The wording suggests that some of them aren't normal teenage behaviors and do suggest a young person is at risk. I wonder which ones they think those are.
* Is your child spending all of their time online?
* Are they interested in coding? Do they have independent learning material on computing?
* Do they have irregular sleeping patterns?
* Do they get an income from their online activities, do you know why and how?
* Are they resistant when asked what they do online?
* Do they use the full data allowance on the home broadband?
* Have they become more socially isolated?
>Many of these are just normal teenage behaviours and don't necessarily suggest a young person is at risk of getting involved in cyber crime. But if a young person is showing several of these signs, try and have a conversation with them about their online activities. This will allow you to assess their computer knowledge proficiency so you can understand what they are doing, explain the consequences of cyber crime and help them make the right choices.
At least quote the rest so you don't misrepresent what they're saying.
People don't read footnotes. If you start out with a list of "OMG warning signs" and then add an "oh, never mind" disclaimer below it, then the average paranoid parent isn't even going to read beyond the last bulletpoint before confronting their kid.
This article is extremely dangerous.
EDIT: And when I say "footnote", I mean that more generically, not just with it being literally below the content. People don't read linearly, and will almost certainly read the bulletpoints before they read the text around it.
* Has your son asked you to change ISPs?
* Are you finding programs on your computer that you don't remember installing?
* Has your child asked for new hardware?
* Does your child read hacking manuals?
* How much time does your child spend using the computer each day?
* Does your son use Quake?
* Is your son becoming argumentative and surly in his social behaviour?
* Is your son obsessed with "Lunix"?
* Has your son radically changed his appearance?
* Is your son struggling academically?
I suggest you look up Poe's Law. It can be very difficult to tell satire from the real thing when the real thing comes frighteningly close to the satire.
Interestingly, the UK government has edited this page now to remove the second and penultimate "warning signs".
The list now reads:
* Are they resistant when asked what they do online?
* Do they get an income from their online activities, do you know why and how?
* Is your child spending all of their time online?
* Do they have irregular sleeping patterns?
* Have they become more socially isolated?
Related, "The average age of suspected cyber-attackers has dropped dramatically to just 17, the National Crime Agency has said."
"We know that simply criminalising young people cannot be the solution to this and so the campaign seeks to help motivate children to use their skills more positively."
Apologies for veering slightly off-topic and the pedantry.
Is 'cyber' actually used by technically competent folk now?
It's been cropping up alot with the 'cyber' crime, 'cyber' attacks happening in 'cyber' space recently, needing improved 'cyber' security skills.
Usually the term's reserved for either mass-media outlets, or people trying to scare you.
So the answer to the question is, of course, nuanced and anecdotal.
The media has misused it so much, that much of the information security world (With the exception of pentesters from what I've seen) seems to have given up trying to use the proper terminology. They still seem to be trying to recover the term "hacker", though.
It seems like cyber is generally used for online badness (cybercrime, cyberwar) while the e- prefix is used for online goodness (e-mail, e-sports, e-commerce)
"Cyberwarfare" etc. are fairly standard words in international law, so if you are working/studying in that field you'll certainly see it being used by the technically competent. My MA Law thesis ended up including it in the title, and I'd consider myself fairly technically competent (I have a BA in Computer Science), though I'll admit it still sounds a little silly to me at times.
It used to be used only be those not in tech, but considering many major universities now have "cyber-security" degrees, I think it's mainstream now, for better or worse.
"Cyber" is used heavily in the industry, much to my chagrin. I wage a minor war of replacing "Cybersecurity" with "Information Security" anywhere I can.
I once kept a list of every cyber-* I heard at an industry conference with the idea of making Conference Cyberbingo. Notable entries included "cybertactics," "cyberstrategy," "cyberthreat".
> I wage a minor war of replacing "Cybersecurity" with "Information Security" anywhere I can.
For some reason, both of these terms make me grate my teeth!
I imagine it has something to do with only hearing "cyber" being used by people who are woefully out of date, and "Infomation Security" by people who are actually marketers that can use a computer...
