"Is my child a Hacker™?"

Posted on February 23, 2020 by Geo in Tech Software Security Privacy.

1316 words | 8 minutes

Header image
Photo by me -- courtesy of a dear friend of mine who, conveniently, wishes to remain Anonymous (;

I have recently witnessed yet another episode of “informative material” being distributed here in the UK to “raise awareness” about “hacker children”.
The reason behind this abundance of quotation marks will be clear very shortly – or already is, if you’ve read the subtitle.

The document I’m referring to is this poster, distributed by the West Midlands Crime Unit and the National Crime Agency. This has also brought to my attention an older article, published by The Liverpool Echo about 3 years ago: this episode, while seemingly isolated, appears to be part of a recurring cycle.
Such a recurrence is simply outrageous, and must absolutely not go unopposed lest it become a stable trend.

And while the notable responses are many – such as this article by The Register and even a tweet from Kali Linux themselves – I feel like proposing my own, personal take too.

Starting with the more recent poster, it’s immediately clear how inconsistent the information that’s being diffused is.
While some of the mentioned tools, despite being specifically designed for authorised penetration testing, sometimes do indeed end up in the wrong hands, in no way does this imply that they are strictly tied to malicious practises: Offensive Security, the company behind Kali Linux, is among the main providers of information security certificates, widely renowned in professional environments. On top of that, other mentions on the poster are not even close to being related to the field: for example, virtual machines are an incredibly useful tool for tinkering on computers in a safe and secure way, while Discord is nothing more than a voice chatting platform mainly used for gaming.

Luckily there isn’t much more to the poster, but the article is a literal goldmine.
Where the former focused on software products, the latter lists an ever-improving handbook of allegedly suspicious practices, most of which can be found to actually be common or meaningless behaviours with just a touch of common sense: spending time and interest on a computer, having multiple email addresses or social media profiles, having “an odd sounding nickname”, the list goes on… And even mentions any internet connection slowdowns among the evidence. It also nonchalantly suggests employing “monitoring tools” for a stricter surveillance – all while reminding that a child’s active curiosity is yet another sign.

But the cherry on top comes with the article’s unfounded claim that “children with Autism and Asperger’s [sic] could be more vulnerable to becoming hackers”.
So, not only does this trend promote a toxic, invasive approach to parenthood: it even fosters a conspirational mindset, based on groundlessly connecting elements that offer a strong grip for controlling and manipulating the scaremongered masses.

For the record, overlooking this outdated labeling of ASDs, respectable organisations such as The Cyber Neurodiversity Group are striving to highlight the unconventional strenghts of neurodiverse people’s approach to the cybersecurity sector, in order to engage them more and make it a truly diverse and inclusive environment.

Now, many of the tools demonised in both documents are privacy-oriented alternatives to mainstream products, most notably Tor: while too often portrayed as being the $ root of all digital evil for allowing access to the “dark web” (the trendy name was once “deep web”, now it’s apparently shifted…), it’s actually a transparent and reliable tool for browsing the internet in a truly private, anonymous and free fashion, as it must be.

Privacy is a fundamental human right, as stated under Article 12 of the Universal Declaration of Human Rights:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

And children do not fall short of “everyone”: sure, leaving them completely unwatched definitely isn’t a wise parenting strategy; on the other hand, invading their personal space isn’t any better: surveilling and installing monitoring tools on their computers only to label as “hacking” any efforts to reclaim their privacy is an unhealthy variation on the responsible overseeing that should take place, and it will only make them grow more secretive and elusive anyway.

As you can see, these two documents are slightly different for a number of reasons, but they have in common the core structure and message they convey: parents, despite allowing their children to prematurely yet unsupervisedly approach computers and the internet, are still entitled to the surveillance of their children’s digital life, and should be horrified at the least hint of childish behaviour, let alone the presence of any unknown piece of software on their own machines.
It is a message that fosters paranoia and falls nothing short of psychological terrorism – on top of the clear misinformation that it diffuses; message which it delivers in the typical fashion of scaremongering media: unfailingly proposing easily misunderstandable practices as suspicious, and powerful tools meant to be used responsibly as outright criminal.

You will maybe have also noticed a lack of words like “hacking” and “hacker” in my writing, which might appear quite curious in the context of such a post.
However, this is completely intentional, and backed up by a thorough evaluation: hack– derived terms are used in very different meaning depending on what environment they appear in, and I believe this is a core cause of the stigmatisation around these words, and their concepts in turn.
The difference lies in their connotation: in the context of these documents, and similar material mainly aimed at non-technical people, they mostly assume a negative meaning, evoking strictly unethical, malicious or even criminal – yet vague – practices; on the other hand, in more technical or professional environments, they’re either used ironically, with a positive connotation closer to the sense of challenge, or ditched in favour of more meaningful expressions. That is to say, while “hacking” commonly refers to performing illicit cyberattacks on other people’s computers, it is more frequently used among specialised people in the sense of running penetration testing challenges on dummy machines, or even “hacking together” a software or hardware product.

The outtakes this cycle left me with are bittersweet at best.
I can try my best to see the silver lining by considering and appreciating any efforts to fight crime and educate children and teenagers to a healthier approach to cybersecurity – and many such movements are enacted by respectable organisations, surprisingly enough even the ones mentioned in the documents.
However, those efforts don’t come as makeshift surveillance programmes aimed at scaremongering technically unskilled parents into paranoically violating the privacy of “the youth”. Rather, they should promote a wider, more comprehensive technical education for everyone as the path to a healthier digital life overall; as for the children, parents should be advised to adopt a more responsible presence towards their offspring’s relationships with computers and the internet: a wholesome approach to hacking is made of a solid technical knowledge and a deep ethical foundation; bigotry and censorship will only result in the opposite.