UK's youngest hacker warns Jersey to be very careful

Thursday 11 May 2017

It's not so much the World Wide Web, as the "Wild Wild West" - and if you don't know what you are doing, it's like playing with a loaded gun. Cal Leeming, is the UK's youngest hacker and he's coming to Jersey to help the island take precautions against cyber crime.

The 29-year-old owner of a private cyber security firm, which has clients in Jersey, is giving a talk about the psychology of a hacker and the risks hacking represents for financial services businesses next month as part of a Jersey International Business School forum.

Mr Leeming started hacking at the age of 10 and owes his 'youngest hacker' title to a first conviction at the age of 12.  He used stolen identities to buy goods online until he got arrested at the age of 18 and served a 15-month prison sentence.

He told Express: "By the age of 18, I was deep into crime and I was doing a lot of hacking. The police officer involved in my case twisted my arm a little bit. He gave me an ultimatum saying that I could either hand myself in or it would get worse. He then helped me turn my life around. He got me a couple of references for jobs and he put me in front of some of the banks that I had hacked to help them secure their system."

11 years later, Mr Leeming is the owner of Lyons Leeming and he helps protect high net-worth individuals against cyber attacks. His company has clients all over the world including firms that manage wealth and family offices. 

Although it is the basis of his business, Mr Leeming admits that there is not much to be done to prevent some attacks and sometimes all you can do is "damage control."

He explains: "The bottom line is that you are probably going to get hacked at some point so be prepared. Even clients that pay us quite a bit of cash to protect them and even if they receive training and a constant 24/7, 365 day monitoring, some of them are still going to get breached. It is more about spotting when it happens and trying to stop it before it becomes an issue."

The 29-year-old CEO says the danger often lies in the way systems are built. He explains: "The internet is just a massively connected network and when you are using it you are effectively entering the Wild Wild West, it is a very dangerous place to be and that is not going to change anytime soon. This is where the problem lies, the technology we have right now tends to be used as a loaded gun.

"It will be a very long time before the Internet is a safe thing to use because technology, its architecture, the way the Internet and even computers are designed, all of it is fundamentally flawed from a security standpoint. We would have to see a technological revolution before that changes and I think we are at least 40 if not 60 years away from that."

The cyber security specialist says "It is going to be a very long time before the Internet is a safe place and a safe thing to use."

Another flaw in the system, according to the former hacker, is the lack of training. He says: "Some people don't know how to ensure they are not leaving any potential evidence online that could be used against them. There needs to be some changes in the way we teach technology in schools. It could be argued that you should only use something if you know the full extent and dangers of it and if you are able to use it properly, the same way you have got a driving license for a car. But that’s never going to happen, because we have got to a point where technology is deeply embedded within our lives.

 "Quite frankly the situation we have with technology at the moment is the blind leading the blind."

However, the cyber security specialist says that Google, Microsoft and other companies are trying to solve the problem. The firms are building technologies that will put safety measures in place to "...prevent people from shooting themselves with this loaded gun. But because of the way technology works, it is difficult to discern malicious activity from legitimate activity."

Another way out of the tunnel according to Mr Leeming is to encourage cyber security careers among young people. He says: "If there are people that cannot afford our services I tell them this: if you have kids that are really interested in technology,  you need to make sure that you nurture that, that you give them the opportunity to learn, to get trained, and to get themselves a good career inside the security. Then your child can be your security advisor."