Masked Actors
True crime meets cybercrime. Discover the people behind the keyboard.
From Ransomware-as-a-Service (RaaS) gangs to global financial crime syndicates, the rise of sophisticated cyber threats is reshaping the world. These aren’t lone hackers — they’re organized groups running multi-million dollar operations in the shadows.
In the Masked Actors podcast, cyber threat expert and former soldier turned hacker Gary Ruddell joins forces with Nick Palmer, a seasoned financial crime fighter, to investigate the top 10 most dangerous cybercriminal groups of 2025 — drawn from Group-IB’s High-Tech Crime Trends Report.
Each episode explores the tactics, motivations, and impact of major cybercrime groups, uncovering their role in the latest cybercrime, RaaS, and financial crime trends. You’ll learn how these actors exploit vulnerabilities, fuel geopolitical tension, and affect businesses and consumers alike.
Tune in to Masked Actors — and stay one step ahead of cybercrime.
Masked Actors
Joystick to Jailbreak: Exploring the Youth Cybercrime Pandemic
Forget everything you think you know about hackers. Today’s cybercriminals aren’t lurking in shadowy basements - they’re teenagers mastering cheat codes on Roblox, swapping tips on Discord, and using AI to launch attacks from their bedrooms.
Join Group-IB’s Gary Ruddell and Nick Palmer as they sit down with Fergus Hay, CEO and co-founder of The Hacking Games, to explore how cybercrime is becoming more accessible than ever. They dive into the rise of Ransomware-as-a-Service (RaaS), the impact of generative AI, and why the next wave of ethical hackers should be recruited from gaming platforms..
This episode unpacks the motivations driving young hackers, the pathway from gaming to cybercrime, and the urgent need to rethink how we recruit and inspire the next generation of cybersecurity defenders.
By understanding how threat actors think and operate, you can better anticipate threats and protect yourself in an increasingly hostile digital world.
Subscribe to Masked Actors now — and stay one step ahead in the fight against cybercrime.
FOLLOW GROUP-IB
Group-IB Threat Intelligence on X: https://www.x.com/GroupIB_TI
Group-IB on X: https://www.x.com/GroupIB
Group-IB on LinkedIn: / group-ib
Group-IB on Facebook: / groupibhq
Group-IB on Instagram: / groupibhq
Meet Group-IB's top 10 Masked Actors here - and stay one step ahead in the fight against cybercrime.
When most people picture a hacker, they imagine a faceless figure in a hoodie. But in reality, cybercriminals are real people running real businesses, often chasing profits and modding video games. From playing Capture the Flag to finding Roblox cheat codes, from jailbreaking IA models for fun to leaking six and a half million co-op customers' stolen data, the evidence shows that the next generation of hackers aren't getting their training in IT position They're learning in their teenage bedrooms, hacking for fun. They have the skills. The question is who they'll choose to use them for. Will they decide to break the law or build better, smarter systems? Nick, we've seen this trend in recent arrests related to UK retail hacks with the suspected scatter spider affiliates aging from 17 to 20 years of age. I'm sure a lot of people are shocked by this, but is this uncommon?
Nick Palmer:No, it's not uncommon at all. And I think you You know, the recent arrests and shockingly young picture of the individual that caused disruption to a lot of people in the UK is shocking, but it's actually not a shocking statistic. You know, a lot of young individuals are leaning towards different opportunities that exist, whether they're in the good space or in the bad space. And I think it's, you know, up to us and some of our listeners to encourage young people to use their skills for good and make it exciting to do so. In fact, when you look at Europol's study, they do some studies and found that 69% of children have committed a cyber misdemeanor, which I think that is a shocking statistic, right? The average age of cybercrime conviction for them is 19. So I think we have to really pay attention to our youth and help them to understand the opportunities that exist for using their skills for good versus bad.
Gary Ruddell:69%, that's crazy. So if you have three kids, two of them statistically have committed some sort of cyber misdemeanor. That's wild. But we're very lucky today because we have an expert who is incredibly passionate about addressing this particular problem at its root cause. We're joined today by Fergus Hay. He is the founder and CEO of The Hacking Games. Fergus, welcome to the podcast. Can you give us a quick overview about what you do?
Fergus Hay:Well, guys, first of all, thank you so much for the invite. I think when you're referring to those kids, I think like they're in my house, actually. They're my kids at the moment. Yeah, so we created the Hacking Games a couple of years ago. The vision is to create a generation of ethical hackers to make the world safer. But in its most simplistic fashion, we're trying to redirect kids from committing cybercrime and redirect them into a career in cybersecurity and make society and governments and private enterprise a safer place to be. So if you are a... A company or government who is looking for the next wave of unconventional Gen Z hacking talent, reach out, join our design partner program. We'll get involved with our model as we calibrate it to suit your needs. And you can get the first wave of talent. You can join some amazing companies that are already on board. If you are a security company and you want to showcase your security credentials to your customers and your investors and your market, get in touch. We're doing amazing brand partnerships with the likes of the co-op and a whole host of other companies that will be announced soon. So we've got a great media platform. We're making amazing content. We need your partnership and support to do it, to inspire the next gen. And then if you want to learn more about how this generation can help you, get in touch. You know, we've got a wealth of insight and knowledge and research. We want to share it. We want to get the message out. You'll see us at every single conference at the moment. We seem to be invited, so that's great. And, you know, our job is to create a generation of ethical hackers to make the world safer. So we can't do it on our own. It takes a village. Super big cliche. But we will be the point of the spear, but we need companies and government support to do so.
Nick Palmer:So tell us a little bit about your journey to cybersecurity. How did you get into it? Is it traditional?
Fergus Hay:Well, a bit like a kind of blind, drunk toddler, basically. I mean, I have zero credibility to be in this world. I'm not a hacker. I'm not from cybersecurity. I'm not technical. But I am a kind of parent, kind of driven by increasing paranoia. And it really started about two years ago. My now co-founder, my then friend, darn dear, he's still a friend, by the way, who's a cybersecurity entrepreneur, 25 years in the industry, you know, set up and sold a bunch of companies. He said, hey, look, I want you to come and meet some hackers. And at the time I was, you know, associated with a bunch of venture capitalist funds and looking for interesting things to invest in. So I turned up, turned up to a windowless meeting room in Amsterdam. And I walked in and there were three hackers in the room and three hackers in the room. on the phone. And I walked out about three hours later, just totally aghast, completely shocked. And I got on a plane that afternoon and I flew from Amsterdam to Zurich, which is one of the most beautiful flights you can take. You fly over the steepest part of the Alps. Everyone has their noses to the window and it's like, oh, Toblerone, but in 5D. And there was just like one unbelievably anxious person on the other side of the plane hammering away at my laptop. And I wrote this kind of pretty incoherent, incomprehensible text two-page panic mission statement. Basically, to quote your stats earlier, Nick, about the kind of shocking youth profile of cyber criminals, basically saying, we've got to do something about this. Why is the world not talking about this? I was shocked to hear the stats, and I got them verified by our partners in law enforcement, and it just amazed me that, you know, the average kid, it's not niche, it's like the average kid is hacking, and they're not committing crimes from, like, the streets at midnight on a Saturday night. They're doing it from their bedrooms in predominantly suburban houses. And that just shocked me. So it was a life mission. I landed, I remember, in Zurich, and I called Dan, and I said, we've got to do this. I don't know what it is we're going to do, but we're going to do this. And then fast forward two years, and we are where we are today.