Children committing crimes using computers is a real problem and should not be disregarded. See the last portion of "Reflections on Trusting Trust".
That said, this webpage is dangerous and misleading for a lot of reasons, but I'll try to focus on the problems that are actionable:
1. The "warning signs" the article enumerates are almost certainly not significantly correlated with youth who commit cyber crimes. In other words, the warning signs are probably just some made up bullshit someone with arbitrary biases came up with and put online. (Even if it accurately describes every youth convicted of cyber crime, that still doesn't mean that it's remotely likely to be correlated with cyber crime.)
In my mind, there's no material difference between teenagers who bully geeks and the author of this article -- both are identifying people who are different from them and then bullying them for being different. The only difference is that the author of this article has fooled themselves into thinking they have a justifiable excuse for painting with a broad brush.
2. The focus on computer security in the alternatives is misplaced. Especially considering the "warning signs". Far better to find the kid some bright mentors who match them intellectually in any field than to focus arbitrarily on computers -- much less computer security! A socially isolated student who's teaching themselves to program is not likely to do much more than roll their eyes if you explain to them that they could spend their life configuring firewalls and installing AV.
I object to your dismissal of my industry as "configuring firewalls and installing AV". Certainly the security industry is not for everyone, but it does have a wide variety of interesting challenges ranging from highly theoretical to highly applied. My friends and coworkers in the security community do everything from mathematics to public policy, with no small amount of software engineering and systems design in between. Many governments and members of private industry also face a significant labor shortage in security right now, which provides a certain motivation for this agency to suggest it to people.
A lot of people in the security industry would not even consider "configuring firewalls and installing AV" to be security work, in most organizations that rests with the sysadmins and network engineers, who also have a varied and challenging field.
I think you've misinterpreted me. The problem is not that security work isn't interesting. The problem is that the sorts of security-related things a teacher/parent is most likely to point their children to (most likely the school's IT staff or some ridiculous certification exam) aren't interesting.
Basically, my advice is to scrap what the article suggests and instead prefer "intellectually stimulating" to "related to security" when diverting a bright child's interests. It's often easy to find something sufficiently intellectually stimulating if you don't focus on security. Also, something related to security isn't necessarily at all intellectually stimulating (again, please don't flip my quantifier...).
> I object to your dismissal of my industry as "configuring firewalls and installing AV".
This wasn't my intention. FTR I respect security professionals and IT folk of all stripes.
But there are boring jobs in every indsutry.
My observation is only that diverting a student to the nearest person whose job has anything to do with "cyber security" is not likely to end with that student showing up at a security research lab. Similarly, I think it's a laughably bad idea to try to get a kid who is already checking out of school to prep for something like a CREST certification exam.
> Certainly the security industry is not for everyone
This was more my other point.
I doubt that most students who are interested in computers and who are also acting out using computers are necessarily interested in computer security. I think that assuming this fundamentally misunderstands/conflates two very different things going on in the student's life -- their interest in computers/science/technology, and anti-social behavior.
> A lot of people in the security industry would not even consider "configuring firewalls and installing AV" to be security work
Unfortunately most of the teachers/parents reading that webpage are unlikely to know the difference.
I get your meaning now. I would agree with you on this then - and I have seen various programs to get K12 students into or more knowledgeable about security and they've often been fairly terrible. I'm curious to evaluate the ones they refer to, but I don't have high hopes.
So every hardcore gamer is displaying the 'warning signs of cyber crime' now? Because let's face it, most of those signs also apply pretty well to die hard gamers or video game fans, especially ones who discuss them on internet forums and watch videos on Youtube.
But hey, keep buying into the crap about the average cyber criminal being your typical 'geek' or gamer type.
This article, IMHO, represents the fact that, globally, we're approaching Peak Government.
As government takes up more and more resources and provides less and less value, it also falls out of touch with reality, and then we get to this point...
38 comments
[ 3.8 ms ] story [ 78.0 ms ] threadNo. Some are just presenting normal teenage behaviours.
At least quote the rest so you don't misrepresent what they're saying.
This article is extremely dangerous.
