โ† Back to all modules
โš–๏ธ
โš–๏ธ Digital Citizenship ยท Week 22

Cybercrime Awareness

Understand how cybercriminals recruit young people โ€” and how to redirect your tech skills toward good.

Viewing: ๐Ÿ‘ง Age 11 ๐Ÿง‘ Age 13

Week 22: The Line Between Curiosity and Crime

Over the past 21 weeks, you've built a solid foundation in digital safety โ€” from password hygiene to identifying social engineering attacks. Now we're covering a topic that most online safety programs are afraid to touch: how teenagers just like you end up committing cybercrimes, sometimes without even realizing it.

This module isn't about being a victim. It's about making sure your tech skills don't put you on the wrong side of the law. Because here's the uncomfortable truth: the average age of cybercrime arrest in the UK is 17, the FBI puts the average age at 19, and kids as young as 7 have been identified in cybercrime investigations.

The Legal Framework You Need to Know

In the U.S., the primary cybercrime law is the Computer Fraud and Abuse Act (CFAA), passed in 1986 and updated multiple times since. Similar laws exist worldwide:

๐Ÿ‡ฌ๐Ÿ‡ง UK: Computer Misuse Act 1990 โ€” Up to 10 years in prison for unauthorized access or modification of computer systems.
๐Ÿ‡ช๐Ÿ‡บ EU: Directive on Attacks Against Information Systems โ€” Harmonizes cybercrime laws across member states.
๐Ÿ‡ฆ๐Ÿ‡บ Australia: Criminal Code Act, Division 477-478 โ€” Covers unauthorized access, modification, and impairment.

These laws are broadly written on purpose. They don't require you to cause damage โ€” just accessing a system without authorization is enough. They don't have minimum age requirements. And they apply whether you were "just curious" or acting with criminal intent.

Key legal concepts:

  • Unauthorized access โ€” Accessing any computer, account, or system without permission, even if it's not password-protected.
  • Exceeding authorized access โ€” Having some access but going beyond what you're allowed to do (like an employee accessing files they shouldn't).
  • Trafficking in passwords โ€” Sharing, selling, or buying login credentials.
  • Conspiracy โ€” Even planning a cyberattack or helping someone plan one is a crime.

Categories of Cybercrime Teens Commit

Here's a breakdown of cybercrimes that teenagers commonly get involved in โ€” often thinking they're harmless:

1. DDoS Attacks (Distributed Denial of Service)
Flooding a website or server with traffic to make it crash. "Booter" and "stresser" services make this trivially easy โ€” enter a target, pay a few dollars (often in crypto), and the attack runs automatically. It's still a felony.

2. Unauthorized Access / Hacking
Breaking into systems โ€” school networks, social media accounts, game servers, company databases. Even if you don't change anything, unauthorized access alone violates the CFAA.

3. Malware Creation and Distribution
Writing, modifying, or spreading viruses, trojans, ransomware, keyloggers, or RATs (Remote Access Trojans). Sharing "cracked" software bundled with malware also counts.

4. Doxing and Swatting
Collecting and publishing someone's personal information (doxing) or making a false emergency report to send police to someone's address (swatting). Swatting has resulted in innocent people being killed.

5. Fraud and Financial Crimes
Using stolen credit cards ("carding"), money muling (transferring stolen funds through your account), cryptocurrency scams, and account takeovers.

6. Data Theft and Sale
Stealing databases of usernames, passwords, personal information, or intellectual property and selling them on dark web markets.

The Gray Areas That Aren't Actually Gray

Some situations feel ambiguous but legally are not:

โŒ "I found a vulnerability in my school's system and just looked around." โ€” Still unauthorized access. Report it to the IT department instead.

โŒ "My friend gave me their password, so I had permission." โ€” Maybe your friend gave permission, but the service's Terms of Service prohibit sharing accounts. And if you do something your friend didn't authorize, you've committed a crime.

โŒ "I used public Wi-Fi, so it's public." โ€” An open network doesn't mean you have permission to access the devices or systems connected to it.

โŒ "I was just doing research for a school project." โ€” Researching cybersecurity is fine. Actually testing attacks against real systems you don't own is not.

โŒ "The website was poorly secured โ€” it's their fault." โ€” Leaving your door unlocked doesn't make burglary legal. Same principle applies online.

The Golden Rule of Cybersecurity Law

Do you have explicit, written permission from the system owner to do what you're about to do?

If yes โ†’ proceed carefully and within the scope of that permission.
If no โ†’ stop. Full stop.

This rule applies whether you're 13 or 30. The technical ability to do something never equals the legal right to do it.

1 / 5

๐Ÿ›ก๏ธ CyberSafe โ€” Online safety training for the whole family.