Chasing The Most Hated Hacker In History - Joe Tidy
Here are the top 10 key takeaways from Joe Tidy's deep dive into the world's most notorious teenage hackers and the evolving cybercrime landscape.
1. Scattered Spider represents a new breed of loosely coordinated teenage cybercriminals
Scattered Spider is a collective of hackers causing significant disruption across the UK and US, responsible for major attacks on retailers like M&S, Co-op, and Harrods. Unlike traditional cybercrime organizations, they operate as a loose network that coordinates through Discord and Telegram rather than formal hierarchies. The group gets its name from cybersecurity firm CrowdStrike, which coined the term "Scattered" to reflect their disorganized nature and "Spider" as their designation for cybercrime groups.
What makes Scattered Spider particularly concerning is their apparent disregard for operational security and consequences. They're part of a larger online community called "the Com," which consists of thousands of digital delinquents engaging in various forms of cybercrime and harassment. These groups have evolved from the earlier Anonymous-style activism into profit-driven criminal enterprises focused on financial gain and online notoriety.
2. Social media transformed hacking culture from exploration to fame-seeking
The rise of Twitter fundamentally changed hacker motivations from benevolent exploration to clout-chasing criminal behavior. Before Twitter, social networks were about connecting with existing networks, but Twitter introduced followers, retweets, and likes - creating a culture of online fame. This shift became apparent around 2011 when LulzSec emerged as the first major teenage cybercrime gang seeking attention through social media.
The transformation moved hackers away from their traditional role as internet security improvers toward becoming criminal gangs causing mayhem for profit and recognition. While many have now migrated from Twitter to more insular communities on Telegram and Discord, the fundamental drive for online clout and infamy remains central to their activities. Interviews with arrested hackers consistently reveal their love for the attention and notoriety that social media platforms provided.
3. Cryptocurrency enabled the monetization of teenage hacking
Bitcoin's emergence as a viable currency around 2011-2013 provided teenage hackers with an untraceable way to profit from their activities. Before cryptocurrency, cybercriminals relied on credit card fraud or gift card schemes, which were easily traced by banks and law enforcement. Bitcoin eliminated these barriers by allowing criminals to receive payments directly into anonymous wallets without bank intervention.
This financial incentive transformed what was previously done "for the lulz" into serious criminal enterprises. The anonymity and difficulty of tracking cryptocurrency transactions made it the perfect tool for ransomware payments and extortion schemes. Without cryptocurrency, much of today's cybercrime landscape would be significantly more difficult to execute and monetize.
4. Modern cybercrime combines social engineering with technical exploitation
Most successful cyberattacks begin with social engineering rather than sophisticated technical hacking. Attackers typically call IT help desks pretending to be employees who've forgotten their passwords, exploiting human vulnerability rather than system weaknesses. Once inside a network through these deceptive tactics, hackers then deploy technical skills to spread throughout systems and install ransomware.
Ransomware has become the primary threat in cybersecurity, completely crippling organizations by encrypting all their data and demanding Bitcoin payments for decryption keys. The attacks force companies back to medieval-era operations using pen and paper, with some hospital systems losing access to critical scanning equipment. Major incidents like those affecting M&S demonstrate how ransomware can disrupt supply chains and leave store shelves empty.
5. Julius Kivimaki represents the evolution from teenage troublemaker to international criminal
Kivimaki's journey from Lizard Squad member to one of the world's most wanted hackers illustrates how teenage cybercriminals can evolve into serious threats. Starting with the 2014 Christmas attacks on PlayStation Network and Xbox Live, he demonstrated a complete lack of remorse and operational security. His willingness to appear on television without disguising his identity showed the arrogant mindset common among these teenage hackers.
The Vastaamo hack in Finland marked his transition to truly heinous cybercrime, stealing psychotherapy notes from 33,000 patients and extorting individual victims. His accidental upload of his entire computer directory while trying to release patient data led to his eventual capture. The case demonstrates how teenage hackers often lack the sophistication to cover their tracks despite their technical abilities.