Nick Palmer:I have a feeling after this podcast, I'm going to be restricting even more of my child's access to Roblox and Minecraft.
Fergus Hay:Straightjacket is absolutely fine, by the way. You know, it may reach some sort of human rights convention, but it does keep them off the hacking sites.
Gary Ruddell:Fergus, what attracts people, you know, young people into cybercrime? What is it that's doing it?
Fergus Hay:Well, look, I mean, it's the base of human curiosity and creativity. You know, I think the myth is that like hackers are these kind of hoodies up, no face, matrix in the background, hammering away at a keyboard. I think that's a really, really like sexy media proposition for cyber criminals and it is true of a certain type but actually hacking really hacking is a mindset it's problem solving it's the baselines of human curiosity there's a great guy called Jeff Mann who is the founder of the NSA's red team and he's a bit of a guru and I had a delight to spend a bunch of time with him and I said well Jeff you must be super technical and he said I'm not technical at all he said I'm a puzzle solver and when he grew up he played with wooden cubes and metal puzzles. And that's what he did with his dad. And he said, hacking is problem solving and puzzle solving. And when you really look at it, you go, well, okay, take an entity, take a thing, break it down into its component parts, understand what's vulnerable and what's not, reconstitute them for an alternative use, build them into something better. That is the basis of human creativity. Without that hacking mindset, we would be riding horses to work. We'd be reading by candlelight or heating ourselves by coal. So I think that's the the The base pursuit is curiosity, problem solving, boundary testing. That's what has always got humans at a very young age interested in stuff.
Gary Ruddell:Can you give me a couple of examples of real cases, just to sort of knock it home for the listener? What sort of things cross your desk in this world?
Fergus Hay:Yeah, well, we'll start with the lightly digestible. There's a kid we're going to call B. When he was 12 years old, he hacked Roblox, found an exploit, and he got a hold of a bunch of tokens. Now, Roblox you'll be familiar with, 79.5 million kids a day play Roblox. Just to put that into perspective, the most watched piece of TV in the world is the Super Bowl. It happens once a year, six hours of painstaking patience, and 120 million people watch it. So a day and a half of Roblox, just to put it into perspective. So B was playing Roblox. He found an exploit. He hacked it, and he got a whole load of tokens that hadn't been released. So high perceived value. And he sold them on the secondary market. And in one day, aged 12 years old, He made $35,000. And then he took that money and he put it into Bitcoin. And 18 months later, it was in a wallet worth about $400,000. And his parents only found out because he came up to them and said, at what point should I start paying tax? Maybe he
Gary Ruddell:could do something with the economy. That'd be great.
Fergus Hay:Well, it'd be awesome. He's a good contributor. By the way, the answer for anyone listening who's now freaking out about what little John or Jane is doing upstairs is $6,000 in the US for a miner. That's the tax threshold. So Benjamin works for us now um he just did an internship he's 15 uh amazingly talented brilliant kid unconventional mind um and he's going down the right path um we've got another kid called dylan uh this is in the public domain uh when he was 12 uh it was during covid and his high school wouldn't let him use uh teams so none of his classmates could use teams so they were going stir crazy at home driving everyone mad i personally still have ptsd from that period and he uh and so he thought well the only way to solve that is to hack Microsoft. So Dylan hacked Microsoft, opened up Teams for two and a half weeks so all of his friends and actually a wider community could use it. He got hooked by the FBI and they referred the case to Microsoft and said, what do you want to do? Do you want to prosecute him? And to Microsoft's great credit, they didn't prosecute him. They gave him a job. And last year at Black Hat Vegas, he won bug bounty of the year at Microsoft. And you can imagine, I don't know what the exact numbers are, but you You know, it's a very significant amount of income he would have made at the age of 15 legitimately. And he's a great example of, again, a kid gone good. But then there's the other side. There's the less celebrated stories where the great talent has gone down the wrong side. So you'll be familiar with Gary McKinnon. Gary was a gamer, British teen gamer, neurodivergent. At 12 years old, he's playing games, hacking games, breaking stuff. He gets lured in or fell into the wrong communities online and the hacking communities. And by the age of 16, he committed the largest military hack in CIA history. So he's now in an extradition battle between the UK and the US, and it's probably not going to end up well for him. I think even more sinister is obviously the big stories about Julius, the Finnish hacker who hacked the mental health platform and leaked records of hundreds of thousands of patients with their most intimate secrets and that caused suicides and deaths, etc., But I think where it gets really, really sinister is the story of Junaid Hussain. Junaid again was a British teenager from the Midlands, also neurodivergent, autistic. Brilliant, absolutely brilliant. At 11 years old, he was already hacking and breaking games and creating his own mods. By about 12, he had been kind of identified online by the cyber gangs. By 13, he was being put to use to create lots of value for the cyber criminals. By 14, he had been identified by ISIS. By 15, he was radicalized. By 16, he had... moved to Syria and was their head of misinformation and disinformation online. And at the age of 19, he was killed by a US drone strike targeted just for him. Now, the really sad story about Junaid, and we have community members who knew him really well and also who know Julius, what they would say is Julius was a psychopath. We knew Julius was a psychopath. We knew online the way he behaved that he was psychotic. Junaid was an unbelievably sweet, vulnerable kid who was autistic, the kind of kid who you could say, put your hand on the fire and see if it's hot or not. And he was manipulated and groomed to the most appalling levels. The reason why that's a really important story is that the convergence of neurodivergent minds and hacking is really tight. Winston Churchill created the corkscrew mind strategy and got Alan Turing and a bunch of brilliant autistic mathematicians and physicians to put into Bletchley Park to solve the Enigma code, there is a really amazing correlation between puzzle-solving neurodivergent minds and hacking. But there's also vulnerability there. And unfortunately, these kids are finding their pathways in gaming online. That's actually good. That's developing skills. But it means they're highly exposed to manipulation. And Junaid and Gary, both examples of victims of that.
Gary Ruddell:Crazy, crazy stories. I didn't know half of those stories. That's wild. Thanks very much for sharing that. And yeah, a real shame that, you know, someone died. And that's just one. I'm sure there's many more. I mean, what makes cybercrime, you know, a lot more accessible to young people these days? Is it, you know, TikTok, YouTube? What's the, you know, how does that work?
Fergus Hay:Well, I think there's a couple of different answers to that. It used to be really hard, didn't it? Like, when you were hacking, it was hard. You had to be really bright. You have probably had to build a computer. You have to source parts. I mean, Chris Weisopal, Wellpond, who's the, you know, founder of loft and the founder of Veracode. He's on our board. You know, he regales me with delight of stories of them doing, um, uh, what do you call it? Uh, uh, bin diving, uh, uh, trash diving where you go to the, the dustbins and find old bits of thrown away computers in order to build your own supercomputer set. Um, so it was really hard and you have to be brilliant and challenging and persistent. Um, But now it's really easy, right? Google will give you the tools. YouTube will teach you. TikTok will inspire you to live a life beyond your wildest dreams. And the Discord will find you your community. So the barrier to entry for kids is really zero. On top of that, gaming is a live laboratory. You know, the people are practicing as kids. And if you look at the numbers, there are 3.2 billion gamers in the world. There are 3.5 billion soccer or football fans, just to put that in perspective. 93% of... NZ game. They spend on average 50 minutes, 30 minutes a day on Instagram, 80 minutes a day on TikTok, 114 minutes a day on gaming. In fact, the Times published data yesterday to say that British male teenagers are spending more time gaming than they are doing homework. So what you've got is like a live laboratory of testing, experimenting, hacking, modding, breaking games, breaking each other, dosing each other, doxing each other, creating aimbots. And that is like few this ability and it's rewarded all the time with XP points and promotions and competitions. So you're kind of engendering this behavior and legitimizing it. I think in a way it's brilliant because they're developing great skills, but where it becomes really difficult is that the crime of cyber, as Nick knows better than anyone, is very dislocated. You know, if I'm going to walk down the street and try to mug Nick, first of all, I think he's built like an athlete, so I'd say I'm unlikely to do it. But secondarily, for For me to get out a knife and put it in his ribs to take his wallet, it takes an awful lot. That's a major barrier. But on cybercrime, you don't see the victim. You don't feel the pain. And so it's much easier to persuade yourself that it's just an extension of your gaming behavior. I mean, Nick, what do you think? I mean, you've lived that in that world.
