Inside the World of Teen Cybercrime

In 2022, a Finnish psychotherapy middle referred to as Vaastamo suffered one of the most intimate information breaches in latest reminiscence. Thousands of remedy sufferers, individuals who had sought assist at their most susceptible, discovered their non-public session notes stolen and held for ransom. It is with this hack that Joe Tidy opens “Ctrl+ Alt+ Chaos,” and it’s an efficient place to start out. The man behind it, Julius Kivimäki, turns into the guide’s central determine, a hacker whose actions, and the reactions he provokes from the wider hacking group, permit Tidy to hint the full arc of cybercrime tradition, from its earliest incarnations in the Eighties by to the emergence of the most up-to-date teenage cybercrime gangs. Along the method, Tidy provides voice to all sides of the story, the motivations of the hackers themselves, the experiences of the victims, and the frustrations of the investigators tasked with catching Kivimäki.

Tidy’s guide is the newest entry in a rising literature on hacking subculture. Gabriella Coleman’s 2015 research of Anonymous, “Hacker, Hoaxer, Whistleblower, Spy,” remains the most rigorous academic treatment of a hacking group, bringing an anthropologist’s patience to questions of identity and motivation that Tidy largely leaves open. Jonathan Lusthaus’s “Industry of Anonymity” maps the more organized, financially driven end of cybercrime with similar scholarly precision. What Tidy offers is something different: not a shift in our theoretical understanding of why young men are drawn to these subcultures, but an account that makes the phenomenon feel viscerally real in a way academic work rarely achieves.

Reading “Ctrl+ Alt+ Chaos,” one could be forgiven for thinking one had wandered into a Nordic noir thriller. The atmospheric tension and the morally complex characters lurking in digital shadows are reminiscent of Jo Nesbø at his best. That these people are entirely real makes the characterization all the more remarkable. Tidy renders his subjects, hackers and the investigators pursuing them, with a vividness that is rare, especially when writing about cybersecurity.

Tidy is equally skilled at capturing the emotional texture of being on the receiving end of an attack, the palpable fear and creeping anxiety of discovering that your most personal details are in someone else’s hands, that you are being held to ransom by a stranger who knows more about you than you would ever want them to. By grounding these dynamics in real experiences, Tidy transforms what might otherwise feel like an abstract threat into something viscerally human, which is really what is needed to help translate a digital threat into an actionable concern.

Tidy also has a sharp eye for the peculiar rhythms of the cyber world, the long stretches of boredom and mundanity that characterize so much of cybersecurity work, punctuated by sudden moments of fierce intensity, the thrill of breaking something, fixing something, or catching someone in the act. I would consider myself to have a competent, if not confident, understanding of the cybersecurity ecosystem, and there were many things within the book that I learned about the hacking subculture, and cyber incidents I wasn’t aware of. Tidy has clearly immersed himself in the research for many years.

Tidy is well placed to tell this story. As the BBC’s first dedicated cyber correspondent, he has spent the best part of a decade covering major cyberattacks across television, radio, and digital platforms, having previously reported for Sky News. His interest in the world of teenage hackers was sparked by covering the Lizard Squad’s Christmas Day 2014 distributed denial-of-service attackwhich took down Xbox and PlayStation. And he has been following the thread ever since—traveling to the US, Russia, Ukraine, and beyond to track down key figures in the cybercrime world. “Ctrl+Alt+Chaos” is in many ways the natural culmination of that body of work, a long-form exploration of a subject he knows better than almost anyone in British journalism.

The first three chapters of “Ctrl+ Alt+ Chaos” follow Tidy’s investigation into one of the most prolific and intriguing figures in recent cybercrime, a known hacker, at the start of the story, only as “Ransom_man,” the architect behind the Vaastamo hack. Ransom_man, also known as Zeekill, was also a key member of Lizard Squad at the time of their Christmas Day 2014 attack. It is a remarkable case study, pursued with real tenacity.

Tidy uses his account of Ransom_man, that is, Julius Kivimäki, in order to sketch a demographic and psychological portrait of the group of teenage hackers who have played an outsized role in pioneering many types of cybercrime. That portrait is striking in its consistency. Usually male, often white, frequently from a reasonably stable home environment, these hackers begin their exploits in their teens. Some have an illness that keeps them housebound; others are simply left alone in their bedrooms for long stretches of time. But their most consistent features are social isolation and a deep immersion in computer gaming.

Tidy is careful to note that the vast majority of young people who fit this profile never come anywhere near cybercrime. Yet that caveat only sharpens the question he leaves hanging: What is it, exactly, that tips a socially isolated teenage gamer into becoming a callous and prolific hacker? Infamy, Tidy suggests, can become its own reward. He makes a convincing case that lenient sentencing has compounded the problem considerably: When the worst realistic outcome is a confiscated laptop and a suspended sentence, the deterrent effect is minimal.

