When you think of a hacker, you probably imagine a hooded adult driven by money or political motives. The reality, however, is quite different. Today, the most common hacker profile is that of a teenager or young adult, often with immense technical curiosity and motivations that do not always fit classic stereotypes.
At TecnetOne, we believe that understanding who is really behind the keyboard is essential to addressing cybersecurity in a more realistic, preventive, and human way.
The data is clear. According to FBI figures, the average age of individuals arrested for cybercrime is around 19 years old, far below the average age for other crimes, which is closer to 37.
This means that many of the attacks affecting companies, institutions, and critical services do not always come from large criminal organizations, but from young individuals with advanced technical skills, access to online tools, and, in many cases, emotional maturity still under development.
You may remember the case that shook the gaming industry in 2022. An 18-year-old teenager, Arion Kurtaj, gained access to internal Rockstar Games materials and leaked dozens of images and videos of the highly anticipated GTA VI, forcing the company to officially confirm the game’s development earlier than planned.
Kurtaj was part of the Lapsus$ group, known for high-impact attacks against major corporations. The outcome was severe: UK courts sentenced him to indefinite detention in a hospital, citing a high risk of reoffending and considering his condition on the autism spectrum.
It was not an isolated case. Another group member, aged 17, received a sentence of community service and an explicit ban on using VPNs.
These stories highlight a crucial reality: the line between talent and crime can be very thin when guidance and clear boundaries are missing.
Read more: AI Students Exposed: How Weak Government Security Endangers Youth
There is a widespread belief that all hackers act for financial gain. Reality is more complex.
Many young people begin hacking due to:
A clear example is Embl, a 17-year-old arrested in Spain for hacking the website of the PSOE political party. In his statement, he claimed he was not seeking money, but rather to expose what he considered institutional corruption. Although he stole more than 10 GB of data, he never attempted to sell it.
This does not justify the crime, but it does help explain that motivations are not always financial.
Some hackers develop internal narratives to justify their actions. This was the case with Vyacheslav Penchukow, known as Tank, a member of the Jabber Zeus group and wanted by the FBI.
In an interview from prison, he claimed that large Western companies “can afford to lose money” and are often insured. Under this logic, he even justified attacks against hospitals and medical services—one of the most troubling aspects of modern cybercrime.
This reveals a recurring pattern: dehumanizing the victim, which makes crossing increasingly serious ethical boundaries easier.
Not all stories end in court. Some young individuals channel their talent ethically and legally, turning hacking into a high-level professional career.
One of the most well-known cases is George Hotz, who at just 15 years old performed the first iPhone jailbreak. Instead of prison, his talent opened doors at companies like Apple, Google, and Facebook—and even earned him offers from Elon Musk.
This profile represents white-hat hackers, individuals who seek vulnerabilities to report and fix them, not exploit them.
Today, there are clear alternatives for those with advanced technical skills:
An inspiring example is Santiago López, a young Argentinian who surpassed $1 million USD in bug bounty rewards by the age of 19, reporting vulnerabilities to major tech companies.
The question is unavoidable: if this path exists, why do some still choose crime?
From TecnetOne’s experience, several factors play a role:
Many teenagers discover they are “good at hacking” before anyone explains where the legal boundary lies.
You might also be interested in: Scattered Spider: The Arrest of a Suspect
This is where companies, institutions, and families play a critical role. Cybersecurity is not only about firewalls and antivirus software—it’s about education, prevention, and early detection.
Key actions include:
Investing in these areas not only reduces cybercrime but also creates the professionals the market urgently needs.
One of the biggest security mistakes is assuming that a young attacker is less dangerous. History proves the opposite.
Teenagers often:
In many cases, they are just as capable as professionals—only with less emotional control.
The hacker everyone talks about is not always a movie villain. More often, it’s a young person with talent, curiosity, and internet access—but without a clear moral compass.
At TecnetOne, we believe the solution is not only punishment, but understanding, prevention, and guidance. Because every teenager hacking out of curiosity today could become tomorrow’s cybersecurity professional—or tomorrow’s attacker.
The difference lies in the opportunities we provide before it’s too late.