Nick Palmer:Yeah, I think that individuals can... cross the chasm of what is good and what is bad very, very easily. And I think the line between, like you said, modding and hacking is very minuscule, right? So I think it happens at a young age, step by step, stage by stage. And eventually, you know, you're moving from leveling up in different games, maybe finding additional ways to speed your progress along to thinking about whether you could access a different bank account or look for a vulnerability in a website and you know if the repercussions of those actions aren't tangible for the individual, it becomes almost like a victimless crime. And I think a lot of young individuals who are incredibly talented on the computer and with different services that exist for crime as a service, it becomes very easy for these individuals to test the boundaries. And if there aren't those repercussions or visible punishment, if I do so, I may venture across if I don't know what they are, right?
Fergus Hay:But I still have faith in the human code. It's so interesting. So what the data shows from law enforcement, and you'll know this, is that the vast majority of kid hackers are not criminally minded. And in fact, if you look at the repeat offender rate in jail for serious crime, it's 75%. That's US data. So 75% of incarcerated people will end up back in there for serious crime. The repeat offender rate for cybercrime is 20%. That's really interesting, isn't it? What does that show you? It takes a lot to be a serious criminal. It doesn't take a lot to be a cyber criminal. And ergo, there's lots of people who fall into it who are not naturally criminally minded. So I have faith in the base human code. And the example story of that I'll give you is Marcus Hutchins. So you'll be familiar with Marcus. Wired magazine called him the hacker who saved the internet. And Marcus is part of the hacking games. He's on our advisory board and amazing guy. And if you don't know his story, it's relatively apocryphal. You know, there was the WannaCry virus that hit the world. It was the first global computer virus. It was seeded by the North Koreans. And it took down hospital systems in 25 different countries. And it started in the UK, actually. Like, we went down hard and, you know, people couldn't get processed. You couldn't get operations. You couldn't get meds. People, you know, couldn't get looked after in A&E or ER. And so it was a really big deal. Probably the first people attributed to death from a cyber attack. And it was solved by Marcus. Marcus, who was kicked out of school at 14, who's a kind of neurodivergent mixed race kid living in the West country in the UK, which was kind of the outback, basically. And he's a surfer, you know, but he found the kill switch. And the interesting thing about Marcus is, and his story is a story well told, so I'm not giving you anything original here, but he became the hacker who saved the internet front cover of Wired magazine, all the media all over the world not letting him go, profiled as a hero. Great. He was flown to DEFCON and Black Hat to give speeches and he got hooked by the FBI. And it was like, oh, you want me to tell you how clever I am? And they were like, no, Marcus, when you were 13 years old, you wrote some malware that's been used for serious financial crime and you are going down. And he got a 10-year jail sentence that was commuted down to time served because the judge said look, you're an inspiration and an example of how you can be a bad kid and then go to be a good kid. Now, Marcus will tell you that his Lazarus moment, his moment where the ethical fork in the road, he knew he was writing malware that was being used for malpractice. He knew that it was hurting people, but he didn't see it. But it was when he was asked to QA some of his code. And the guys who were using him said, Marcus, your code isn't working or someone's struggling to use it. Can you just go onto the system and and interrogate it. And he went on and he saw the live case. And the live case was that his software was being used to steal a pensioner in Florida's life savings. And that was his moment. That was his moment. And that's when he stopped.
Gary Ruddell:That's crazy, isn't it? Yeah. I mean, such a polarizing story, Marcus's story, especially with, you know, solving the biggest cyber attack on earth, basically at that point in time to then, you know, being arrested. I remember all that happening. Um, and I've read the word article, fantastic piece on him that you talked about, you know, the gaming side of things and like Roblox and that, what does that journey look like for a person? You know, you, you know, my kids, they'll probably play Roblox or Minecraft or something. at some stage, talk me through that journey from signing up to ending up being a cyber criminal.
Fergus Hay:Yeah, I mean, they should, by the way, not be a cyber criminal, but they should play the game. That's not the purpose of this podcast, right? No, so I think you've got to start with understanding why gaming, right? So the overlap between gaming and hacking is 100%. every hacker is a gamer. Not every gamer makes it as a hacker, but every hacker is a gamer. And that's because it's problem-solving at rapid scale, incredibly dynamic, super competitive, and super accessible. So the message is celebrate gaming. If your kid is in their bedroom playing Fortnite, don't pull your hair out because the feckless kid is not doing his homework and is only playing Fortnite. Actually realize that he's developing incredible skills in that gaming environment. And there's some research published by our Chief Products Officer, John Madeline, along alongside two different universities that has done an analysis of the core competence skills that, first of all, a performative gamer makes across 100 different games, including League of Legends, World of Warcraft, Sims, GrowGarden, you know, the whole gamut of what skills they're developing as a player and how they correlate to a cybersecurity career. But then most interestingly, what are the modifications they're creating for the games and how that correlates to cybersecurity skills. For example, if you're creating an aim on a Call of Duty or Fortnite, that is a precursor to memory injection and MITIPS. If you are doxing each other online to get a competitive advantage, that's the precursor for DDoSing. Big analysis, you know, you're welcome to come and contact us and we can share it with you. So gaming is a lead-in. Now, the guys who worked that out, by the way, are the cybercriminal gangs. They're the guys who, as the head of the dark web at Europol showed us, they're the ones who are cruising the gaming platforms, identifying kids who are... modding games and hacking games and then grooming them as operatives. So that's the breeding ground. So the journey is actually, this is a bit of thinking produced by the Prevent guys. So Prevent is a collection of law enforcement agencies around the world who have come together to prevent kids from falling into cybercrime. So it's organized by Interpol and Europol and 200 law agencies around the world working together. And what it shows you is a journey. And the journey is that, sadly, Hardware adoption is now starting at four years old. So you only need to walk into your local Italian restaurant on a Sunday lunchtime and you'll see families there and the kids have just got, you know, face planted into, they used to be face planted into a bowl of spaghetti, but now it's just face planted into an iPad. So hardware adoption starts early. And of course, everyone's playing solo games. The journey then is into playing online games with others. Then the journey is into looking for cheat codes in order to get upgrades in the game because mum and dad won't give me the money that I want. That's not legal. And then it's looking for modifications. And the journey is normally, ah, I've been taken out of a game by a competitor. How's he done that? Oh, I'm going to work it out. Oh, I found out there's this modification world. Oh, I can pay for mods. And then actually I can create mods myself and then make money out of mods. So now you're in a nefarious space. And by doing that, you're already falling into Discord communities that are talking about modifications and it is a very easy leap to go from like hacking each other's gaming accounts to hacking each other's crypto accounts and that's the journey and then you're falling into lots of different directions into um you know lots of different types of cyber crime from you know enterprise crime to to crypto heist to individual social engineering pieces and you're basically the minute you're in modification world and you're on mod forums you are on the radar of that of the of the cyber gangs um so so that's the journey
Nick Palmer:so for Fergus, I know it's, you know, really interesting. And thank you for kind of going through the synopsis of how an individual ends up from being a typical gamer to a modder to crossing that chasm of becoming a cyber criminal. I think it's, you know, really interesting when they slip into that area of cyber crime, whether it be, you know, a Discord group or Reddit channel, all of these skills of that individual become readily available to a cyber criminal. You know, if you look at where someone can go after, you know, a gaming site, et cetera, it could be the dark web, it could be telegram for all of these crime as a service tools that exist for someone who, you know, may not be able to build a computer themselves, but have an inept ability to solve a puzzle. Then they've really slipped down that path to committing these crimes, but most importantly, becoming visible to these cybercriminal groups. You know, once they're able to set up a phishing site, collect credentials, be successful at taking over an account, it doesn't become a far stretch for them to see an advertisement for Ransomware as a service group and become an affiliate, and then maybe taking down the next Metro or Costco or something like that. So there's no food on the table for individuals. So Yeah, super interesting, and thanks for sharing that.
