The Double-Edged Sword of Teen Tech Talent

Breached Company

Breached Company

8 min read
The Double-Edged Sword of Teen Tech Talent
Photo by Thomas Park / Unsplash

Both the MGM incident and the Final Forms breach highlight a crucial reality: teenagers possess the same technical skills that make them capable of devastating cyberattacks and exceptional cybersecurity professionals. The key difference lies in channeling these abilities toward constructive rather than destructive purposes.

The 14-year-old who accessed student records wasn't necessarily malicious—the company detected the breach quickly and claims no information was made public. Similarly, many teen hackers start with curiosity rather than criminal intent. The problem is that without proper guidance and legitimate outlets for their skills, talented young people can inadvertently cause massive damage or be recruited by criminal organizations.# The Rise of Teen Hackers: From Casino Breaches to Cybersecurity Champions

The digital age has produced a new generation of tech-savvy teenagers who can either become cybersecurity's greatest threats or its most promising defenders.

In August 2025, cybersecurity experts are predicting that emerging threats may come from unexpected sources as teens and AI-savvy employees may perpetrate more attacks. This prediction isn't just speculation—it's backed by real-world incidents that have shocked the cybersecurity community and demonstrated the incredible capabilities of teenage hackers.

When Teenagers Exposed Massive Security Failures

The 14-Year-Old Who Accessed 400,000 Student Records

In a case that shocked parents across Ohio and beyond, a 14-year-old from Dublin, Ohio, successfully hacked into Final Forms, a Chagrin Falls company that collects and stores student information for school districts. The teenager accessed hundreds of thousands of student records, exposing sensitive information including medical forms, athletic forms, and enrollment data.

What makes this breach particularly alarming is that Final Forms is a service that families are required to use. Parents across Ohio and beyond must submit private information about their children through Final Forms for school enrollment, athletics, and medical documentation—giving them no choice but to trust the platform with their children's sensitive data.

The teen used stolen email and password combinations from the dark web to penetrate the company's security systems. While Final Forms detected the breach within days and claims all information was deleted, the incident raises critical questions about cybersecurity standards for companies entrusted with sensitive information about minors.

As one expert noted in the Today in Ohio podcast, "If a 14-year-old is able to hack it, I would argue that the company isn't doing a good job of protecting this very sensitive data." The case highlights a troubling reality: if a teenager "playing around on the dark web" can access 400,000 student records, what could more sophisticated attackers accomplish?

When Teenagers Brought Down Vegas: The MGM Casino Hack

The most spectacular example of teen hacking prowess came in September 2023, when a group mostly made up of teens and young adults, known as Scattered Spider, successfully hacked MGM Resorts International and Caesars Entertainment, two of the largest casino companies in the world. The attack was devastatingly simple yet effective.

The hackers allegedly found an employee on LinkedIn and called the organization's help desk to access their account using social engineering. This single phone call led to a catastrophic breach that cost MGM around $100 million in revenue loss and brought casino operations to a standstill for 10 days.

In July 2024, authorities arrested a 17-year-old boy in Walsall, England, in connection with the MGM cyberattack, demonstrating that some of the world's most sophisticated cyberattacks are being orchestrated by individuals who aren't even old enough to vote.

The scope of teenage involvement in high-profile cybercrimes extends beyond individual cases. Security researchers have identified that members of these groups are part of a much larger association known internally as "the Com," consisting of a few dozen hackers who have connected online. What's particularly alarming is that these groups have now attracted recruiters for Russian criminal organizations who want to combine their business expertise with the techniques and local knowledge of native English speakers.

The Broader Implications: When Security Fails Our Children

The Final Forms incident and the MGM casino hack represent two sides of the same concerning trend. In both cases, teenagers were able to exploit fundamental security weaknesses in systems that adults rely on daily. The Final Forms case is particularly troubling because it involves children's data—information that parents had no choice but to provide.

This incident raises several critical questions:

  • Inadequate Security Standards: If a 14-year-old can breach systems containing 400,000 student records, what does this say about the cybersecurity standards for companies handling children's data?
  • Mandatory Vulnerability: When schools mandate the use of specific platforms, parents have little choice but to provide personal details through systems whose security measures may be inadequate.
  • Trust and Accountability: Companies entrusted with sensitive information about minors bear enormous responsibility, and the potential consequences when that trust is broken can be severe.

As one observer noted, "I think they're bringing a lot of attention to their failures at security... they better watch out because I could see a class action suit against them."

The Final Forms breach demonstrates that teenage hackers aren't just targeting high-profile companies for financial gain—they're also exposing critical vulnerabilities in systems that affect millions of families who have no alternative but to use these services.

Before turning to high-stakes cybercrime, many of these teen hackers started with activities like "sextorting" and other sociopathic behavior online, suggesting that early intervention and positive direction could prevent talented individuals from pursuing criminal paths.

