Last week an Oxford teenager was arrested and accused of being one of the leaders of the Lapsus$ extortion gang, he is alleged to have amassed a $14m (£10.6m) Bitcoin fortune from hacking.
The teenager has autism, a form of neurodiversity, and attends a special educational school. His shocked dad said “He is very good on computers and spends a lot of time on the computer. I always thought he was playing games.”
It’s certainly not the first time that an individual with neurodiversity has been accused and charged with hacking. Several of the UK’s highest-profile hackers have been young autistic people.
Just think back to 2002 when Gary McKinnon was accused of perpetrating the “biggest military computer hack of all time, of hacking into 97 United States military and NASA computers. He claimed he was looking for evidence of a cover-up of UFO activity and posted a notice on the military’s website saying “Your security is crap”. After a long legal battle, in October 2012 his extradition to the US was blocked with the then UK home secretary stating “there is also no doubt that he is seriously ill … He has Asperger’s syndrome, and suffers from depressive illness.”
Junaid Hussein, another teenage hacker, was jailed for six months in 2012 after purportedly gaining access to the private data of individuals including Tony Blair and Nicholas Sarkozy.
In 2013 a 16 year old boy suffering from mental illness, Seth Nolan-McDonagh, carried out the biggest Distributed Denial of Service (DDoS) attack ever seen.
In 2017 20-year-old Adam Mudd was jailed for two years for creating and selling a tool that was used by himself and others to perform more than 1.7m attacks on websites and internet services.
And in 2018 an autistic British man, Lauri Love, accused of hacking into U.S. government agencies won his appeal against extradition to the United States but was told he should be prosecuted in Britain instead.
In daily life, a neurodiverse person’s obsession with organisation, details and repeating patterns can be debilitating, yet the repetitive logic challenges of programming offers these young individuals a type of work at which they can excel.
Unfortunately many gifted neurodivergent individuals fall into the trap of the darker side of programming and indeed the web. Social difficulties, their inability to predict the consequences of their actions and to see the bigger picture, all compromise their online safety.
It is estimated that between 5-10% of the UK is neurodiverse, neurodiversity is a term used to describe several conditions including, but not limited to: Dyspraxia, Tourette’s Syndrome, Autism, ADHD, Dyslexia and Dyscalculia, and sadly it is also estimated that only 15% of neurodiverse people are in employment.
Therefore isn’t it about time that we embrace neurodiversity within the cyber security industry and channel these skill sets to not only plug the industry skills gap but to also offer neurodivergent individuals positive employment and career opportunities on the right side of the law?
Without doubt there is a wealth of untapped potential in hiring neurodivergent individuals. Here at Infosec Partners we have a number of team members with differing neurological backgrounds. They are exceptional individuals, all brilliant at their jobs, all bringing their own uniqueness to our business. We certainly embrace the benefits that different minds and viewpoints offer. We are making a push to offer more neurodivergent individuals work experience, training programmes, support and opportunities within the cyber security industry.
Thankfully we are not alone. The IASME consortium, who we recently developed the Maritime Cyber Baseline certification scheme with, have produced a guide for organisations wishing to include neurodivergent people in their workforce. They have also developed a training scheme for neurodiverse individuals in cyber security.
With this week being World Autism Acceptance Week, and with neurodiversity being front of mind after last week’s arrest, we are asking others within the industry to be mindful of how they too can accept, support and embrace neurodivergent individuals within their businesses.
- IASME guide for those wishing to include neurodivergent people in their workforce
- IASME training scheme for neurodiverse individuals in cyber security
- National Autistic Society employment advice and guidance
- NeurodiversityHub resources for employers
- CIPD Neurodiversity at work guidance
- ACAS Neurodiversity at work resources