Fergus Hay:But Nick, I think what's amazing for me as a layperson was how sophisticated the recruitment process is of these cyber gangs. I mean, they have HR departments. I mean, it's incredible. So what have you seen in that space? I mean, how organized is it?
Nick Palmer:Oh, it's super organized, excuse me. I think when you comment about how they can go into Discord groups about modding games and things like this, this is where the cyber criminal are going to have that early on talent and you know we as defenders hacking games are targeting these individuals at the early stages. You know, cyber criminals, they are operating as a business, right? They're only going to do what is most profitable and the highest return on their investment. So they need to scale their operations and have the best talent, just like the good guys do. And to do that, they're going to the source, you know, where people are looking for different tools, like how do I develop phishing websites? And that may not be on, you dark web form that's super hard to reach. It may be advertised on Instagram about, look at my lifestyle and how great I am, and you could be like that too, and join our group here, right? So these cybercriminals are highly organized, like a business, and they're scaling their HR practices, quite frankly, a lot better than the good guys at this stage.
Fergus Hay:I mean, that's exactly what we've come across. And I'm not going to share it because people shouldn't see it, but the There's a TikTok channel that is creating grime videos. So like, you know, like American rap, but our equivalent in the UK is grime. And celebrating how to hack ATMs, how to social engineer people's bank accounts. Like they are doing the oldest trick in the book, which is to use popular culture and cool content to sell a product and a service and a lifestyle. You know, and they're really good at it. You know, compare that to the government's anti-cybercrime initiatives. I mean, you know, I think the last thing I saw was like an animated cartoon at the Super Bowl. I'm just like, I don't think that is dad on the dance floor right there. So yeah, I mean, they're super organized.
Nick Palmer:Anecdotally, I was doing some research about different fraud cases that were existing not too long ago connected to like fake receipt generation. And I was doing some research on that, you know, searching fake receipt generation, etc. Later on that evening, Low and behold on my stories is someone going into a Best Buy with a Lego and a receipt getting money as he comes back out to his car on the story. It starts to tell you like, you know, knockoff product, fake receipt generated. Now I'm $80 in profit from, you know, $10 spent on this fake Lego, right? So it's organized. It's advertised.
Fergus Hay:Yeah.
Nick Palmer:Me searching that, right?
Fergus Hay:Well, luckily the social media platforms are really responsible and highly incentivized to stop bad stuff flying around their platforms.
Gary Ruddell:Yeah, right. Those are the good guys, right? Put it into perspective for us. How big an issue is it if, you know, 69% of kids are out there doing cybercrime?
Fergus Hay:Yeah, well, let's look at the numbers from the top down. So data this year shows that the global cost of cybercrime is $10.5 trillion. That's the global cost of COVID, according to the IMF. Last year, it was 8 trillion. It's forecasted in two years' time to be 23.8 trillion. I don't know if that number is accurate or not. Who knows the forecast? If it is accurate, that is the GDP of the United States. If it was a country, it would be the third largest country in the world. I don't know what it is. Right? I mean, it's unbelievable. So, you know, talk about compound annual growth rate. I mean, it's absolutely shocking. And then you look at the numbers and, you know, Nick had them at the beginning. The Europol research paper was by Julia Davidson from the University of East London. 14,000 teenagers interviewed across Europe and the UK. And 69% committed a cybercrime or a gross cyber misdemeanor. Now, The threshold of that in Europe is pretty low because of our regulations, but it just gives you an idea of the volumes of it. So, you know, I think to your point, Nick, it's like if you've got three kids, two of them are hackers. Well, two of them are committing cyber crimes. Of course, they're not all going all the way, but the volumes are unreal. And probably the best way to describe it is that the four perpetrators were arrested for the hack of Co-op, which supposedly scattered Spider Co-op is a huge retailer in the UK. It's like the largest retailer in the UK. So they hacked Harrods, Co-op, and Marks & Spencers. And they reportedly have hacked Jaguar Land Rover, but that's, you know, unverified. And the four people who were arrested for the first set of hacks were aged 17, 19, 20, and 20. So I think you can connote that the volume is enormous of kids doing the hacking. We know that, for example, we're rolling out a program in the UK with the co-op to 20,000 school kids. And when we spoke to the head of computer science for this network of schools, he assured me that every single one of his kids are hacking. Every single one of them. The first question they ask when they walk in is, what am I hacking today, sir? And they're engaged, you know, really into it. I guess that's a good thing. So I think it's undoubtable the scale of the problem, but it's also an amazing opportunity. And I think that's our motivator. You know, if you take the fact that they're not naturally criminally minded, you've got a generation of talent here, guys, that is unbelievable. You know, they hack differently. They're built differently. They learn differently. You know, they're developing their skills in the live laboratory of gaming every single day in a that, you know, your generation, my generation, you had to work pretty hard to develop these skills. Now it's really happening fast. And if we can identify them and if we can provide a legitimate pathway to see their skills, make them from invisible to visible, show them that there's a career path for them, show them they can fight bad guys, they can get paid well, they can have careers they could never imagine, then I think you've got an entire untapped generational talent that can make the world safer. And I think, you know, we can talk about the problems I think it's really cool to talk about the solution because there is a solution here.