His capture in Paris under a fake Romanian identity, followed by his cavalier attitude during trial proceedings, exemplifies the persistent arrogance of these criminals. Even when granted bail, he fled and had to be tracked down through social media posts showing expensive champagne in an identifiable Airbnb location.
6. Gaming serves as the primary gateway into hacking communities
Every cybercriminal interviewed follows the same pathway into hacking: starting with computer games like Minecraft or Runescape, then seeking advantages through cheats and modifications. This leads them to hacking forums where they learn to manipulate games, gradually expanding their skills to more serious cyber activities. The National Crime Agency's 2015 research confirmed this pattern among all convicted cybercriminals they studied.
What begins as innocent curiosity about game mechanics evolves into exploring unauthorized computer systems. The progression typically accelerates when Bitcoin enters the picture, transforming playful hacking into serious criminal enterprise. Understanding this pathway is crucial for early intervention and prevention efforts.
7. Russia operates under a "golden rule" protecting domestic cybercrime operations
Russian cybercriminals operate under an unwritten agreement: they can hack Western targets freely as long as they avoid attacking Russia or former Soviet states. This arrangement provides them with effective immunity from domestic law enforcement while allowing them to cause maximum damage internationally. The Revil ransomware gang operated for years under this protection until they accidentally targeted Russian interests.
Major attacks like Colonial Pipeline, which disrupted US fuel supplies and caused panic buying along the East Coast, demonstrate the real-world impact of this policy. Despite diplomatic efforts, including Biden's direct conversations with Putin about stopping these activities, the evidence suggests continued state tolerance for cybercriminals targeting Western infrastructure. The recent Solarwinds attack and others have raised questions about whether such incidents should trigger NATO's Article 5 mutual defense provisions.
8. Teenage hacking groups are systematically underestimated despite proven capabilities
Security researcher Allison Nixon coined the term "noob persistent threats" (NPTs) to describe teenage hacking groups that lack advanced technical skills but remain persistent and dangerous. These groups consistently surprise authorities with their ability to cause widespread damage, yet they continue to be underestimated by cybersecurity professionals and law enforcement. Every major incident involving teenage hackers generates shock about how "kids in bedrooms" could cause such disruption.
The underestimation stems partly from their poor operational security and apparent disregard for consequences. Unlike professional Russian cybercrime organizations that operate with sophisticated security measures, teenage groups often use their real voices when calling help desks and fail to properly disguise their online activities. However, their persistence and willingness to take risks that professional criminals wouldn't attempt makes them uniquely dangerous.
9. Quantum computing poses an existential threat to current encryption systems
"Q Day" refers to the anticipated moment when quantum computers become powerful enough to break current encryption standards, potentially rendering all existing digital security obsolete. Intelligence agencies are already implementing "harvest now, decrypt later" strategies, collecting encrypted communications today with the expectation of breaking them once quantum capabilities mature. High-level government communications that appear secure today could become readable in the future.
This threat extends beyond government communications to include all encrypted data, potentially affecting everything from personal banking to cryptocurrency security. The implications are so severe that some experts suggest all currently encrypted information should be considered potentially compromised in the future. Organizations must begin preparing post-quantum encryption methods to protect against this inevitable technological advancement.
10. Poor cybersecurity hiring practices create systemic vulnerabilities
The UK government's job posting for head of cybersecurity at the Treasury offering only £57,000 annually illustrates a critical problem in cybersecurity workforce management. This salary is far below private sector standards for equivalent positions, making it difficult to attract qualified professionals to protect the most critical government systems. The private sector consistently outcompetes government agencies for cybersecurity talent through significantly higher compensation packages.
Low public sector salaries create potential insider threats when underpaid employees with access to critical systems might be susceptible to corruption or recruitment by hostile actors. Recent incidents, including alleged insider involvement in cryptocurrency thefts at major platforms like Coinbase, demonstrate how inadequate compensation can become a security vulnerability. Protecting national infrastructure requires competitive compensation that can attract and retain top cybersecurity professionals in government positions.