and Los Alamos National Laboratory, even though they left damage in their wake. None of them ever did any jail time, and they testified before Congress about the dangers posed by insecure systems on the nascent internet.

teen hackers

The circle before The Circle

Another group of teens who made headlines and ended up in trouble with the FBI around the same time were known as The Inner Circle. These kids—as young as 14 when the FBI came knocking—engaged in a similar series of hijinks, including hacking into the corporate email service GTE leased to Coca Cola and other big companies. (There were no anti-hacking laws on the books, but using this email without paying for it was eventually construed as wire fraud.) A writer for Gizmodo recently tracked down two circle members—one of whom is homeless in Southern California, the other a family man and computer professional in Detroit. Both cited simple curiosity, the desire to know what was out there, as the incentives for their actions.

teen hackers
Hackerstolz e.V. (Creative Commons BY or BY-SA)

Pure motivations

And that actually tracks with research on what drives young cybercriminals in general. A British study interviewed teenagers who'd been arrested for criminal activity online, and found they weren't likely to be involved with fraud, harassment, or theft. Many of them were driven by moral or political goals; some wanted to impress friends or gain status; others just wanted to prove their skills by letting companies know about their unpatched vulnerabilities. It's that last path that's most likely to take them down the road to white hat hacking.