Gary Ruddell:I mean, you know, Group-IB hires people all the time. Our Slack channel is very much alive and you get to see the picture of the new person that's joined that day. And there's a lot of people joining every week for sure. But, you know, these people you're talking about here, they're kids, right? So they're not going to be on LinkedIn with their little resume. So, I mean, where do we find them? Do I get like Nick and me to go and join a roblox server and go hey guys want to work with
Fergus Hay:us i might get you in trouble so let's frame the profile um we say kids but they're 12 to 27 year olds um so uh you know we're talking about 16 year old plus basically um but also most importantly they're unconventional minds you know the age thing is a it's the way the world segments demographics but i think more interestingly is how people think the unconventional And there is a correlation between the more unconventional mind and the less mainstream you are, so the less visible you are. So I think the industry has got a labour deficit problem. It's published at 4.8 million unfilled jobs. Not sure if that's true, but it's certainly a lot. There's certainly a skills deficit problem. But what we hear from CISOs, from the tech companies, from the defence industry, from the governments, is that they're under attack every day by hundreds of people. hostile, creative, antagonistic enemies, criminals. And the talent they've got, predominantly really talented, but can be quite conventional, often gone to university, have done government compliance certificates, have got years' experience as a SOC analyst, really, really capable, but not really equipped to think like the bad guys, and certainly not the Gen Z hackers who are 19 years old, who are trained, learned, built, hacked differently. And so it's been described to me as an asymmetric war. It's an unfair balance. So what we're being asked to do is find unconventional talent but as you rightly said where you're not going to find them is on linkedin and they're not going to write you a resume and if they have written a resume it's going to be written by chat gbt and they'll probably be read by chat gbt so it's just like two ghosts talking to each other and they're not going to probably be at university to be honest you know they they're more likely to be dropping out of school at 16 or um finding quite manual jobs because they don't fit corporate culture so i think you've got to change how you evaluate people and we have this conversation a lot with the recruitment divisions because you know they're spotting the wrong things so what I'm looking at is not whether they've done compliance certificates I'm looking at what their performance is on Call of Duty I'm looking at how progressed are they in the Stanley Parable like how good are they at chess then we're looking at their modification software they've created for those games to get an idea of their real world experience how many times have you heard that entry level people can't get a job because they haven't got real-world experience, right? What is more real world? Studying computer science for three years in a lecture theater or spending six, seven years hacking games, developing modifications yourself, finding penetrations. The reality is these guys have got way more real world experience than the people who are interviewing them, but we're not evaluating it. And that's what our approach is. We build a tech platform called Hapti, the hacking aptitude AI platform that builds a full aptitude profile of this generation by looking at their performance across a hundred different games, looking at their modifications of those games, looking at their vulnerability disclosures, their performance on bug bounties and CTFs. And then we have a psychometric model that we've developed with Mark Loftus, who's an MPhil from Oxford University, who has developed a psychometric model to look at the levels of neurodivergence in this talent. So we can build a whole profile of their aptitude as a hacker based on their unconventional data inputs. And we think that will give you the best picture of the talent.
Nick Palmer:Super excited to see what this looks like. I think it's going to be an absolutely incredible database of the best upcoming mines in the
Fergus Hay:future. Nick, can we profile you? Can we profile you?
Nick Palmer:You haven't sent me my test.
Fergus Hay:Oh, okay. I'm going to put both of you guys. I'm going to need one. I'm going to
Nick Palmer:need a Christian at Call of Duty, but not
Fergus Hay:anymore. Once a gamer, always a gamer. We're putting you both on. Can you publish it, actually? We're going to do your have-to-buy profile, then you guys can publish it. How do you match against each other? And more importantly, how do you compare de Marco Liberale, our 13-year-old savant at the
Nick Palmer:Glacier. He's going to be safely the savant afterwards, I believe.
Fergus Hay:Yeah, I think so. And how does Group-IB find this amazing talent?
Nick Palmer:So we do a lot of work with local universities. So in every place that we have one of these digital crime resistance centers, you know, we're often, I don't know if I should say donating, but supplying our technology to different universities. So deploying our network security solutions so that the students at these schools can use them to say, okay, we have malware that entered our mail system. It infected this endpoint. What do we do now? And we also have an education and training division. So we devote our curriculum to a lot of the professors there. So, you know, they really learn real hands-on experiences of, you know, what do we do when something infects a computer? How do we better protect our network? So we find a lot of talent to That way we also have a good stream of internship programs at Group-IB. So a lot of people start as interns.
Fergus Hay:We need more Group-IBs in the world. And you haven't paid me to say that, by the way. I mean, that is actually true. Because I'll give you a counter argument to that. There's an amazing lady in our team. I'm going to name her. Lorne Rowlandson. Remember the name. She's just insanely talented. I mean, that's like generationally talented. And she was picked up by the UK cyber first program when she was 14. Right. So they run these national programs. They do outreach to communities and schools to try to inspire young people to consider cybersecurity government funded program. So she gets picked up by that. And then she gets picked for a bursary. And what that means is they fund her to go through university. And she got to Oxford and she studied computer science and philosophy. What an amazing mix of a degree. She is unconventional minded, incredibly talented, but she could not get a job. She could not get a job. Oxford, top degree, computer science, government picked, paid by the Cyber First program. You know, you couldn't think of a more like, who's going to get the job out of this group? It's obviously going to be her. And in the end, it was because the processing of jobs was not suited to her you know she's not someone who can sell herself on a resume she couldn't think of anything worse than to try to do that she's you know she's not someone who's going to enjoy doing a team's interview you know or now even doing an interview with like an AI avatar like that is not that is the only way she got a job is I sat next to her partner at a dinner and he is tenacious to say the least and he would not leave me alone until I met Lorne for a coffee and I basically did it just for like peace of mind Yeah, it's just like, God, oh my God, leave me alone. And I met her and he was there as well. Like he just pop a dog with a bone, Anton, by the way, good, great guy. And she was incredible. And now she's, you know, an amazing talent. So the challenge in all of that is that how can we replicate what Group-IB is doing for the industry to identify this brilliant talent?
Nick Palmer:It seems like we might've found a way. Well, I hope so. So Gary, I know my journey into cybersecurity was untraditional, but I know yours was as well. So put yourself out there too and tell us how you got into cybersecurity.
Gary Ruddell:Well, it wasn't for love, but I guess I watched the movie Hackers when I was a kid, the Angelina Jolie and Johnny Lee Miller movie. And it was really cool. I really liked the music and the sort of the vibe of, you know, that world, even though the hacking that was on the screen was like, ridiculous it looked like some sort of windows screensaver from you know the early 2000s um And then I kind of, you know, forgot about it back then, you know, I was only 10 years old or whatever. So, you know, phones didn't exist in the way they do today. The internet didn't exist in the way it did today. We didn't have YouTube or anything. So, uh, you know, uh, I would never have thought let's get down the library. And get some books on C++, and then be so good at it that you actually break it and learn to hack, you know, that never would have crossed my mind. But nonetheless, then I, when I was a kid, like when I was four, I did martial arts when I I was 13. I joined the army cadets. I did my A-levels, which is like your sort of 17, 18 years of age exams that you do in the UK that sort of set you up for uni. But I did terribly. I got like two Ds and an E. I got an E in computers, right? Not very bright. Yeah, I got an E in computers and now I can hack computers and I use computers every day to do pretty cool things. So like, what does that tell you? Take that
Nick Palmer:standardized test, huh?
