He is the 17-year-old CEO of a fast-growing cyber security company, but a few years ago Ryan Jackson could have chosen a very different path.
Jackson came across the dark side of the web that would ultimately lead him to become involved with an affiliate of notorious hacking group Anonymous while he was gaming online. “I met some people who could cheat in a game and they gave me special items,” he says.
Keen to learn from his new friends, Jackson says he kept to himself and never directly took part, but quietly observed while black hat hackers attacked. “They could teach you what they know. It was your choice whether to follow them or not.”
Jackson chose to learn, but he is keen to convey that he didn’t witness any cyber-attacks directly taking place. Even so, he certainly saw the aftermath – including the fall-out from distributed denial of service (DDoS) hacks and website defacement.
“The bad side of hacking is something you never want to see,” he says. “They would hack into a website, update it so you could see what they wrote and update it again just to prove they have the capability to infiltrate your system. They would attack and tell me how to do it and I’m just, like 14, having no clue what these guys are doing in the background.”
The young hacker from Alabama always had an interest in technology. Aged 9, he started to read online books and by 11, he was programming in HTML. For a teenage boy learning to code, it was an attractive and interesting world.
And the older hackers were keen to involve him. Soon after witnessing what was possible, Jackson was drawn in, managing an Anonymous-affiliated Twitter account, @NewWorldHacking. “They told me what to tweet and who to tag in whenever I had access.”
But he didn’t like what he saw. Jackson observed that “some stuff can easily get out of hand”. He tried – and failed – to convince the group to stop. Then, at age 16, two years after meeting the older blackhat hackers on the web, Jackson had learnt enough. He started planning to create a cyber security company.
Shortly after he turned 17 – and with just $200 in his account – Jackson founded Collective Labs. It’s been running for less than a year, but the company employs four staff and has over 50,000 Twitter followers. In December 2017, Jackson discovered, recoded and reported a hacking tool used to compromise Spotify accounts called “Spotify Cracker v1”.
The company is growing fast: The firm already has clients spanning Asia, Canada, India, the UK and the United States. Currently, Jackson says Collective Labs is working on an application to keep people secure on the go. “We plan to work on an application, not just a flexible administrative panel used to keep your domains secure,” he says. “This app will keep you safe from DDoS attacks and malware traffic on a mobile network.”
He’s bright and talented, but Jackson is a rare entity. Not only is he an extremely young CEO; it’s also unusual that a person of his age will see the dark side of hacking and choose not to get involved.
Even Jackson himself concedes: whether hacking is done for pure financial gain, or just for kudos, cyber-crime can be lucrative. But after years of cyber-attacks that were found to have been perpetrated by bright teens with nothing better to do, businesses and governments are realising the need to catch young people early. Indeed, programmes are being run by law enforcement agencies and groups including the UK’s National Cyber Security Centre (NCSC) to try and attract young coders to a career in cyber security. At the same time, ‘bug bounty’ initiatives offered by firms such as Google and Twitter offer cash to hackers that report vulnerabilities.
So, how do people make the choice between bad and good? It’s not always about cash: Jackson is adamant that all he wanted to do is learn. “Everyone has their own mind. Saying that, some people want fame – also known as clout on the dark web – and some just want to help and learn,” he explains.
“Most of these guys are like, ‘I have the capability, I’m going to get all of this clout’, which is about reputation. They do it and it blows up and they are sitting there talking to their pals like, ‘oh we did something here’. Then they do it again because it becomes a thrill.”
But for Jackson himself, the thrill doesn’t represent success. “The opportunity is to be successful in life. I don’t want to be some smart nerd behind a screen destroying stuff, not seeing my own potential and eventually heading down the wrong path. It is in my best interests to be someone people can come to knowing they will be secure.”
It is clear the industry needs to change to encourage young people like Jackson to use their skills for good. Jackson’s story is also important to those educating the cyber security professionals of the future. If young people aren’t given the opportunities they need, they will quickly slip through the talent pool.
Yet with DDoS attacks available to buy online and anonymous nation state perpetrators looking to recruit naïve young hackers to assault at will, it’s easy to see how so many make the wrong choice. So why did Jackson choose the good path?
“Well, I didn’t really see the purpose of harming anyone. Why would you waste your time pushing for justice when you are doing the damage? Of course, the government is learning from you as you basically tell them how you breached their infrastructure, but if it goes too far they can lose a source of profit. No one wants that.”