EDIT: And when I say "footnote", I mean that more generically, not just with it being literally below the content. People don't read linearly, and will almost certainly read the bulletpoints before they read the text around it.
The list now reads:
Does your child make porn online?
"We know that simply criminalising young people cannot be the solution to this and so the campaign seeks to help motivate children to use their skills more positively."
http://www.theguardian.com/technology/2015/dec/08/average-ag...
Is 'cyber' actually used by technically competent folk now? It's been cropping up alot with the 'cyber' crime, 'cyber' attacks happening in 'cyber' space recently, needing improved 'cyber' security skills.
Usually the term's reserved for either mass-media outlets, or people trying to scare you.
The media has misused it so much, that much of the information security world (With the exception of pentesters from what I've seen) seems to have given up trying to use the proper terminology. They still seem to be trying to recover the term "hacker", though.
http://blog.oxforddictionaries.com/2015/03/cyborgs-cyberspac...
It seems like cyber is generally used for online badness (cybercrime, cyberwar) while the e- prefix is used for online goodness (e-mail, e-sports, e-commerce)
I once kept a list of every cyber-* I heard at an industry conference with the idea of making Conference Cyberbingo. Notable entries included "cybertactics," "cyberstrategy," "cyberthreat".
For some reason, both of these terms make me grate my teeth!
I imagine it has something to do with only hearing "cyber" being used by people who are woefully out of date, and "Infomation Security" by people who are actually marketers that can use a computer...
That said, this webpage is dangerous and misleading for a lot of reasons, but I'll try to focus on the problems that are actionable:
1. The "warning signs" the article enumerates are almost certainly not significantly correlated with youth who commit cyber crimes. In other words, the warning signs are probably just some made up bullshit someone with arbitrary biases came up with and put online. (Even if it accurately describes every youth convicted of cyber crime, that still doesn't mean that it's remotely likely to be correlated with cyber crime.)
In my mind, there's no material difference between teenagers who bully geeks and the author of this article -- both are identifying people who are different from them and then bullying them for being different. The only difference is that the author of this article has fooled themselves into thinking they have a justifiable excuse for painting with a broad brush.
2. The focus on computer security in the alternatives is misplaced. Especially considering the "warning signs". Far better to find the kid some bright mentors who match them intellectually in any field than to focus arbitrarily on computers -- much less computer security! A socially isolated student who's teaching themselves to program is not likely to do much more than roll their eyes if you explain to them that they could spend their life configuring firewalls and installing AV.
A lot of people in the security industry would not even consider "configuring firewalls and installing AV" to be security work, in most organizations that rests with the sysadmins and network engineers, who also have a varied and challenging field.
Basically, my advice is to scrap what the article suggests and instead prefer "intellectually stimulating" to "related to security" when diverting a bright child's interests. It's often easy to find something sufficiently intellectually stimulating if you don't focus on security. Also, something related to security isn't necessarily at all intellectually stimulating (again, please don't flip my quantifier...).
> I object to your dismissal of my industry as "configuring firewalls and installing AV".
This wasn't my intention. FTR I respect security professionals and IT folk of all stripes.
But there are boring jobs in every indsutry.
My observation is only that diverting a student to the nearest person whose job has anything to do with "cyber security" is not likely to end with that student showing up at a security research lab. Similarly, I think it's a laughably bad idea to try to get a kid who is already checking out of school to prep for something like a CREST certification exam.
> Certainly the security industry is not for everyone
This was more my other point.
I doubt that most students who are interested in computers and who are also acting out using computers are necessarily interested in computer security. I think that assuming this fundamentally misunderstands/conflates two very different things going on in the student's life -- their interest in computers/science/technology, and anti-social behavior.
> A lot of people in the security industry would not even consider "configuring firewalls and installing AV" to be security work
Unfortunately most of the teachers/parents reading that webpage are unlikely to know the difference.
But hey, keep buying into the crap about the average cyber criminal being your typical 'geek' or gamer type.
http://www.adequacy.org/stories/2001.12.2.42056.2147.html
As government takes up more and more resources and provides less and less value, it also falls out of touch with reality, and then we get to this point...