Gary Ruddell:Yeah, yeah. So I didn't really know what I wanted to do. And I'm Northern Irish as well. So like, you know, I wasn't going to go to Oxford or Cambridge or any of these, you know, fancy interesting places. And it was just, it was just different whenever I was growing up compared to what uni is now. You know, when I was going to go to uni, it was only from other people. You heard about like what uni was like, as we're nowadays, you're on TikTok and you get to see kids go into uni and it's really sold to you. So I just wasn't sold on the whole thing to be honest, I'm still really not sold on it unless it's for a very good reason. But I ended up joining the military. So I did four years with the Royal Navy doing communications work with lots of computers with my nice E in A levels at computers. And then after a few years there, I went over to army intelligence, did Afghanistan, all that sort of stuff. And it was at the end of my sort of career in the military. I heard about these guys that were doing some hacking stuff and I asked you know could I do that because I was this I was the geeky one right I was the one that sort of ran our local network and managed all of our data and things like that in the place that I was within military intelligence so I was a sort of resident computer whiz kid but I wasn't eligible to go and do that sort of hacky stuff because it was just sort of older more senior people testing playing with things so I kind of forgot about it to be honest To be honest, fast forward a few years, I was in Nationwide where I worked as a risk analyst. Nationwide is like a big, big UK-wide financial institution. And someone mentioned this, we were talking about TV shows, someone mentioned this TV show, Mr. Robot. I went and watched it. I was like, I love movies and TV shows, right? And Mr. Robot has an amazing soundtrack, unbelievable acting, you know, beautifully shot. So I was sort of hooked. I was like, this is a really cool show because it doesn't show what you saw in Hackers, the sort of screensavery stuff. It actually shows real hacking. But this time, YouTube exists. So my curiosity was back. And bearing in mind, I thought about this stuff when I was in the military. So yeah, I started going on YouTube, ended up finding Hack the Box, downloaded Kali Linux. eventually got a job doing cyber threat intelligence because I was in military intelligence. I can very easily communicate the threat to senior management about cyber threats without saying mm and ah too many times. Plus, I'm actually hands-on keyboard technical enough to do some level of hacking. I'm not a 13-year-old savant that can just do it. I have to be taught. And I'm not a gifted programmer at all. Eventually, I did my OSCP, which is a pretty challenging two day long exam. Yeah, so that was kind of my journey into this. I ended up running CTI teams for some of the big banks in Singapore and then back here in the UK remotely. Here
Fergus Hay:is at the time a kid who's clearly super bright, super talented, clearly mainstream education is not working for you, right? Clearly like assessments like A-levels are not assessing you. that they're actually reducing you, not, not, not even assessing. And you had to find your pathway out of the kind of conventional academic system. And, and you found it through, you know, the Navy and what those, which is amazing apprenticeship, isn't it? Yeah. Going into the armed forces. And, and then you, through your own curiosity, you had your peaks and troughs. But what I heard is two things there. I heard that there was moments of like cut through popular culture that, let you dream, right? And grabbed your attention and showed you role models. If I, if I'm a hacker, do I get to hang out with Angelina Jolie? I mean, is that what I heard? That must be the answer. Um, but it shows you the power of media and, um, and that you're so right because, you know, in the end, their society is punctuated by cut through storytelling that creates aspiration. And of course, like let's go back to Top Gun, right? What happened when the original Top Gun came out? You got a 500% increase in applications to the US Navy by a bunch of lunatics, by all accounts, but you got a big increase. Look at the Queen's Gambit, you know, the Netflix show about chess. It drove like 500% increase in purchase of chess books. You know, it was like, we drove loads of women into, um, into playing chess chess.com crashed because of the overload um look at um in the UK it's a UK reference but Mr. Bates vs. the Post Office um this is an amazing story where postmasters in the UK were being prosecuted for fraud by the UK government basically by the post office, but it was all down to a faulty accounting system so they were innocent 500 of them went to jail five people committed suicide and the country knew about it for 25 years but it was all stuck in the bureaucracy and nothing was happening until they made a four-part TV show called Mr. Bates vs. the Post Office, which is incredible by the way. You don't need to be British or into post and you can still like it. And that caused legal change within six months, a relief fund of £150 million, 500 people released from jail. My point here is that popular culture and media and entertainment can drive aspiration. It can cut through people's thinking. It can inspire people to want to do something. And at the moment, the cyber security industry has done, frankly, an unbelievably bad job of communicating. It is like one of the worst I've ever seen. The barriers to entry of cybersecurity from accessibility is so high. The way it presents itself, the language it uses, it's been hiding in the shadows. And because of that, Gen Z don't care. They don't care about the industry. And, you know, we've got Bia Skylab, who set up the Girls Who Hack platform when she was 11. She's now 18. It's a safe space for female hackers. She's the chair of Defcon NextGen, and she's the founder of our youth community. Bia and I were sitting in a room last year in America with a bunch of very senior executives, all of whom were of a certain type, you know, as you'd expect from, you know, US, you can imagine. But there wasn't a lot of hair on the top of the head going on, and there was a lot of gilets. And they were very brilliant people. And she said to them, look, guys, you are irrelevant to me. If you look them in the eyes, you are irrelevant to me because you don't speak my language. You haven't made cybersecurity aspirational. You haven't done what investment banking did in the 70s, what tech did in the 2000s, what AI is doing now, which is make this the coolest thing I could even dream of deploying my skills in. And we've got to change that. And you've just referenced two moments that affected you with the hackers and Mr. Robot. Yeah. And so we've got to drive popular cultural cut-throughs to this young generation. And that's a lot of the stuff that we're doing at the Hacking Games as well.
Gary Ruddell:Yes, that's a bold move from such a young kid to be able to have the confidence and the sort of wherewithal to stand up and say, you are irrelevant to me. You know, like, that's bold. I like it.
Fergus Hay:And she's a sparrow of a person, right? I mean, she's slender, you know, and she absolutely bossed it. They did not like it, by the way. I mean, it was an uncomfortable moment, but it was a truthful moment. She probably thought, too bad. She didn't seem to care. I was stressing next to her. Yeah, they've flown us out here. It is important. So just to put some context on that. So a core part of what we do, obviously, we have our tech platform that evaluates the talent and we're going to see your guys' outputs. But you've got to get the talent interested. So you can't speak to them like parents or teachers or schools or governments or even companies, really. You've got to speak to them in popular culture. So we have four levels of that. The base level, we've got... community engagement through b-sides and and defcon and the next tier up is we have Gen Z content creators from ethical hacking and gaming, creating tiktok, snapchats, instas um I don't touch it, I don't review it, I don't look at it my ocd lets it go which is a minor miracle but my therapist says it's a good exercise and uh and we let the guys do it and it's Gen Z creating content for Gen Z saying cyber's cool and look I checked the T iktok on Friday had like 750,000 views with no media behind it. So the kids, they know what they're doing. And then on the third tier, we have, when I was growing up, we used to gather as teenagers around music festivals, right? That's how we kind of came together. This generation is doing it around esports. 550 million esports viewers globally. So we're doing the first ever ethical hacking esports tournament. We're doing that in partnership with the Ministry of Defense in the UK and some other defense from other countries. That'll be next year. year and we actually hired the former CEO of David Beckham's esports team to run that for us Jasmine Ski she's amazing so we're doing esports and we'll hopefully roll that out to the Saudi World Cup which is where all the esports is happening and then at the top tier you know we are I've got 13 TV shows documentaries short form long form scripted unscripted going across streaming platforms broadcasters you're going to start to see that all coming out to ultimately do what adolescents did you know adolescence you'll be familiar 120 million people viewed it within seven days the fastest watched most watched thing in the history of Netflix apparently and you saw they won a Grammy two days ago and what adolescence did is it got the topic of boys being weaponized in their bedrooms by the manosphere on the family dinner table and Stephen Graham who won the Grammy and he wrote it and he acted in it amazing performance what he said is the thing he hears most is people say thank you for getting us talking and that what we've got to do here. We've got to get Gen Z excited about being an ethical hacker, understanding that they can be superheroes. They can be the, you know, savers of society. They can use their skills. They can be recognized in the way that you weren't when you were younger, right? And then they can be, and they can have careers and they can be the heroes walking into the room, not invisibles shuffling in from the side.
Gary Ruddell:And from the hack and games perspective, what can people expect if they participate in that? What does it look like for them?
Fergus Hay:As in the experience?