There is something about the ethical contortions of the hacker groups Tidy describes, such as LulzSec or LizardCrew, that brings to mind “The Sopranos,” David Chase’s landmark HBO drama following Tony Soprano, a New Jersey mob boss navigating the competing demands of organized crime and suburban family life. Tony is, by any conventional measure, a reprehensible man, yet he operates according to a rigid internal code: Wives and children are off limits, full stop. It is a moral compass that points in an entirely self-determined direction, but it is a compass nonetheless.

The hacking community’s initial reaction to the Vaastamo hack carries a similar quality. When it emerged that Ransom_man had released the private mental health records of therapy patients, some of the most intimate data imaginable, the response from within the community was one of revulsion. Even among groups with a casual relationship to legality and harm, this was a step too far. It was not an isolated moment either. Operating under a variety of pseudonyms—a rotating cast that can, at times, become difficult to track—Ransom_man went on to conduct himself in ways that made him enemies across the hacking community over the following decade. This response is a reminder that even cultures built on transgression draw their own lines, and that crossing them provokes genuine outrage from within. (On a lighter note, readers should be warned that almost every hacker in the book appears to be called Ryan, or to have adopted Ryan as a pseudonym at some point. I am unsure whether this reflects something profound about the demographics of cybercrime, or simply an extraordinary coincidence, as Tidy suggests.)

Chapters 4 to 11 pull back from Tidy’s investigation of Ransom_man/Kivimäki’s origin story to a broader history of hacking culture itself from the early 2000s to the present day. Tidy covers some of the most notorious groups to have shaped the landscape, including Anonymous, LulzSec, Hack the Planet (HTP), and Lizard Crew, mapping a subculture that is at once anarchic, tribal, and guided by its own strange moral logic.

Tidy also explores the continued evolution of tactics and techniques, a playbook that evolved to add “swatting” (calling armed police to respond to unsuspecting innocent victims), calling in bomb threats, harassment, doxxing (releasing personal details of people online), and cyber stalking. Throughout the book, it is clear just how ill-equipped most legal systems are to deal with the highly technical nature of forensic cybercrime evidence, and the distinct lack of legal tools to deal appropriately with minors who commit hacking offenses.

Chapter 12 onward returns to the Vastaamo hack and Kivimäki’s eventual arrest. The book ends with a look ahead to the continued rise and fall of youth cybercrime gangs, the most recent iterations including Lapsus$ and The Com (short for The Community).

The continuous cycle of young people, primarily men taking to the internet to do horrible things to people for money, reputation, and the urge to create chaos might make someone question what is to be done. Tidy offers a short reflection on various approaches that could be, and have been, employed to tackle youth cybercrime. These include harsher punishments, education, encouragement of diversity in computing subjects in schools, and schemes designed to convert teenage hackers into white hat hackers, hacking “for good.” Although these solutions may have been successful in some ways, there are still many teenage hackers out there, conducting activities that Tidy can continue to write about, and the needle has not been moved significantly.

Tidy is not a neutral observer, and he makes no pretense of being one. His moral assessment of his subjects is open, at one point classifying them as “immature, misguided and cruel boys.” That authentic author’s presence gives the book a charged, personal energy that many books so often iron out. As a researcher, I spend considerable effort moving in the opposite direction, striving for neutrality, careful not to let judgment contaminate analysis. Reading Tidy, then, is a truly refreshing experience, a reminder of what is possible when a writer is freed from those constraints and permitted simply to say what he thinks. It is honest, it is direct, and it is, frankly, fun to read.

As a researcher, however, I finished “Ctrl+Alt+Chaos” with more questions than answers, and I mean that, in large part, as a compliment. Tidy has written a superb contextual piece, one that illuminates the cyber underworld and its impact on people, with clarity and color. The academic in me kept pressing at the edges of the frame, however, wanting Tidy to go further.

Why do certain young men seek out the internet subcultures that so reliably produces misogynycruelty, and what may generously be referred to as testosterone-fueled competitions? What structural or psychological circumstances make that pull so highly effective, and what, if something, could be performed about it? I discovered myself wanting Tidy to interrogate the inner cultures of these teams extra intently. What accounts for the distinction between Anonymous’s earnest, if subjective, ethical grounding and the informal cruelty of different hacking crews? What turns a gaggle of disaffected younger males into digital vigilantes in a single occasion, and into one thing far darker in one other?

Tidy floats an intriguing thought early on about Twitter’s emergence in 2006 as an inflection level in hacking tradition’s evolution, the potential to put in writing anonymously in brief type and construct branding and followers, a second at which the want for fame and infamy started to reshape the crews themselves. It is a compelling speculation, however the guide leaves the query open, and I believe the reply to that query, together with others I used to be left with, would inform us one thing vital not nearly hackers, however about the cultures that produce them.

If you need a clear, context-setting piece that opens up the world of cybercrime and teenage hackers, explains unusual terminology, cultural oddities, and key personalities, and helps you come to grips with a distinct segment ecosystem in a really pleasing package deal, then that is the guide for you.