Gary Ruddell:Yeah, yeah.
Fergus Hay:Yeah, so it's annoying. I can't disclose too much about the esports formats. But what we're not doing is CTFs. It would be the world's worst piece of entertainment would be to go on Netflix and watch people play CTF.
Gary Ruddell:I don't know. I've seen that Microsoft Excel Warrior Champion thing and they're all like a massive esports stadium that's pretty good stuff like
Fergus Hay:What were they doing in there? Were they doing a CTF?
Gary Ruddell:yeah they're basically it's a whoever completes the the challenge first to like rearrange the spreadsheet put all the colors in
Fergus Hay:oh yeah yeah yeah that's like actually but that's a creative interpretation right yeah that's the guy that definitely the british guy is just going to Tokyo or something for the final of that or something yeah um but you know but you've done CTFs they're like hours and hours of people bashing away at a computer it's not a spectator sport no. So what we're going to do is take games that people play, like Call of Duty... and Fortnite, and we're going to have professional... I wonder if I'm about to get myself in trouble here.
Gary Ruddell:Sorry, legal team! We can cut this if we need to.
Fergus Hay:Oh, don't publish it. It'll be funny. So we're basically going to have professional gamers competing in tournaments that you will know with titles you will know, so you can imagine what kind of titles, but the top five gaming titles. And they're going to have an extra team member. Oh...
Gary Ruddell:That's cool. Oh, yeah. I know what you're going to say. Okay. Amazing. Can I join?
Fergus Hay:Yea We'll make you a star. You're already an esports star. Yeah, so the idea is like, you know, a bit like Mission Impossible, right? You know, there's Ving Rhames in the truck or whoever, the Sean Pegg in the truck. But now you would have like a hacker in your team who's defending and attacking the other guys. And I don't know if you saw, but like Apex League of Legends, the final got cancelled halfway through it. There was a $4 million prize fund and it got cancelled halfway through it because it was clear that the teams were hacking. So this is a live thing.
Gary Ruddell:They're invited. This kind of reminds me of the Olympics. I've always said we should just have an Olympics that's doping so you can have the doping Olympics and we can try and work on the science of it, figure out the chemicals that you need because the use cases for those could be...
Fergus Hay:But you know that's happening, right?
Gary Ruddell:Yeah, it is happening. Yeah, so this is like, you know, this sort of the hacking games kind of part of it, right? So that's very cool. It's a good name, though. You know, what's the sort of like long-term vision here?
Fergus Hay:I think the long-term vision is that we've changed culture. The long-term vision is that a 15-year-old kid not going to university isn't the only thing, and that identifying skill sets of what they're doing on gaming platforms, which is only going to get more, is celebrated. We're working with governments of three different countries to run national programs where we will split it into three pillars. We will inspire kids with hackers that they can look up to. Marcus Hutchins is going to come into a bunch of schools and he's gonna be and he they can relate to him in a way that you know me or the gentleman who are in that conference who got told they're irrelevant can't right you know so um so we'll do inspire uh with um in school and and content then we will evaluate them with our platform and then we will um enable them with training programs with our partners immersive and fingers crossed the biggest game in the world and i can't say who it is but you can imagine who who are going to hopefully build some cyber development training programs in the games. And it goes into the curriculum. So it's not just for the early adopters. It's not just for the special ones. It's for every kid. And that's happening in the UK. Keir Starmer, who's our current prime minister, he launched a program called Tech First. It's brilliant. 185 million pounds to educate 1 million kids over four years in AI and quantum. Sorry, cyber AI and quantum. And that's going to be executed on British teenagers. So it's happening. We're working with those guys to indoctrinate it. But success is that, you know, all kids wake up in the morning and when they list top three careers and what they want to be, one of them is protect our country, protect our society, create civic resilience and fight the bad guys. Be more Nick, basically. Be more Nick.
Gary Ruddell:Nick, you've been here long enough. What does Group-IB do in this space? like, you know, invest in education and stuff like that.
Nick Palmer:Yeah, I mentioned a few things before that we do to, you know, look for up-and-coming talent. I think we're going to have to check out Hapta and some of the streams that they have coming into their platform. But, you know, the one that stuck out to me that we do here at Koopa IV is Inspire, right? When you walk into one of our digital crime resistance centers, you'll see on the wall, fight against cybercrime. And, you know, this isn't some kind of like corporate motto, you B.S. that, you know, may exist in a lot of companies, but it's about being a superhero. And really, a lot of people at Group-IB are infected by this message to be able to research the bad guys who are conducting advanced attacks against financial institutions, e-commerce companies, profiting the size of the U.S. government, as Fergus well positioned it for for different crime. This is really infected by a lot of people at Group-IB. So, you know, inspiring the people is is one thing. Those that are inspired stay with us a long time. And I think that aspirational goal to be a cybercrime fighter is really important pillar as Fergus mentioned, right? So next is enabling them, right? Putting them in situations that may be above where they could be today in a normal corporate ladder. I mean, like, you know, when I was handed a laptop and a phone and I led Group-IB sales team, you know, I was young guy with no experience, right? And, you know, I had no business running a sales team in a normal CrowdStrike or large organization and cybersecurity company, but I did it, right? Because we enable our people that have good talent and skills to get out there and do what it is they're capable of doing. So I think it's inspiring and enabling are some of the things that we do. And yeah, I hope we infect more people with that mission.
Gary Ruddell:Hopefully that's the only thing we infect people with. You know, what's the impact here if we don't invest in young talent?
Nick Palmer:Yeah, I think when you have an incredible amount of knowledge and skill, maybe not in the traditional sense like your E or D that you got on your A studies, but you have two choices. If you're growing up in Nigeria and you have an incredible amount of technical capability to hack through Call of Duty or what have you, but you have to feed your family at the same time, you apply for jobs that are aren't any jobs, what are you going to do? You're going to turn to whatever it is that you have to do to put food on the table, right? And that may be along the lines of phishing or account takeover, whatever it might be, right? So I think not investing in this future talent in the capabilities of individuals to fight against cybercrime will inevitably lead those people to choose a path that contributes to that overall financial burden that is in the global community at the moment.
Fergus Hay:You know, we've got some research that we're doing with Professor Jonathan Lusthaus from Oxford University. He wrote The Human Impact of Cybercrime. It's a book. He's a sociologist. And it's called The Vulnerability Index. And we are evaluating how vulnerable are kids in every country in the world to falling into cybercrime? And what are the socio-demographic factors that lead them there, such as divorce rates, the gap between tertiary age and job opportunity, internet penetration, poverty, cost of living, to try to build an environmental picture of why there are some centres that are more aggressive than others. You can look to South Asia and India, for example, and you can understand it. You've got a super digitally literate nation and not so easy to find the paid work that they need. And it doesn't take a leap of imagination to persuade yourself that it's okay to hack a US business in order to pay for your family to eat. You know? Why was that okay for Robin Hood? So, you know, so you can understand that, but like, but why in the UK? Why has the UK got such an incredibly high density of cyber criminals, teen cyber criminals? It's incredibly high, right? I don't know if you saw, literally just 10 minutes ago, the BBC News announced that the two teenagers have been arrested for the hack on TFL, Transport for London. Literally just 10 minutes ago. So, but why is it in the UK. We have a higher level of neurodivergence in the UK than many other countries. It's also interesting. We have a deep history of cryptography coming out of Bletchley Park. Also interesting. We are by nature a very creative culture. Very, very creative culture. But why one country more than the other? What are the factors? And if we can understand the factors, then we can understand what knobs to twiddle. Right? And that is a government policy question. You know, that's not the three of us solving it. That's like, look guys, let's get the insight into why and then we can work out what what we can do about it, because the end goal has to be civic resilience.
Gary Ruddell:You just mentioned government and policies there. You know, what's the one thing that you would ask businesses and governments, you know, to take from this crisis?
Fergus Hay:Yeah, well, opportunity, opportunity. First of all, let's look at it as an opportunity. I think what I want companies to do is follow Shireen El Khoury, the CEO of the co-ops example. She was hacked or her company, the co-op was hacked a lot The four perps for teenagers who have been arrested and not convicted. She went from being the victim or she took the company from being the victim to deciding to solve the problem. And that's why we have a five-year partnership with them to inspire, educate, enable young teenagers. Follow her example, right? Be part of the solution, not just the victim. There's so many companies being hacked every day right now. And what everyone is doing is putting the last of past over the issue and then making some banal statement about, you know, sharing the truth. hold of security, whereas actually we need to solve the problem. So what I would ask of the companies is change your hiring policies, release the shackles, identify the unconventional talent, bring in apprenticeships, change how you think about what good looks like because you're losing. If you want to win, change and go and find the unconventional talent. So the government's actually, they're pretty all over it. I've got to say, I'm really impressed by the armed forces in particular. They've all, you know, they're at war. So they're on a war footing. But they understand the issue because they see it through law enforcement. They're moving to policy changes. I was really excited about the Tech First policy launched by Keir Starmer. Honestly, that's great. In a world where there's not amazingly great policy news in many countries right now, that was an amazing one. I'm hearing the same in the U.S. I'm hearing lots of things in the U.S., but I'm hearing the same in the U.S. So I think the governments are there. The UAE, the Kingdom of Saudi Arabia, They're really aggressive on it because they've got a really young population of gamers and they understand that they need to mobilize them as a talent. So I think governments are great. Private sector needs to step up, is what I would say. What are you guys saying?
Gary Ruddell:I mean, you know more about this than I do. I have a very sort of... point-in-time take on my interactions with government. I do think that whenever I was in the military, it was a great environment that if... I know I didn't get the chance to go and do the cyber stuff, but it wouldn't have been out of the question eventually. And if anybody's joining the military today, they can probably join the cyber unit. But even if you were in another unit, the military is kind of a cool place because you just get to play around a little bit. It's quite flexible. You can go hang out with the snipers for a day if your buddy's in the sniper, you know, and fire a weapon or whatever, you know, it's very flexible like that. But I guess it's only like that once you're in. And companies are a little bit like that. Like a lot of the companies I've worked for, even the big ones, they're pretty flexible. You know, if you come in as a CTI specialist and you want to go and work two days a week with the incident team, you know, that's a thing that can happen, you know. But it's only once you're in. So I think you're right, like... We need to approach it different when we actually hire people from the outside. We need to totally change our approach. And human resources and legal departments, I think, are going to struggle the most with that.
Fergus Hay:And management.
Gary Ruddell:And management.
Fergus Hay:Because if you really want the unconventional corkscrew minds, you have to manage them differently.
Gary Ruddell:Yeah, you can't just do weekly one-to-one check-ins and smart goals and all that sort of stuff. It won't work.
Fergus Hay:I had a call this morning with two people who are trying to make a big difference in inclusion. And they were fairly and rightly voicing their frustration and anger about the treatment of them as women by men in the industry. Absolutely fair. But their image was that the person who was treating them poorly was doing it vindictively. But then I said, but do you know whether they're neurodivergent or not? because one in two apparently in cyber are, right? So if they are neurodivergent, you're evaluating them on metrics that are not fair. Because they may have absolutely zero EQ. They may be completely unaware of what's happening around them. And my experience is when you share the impact of what they're doing on other people, they are shocked that they're impacting people like that. So the level of understanding... So the two people I was speaking to this morning are absolutely right to feel aggressed and unfair and persecuted. I'm not denying that. But you've got to have empathy to the person who's... the neurodivergent people you work with because they're different. That's why they're... divergent. They're brilliant. So there's a lot of cultural shift that's going to have to happen. That is not going to be easy. It's not going to be easy at all, but it's an important move.
Gary Ruddell:Yeah, because a lot of managers hate to make their life harder, right? If I said to someone in a team, I'm going to give you this unusual person that's going to be a little bit difficult for you to manage, but you'll be fine. They'll be at the dinner table that night with their partner going, oh my goodness. Exactly,
Fergus Hay:right? but i think to your point on the armed forces so um if you i think the people to follow right now are um uh csoc so the cyber special operations command which is the new division uh launched by the british ministry of defense and is led by general jim and deputy commander uh general tom compager sims and uh we spent a lot of time with them uh we're on their advisory board um and they are being really progressive with talent so of course what the armed forces is always done is you know if you get into a fight in Stockport on a Friday night and it looks like you're going to be banged up for a year you've got the alternative of joining the armed forces right they've done that since the origination of military you know Caesar did that you know so they've got a deep culture of that of giving people a shot right giving them people discipline and a framework and so they've had it in their culture and now what they're doing is they are looking for recruitment age hackers And they're going to welcome them with pink hair. And they're not going to have to do a thousand press-ups in puddles. And they're not going to have to square bash. They're going to have a different culture and they've got to absorb that somehow. But General Tom is really vocal about this. And they're recruiting them through esports. So General Tom is hosting this esports format next year to do exactly that. And just to double up on your point, earlier this year, we went to Cyber Defense Marvel in South Korea. Cyber Defense Marvel is a simulated cyber war hosted in South Korea, conveniently placed. You can imagine who they think the bad guys are. And it involves 26 nations, their armed forces their intelligence agencies and the defense contractors. And they participate in a five day simulated cyber war. It's unbelievable to watch, by the way. But do you know which team won it? the rifleman the completely unskilled cyber guys they won it and they were so proud and excited and these are like strapping alpha men and women carrying guns first in bosh bing bang explosions you know they're not they're not the signals guys but they were all mega gamers mega gamers in their free time and to see them win it and the pride and and and also the jealousy from the uh but it just shows you that the armed forces have opened up their minds and why have they done that because they're at war.
Gary Ruddell:Fascinating. Well it's been fantastic speaking with you Fergus as always. That's about all. I think that's 90 minutes run time, I hope we speak again soon and I hope all the best with the Hacking Games. I look forward to getting the hapti test across. Nick you and I are going to have to brush up on a few things before we take these tests.
Fergus Hay:That's not the point, don't cheat.
Gary Ruddell:Your data is valuable and it's under attack. Cyber espionage groups, financially motivated threat actors, ransomware attackers and other criminal enterprises are on the rise. Working in secrecy to dismantle security perimeters, they spread like a virus through the web, stoking geopolitical tensions, holding businesses to ransom and flooding criminal marketplaces with sensitive information. These groups thrive in secrecy Now, more than ever, knowing who your adversaries are is critical. So join us as we ask who's behind the world's most prolific cybercriminal groups. What are their tactics, their motivations, and their impact? Who are the world's masked actors? Masked Actors is an independent podcast from Group-IB, a leading voice in the fight against cybercrime. The threat landscape evolves quickly, but all information was correct at a time of recording and based on Group-IB's HTCT Report 2025. Join our conversation online using #maskedactors. And don't forget to subscribe, so you don't miss an episode. Thanks for listening. See you next time as we uncover more of the world's top masked actors.