This is where cybersecurity education and competitions become crucial. By providing legitimate outlets for teen hackers' skills and curiosity, we can transform potential threats into cybersecurity champions.

Building Tomorrow's Cyber Warriors: Educational Programs and Competitions

DEF CON: Where Young Hackers Learn to Defend

DEF CON, one of the world's largest hacker conferences held annually in Las Vegas since 1993, has evolved to include programming specifically designed for young people. The Social Engineering Capture the Flag Contest for kids is now an official DEF CON contest, targeting 5- to 12-year-old contestants who must use social skills, password and cipher cracking, lock picking, and basic social engineering to solve corporate crime scenarios.

Unlike the adult version where contestants try to gather sensitive information from corporate targets via cold telephone calls, the kid-friendly version focuses on critical thinking skills and teamwork. This approach teaches young participants to think like security professionals while maintaining ethical boundaries.

CyberPatriot: The Largest Youth Cyber Defense Competition

CyberPatriot's National Youth Cyber Defense Competition is the world's largest cybersecurity competition and is open to all schools and approved youth organizations. The program serves both middle school and high school students, challenging teams to find and fix cybersecurity vulnerabilities in virtual operating systems.

The competition structure is comprehensive:

Competition Format:

  • Network Security Challenge: involves finding and fixing security vulnerabilities in Windows and Linux operating systems
  • Cisco Networking Challenge: consists of an online quiz and a virtual networking exercise based on specific training materials

Divisions Available:

  • Open Division for all high school students
  • All Service Division for JROTC and military-affiliated programs
  • Middle School Division for younger students

Top teams advance through online rounds of competition, and the best advance to the in-person National Finals Competition, with teams receiving all expense-paid travel to Bethesda, Maryland.

PicoCTF: Gamifying Cybersecurity for Students

PicoCTF is a cybersecurity competition available to middle and high school students, put on by Carnegie Mellon University, that places teams into an interactive environment and storyline where they must hack, decrypt, and reverse engineer to solve challenges. Teams of up to five participants compete to solve as many challenges as they can, with prizes including $3,000 for first place, $2,000 for second, and $1,000 for third.

US Cyber Challenge and National Programs

The US Cyber Challenge (USCC) goals include identifying, attracting, training, recruiting, and placing the next generation of cybersecurity professionals into the workforce through cyber quests, capture-the-flag competitions, and cybersecurity camps.

High School Cybersecurity Programs: Creating Pathways to Success

Formal Education Programs

The integration of cybersecurity education into traditional high school curricula is accelerating nationwide. Students can find introductory cybersecurity classes at specialized schools and innovation centers, with districts planning to form cybersecurity pathway options that include courses in ethical hacking, Python programming, forensics, and operating systems like Linux.

Some high schools have rolled out Pathways in Technology Early College programs that allow students to earn an associate's degree in cybersecurity by the time they graduate high school.

Summer Programs and Camps

GenCyber Cybersecurity Summer Camps are prestigious programs funded by the NSA and NSF, designed for high school students ambitious about establishing careers in cybersecurity. These programs typically run for one week and cover topics from IT fundamentals to advanced security concepts.

Benefits of completing cybersecurity programs in high school include improved technical proficiency, better understanding of online security, enhanced college applications, and the opportunity to discover passion for the field.

Technology High Schools Leading the Way

Specialized technology high schools are becoming breeding grounds for the next generation of cybersecurity professionals. These institutions combine traditional academic subjects with hands-on technical training, creating graduates who are immediately ready for cybersecurity careers or advanced study.

Students in these programs learn:

  • Fundamentals of cybercrime and why it happens
  • Methods for personal online safety
  • Various technology career paths
  • Basic coding and development skills essential to cybersecurity

The Urgent Need for Cybersecurity Professionals

Cybersecurity ranks within one of the top 20 fastest-growing career fields in the country, with cyber-related careers having some of the highest projected percent changes (+33%) of employment between 2022-2032, and over 514,000 open cybersecurity positions available in the U.S. alone.

This massive demand creates unprecedented opportunities for young people entering the field. The same technical skills that enable teenagers to break into major corporations can be redirected toward protecting those same organizations.

From Threat to Guardian: Channeling Teen Talent Positively

The transformation from potential cyber threat to cybersecurity champion requires:

1. Early Identification and Engagement

Recognizing technically gifted students and providing them with legitimate challenges and opportunities to apply their skills constructively.

2. Competitive Outlets

Programs like CyberPatriot, DEF CON Kids, and PicoCTF provide safe, legal environments for students to test their abilities against peers.

3. Educational Pathways

Clear routes from high school cybersecurity programs through college and into professional careers, such as those offered by platforms like Future Cyber Pros, which provides guidance and resources for aspiring cybersecurity professionals.

4. Mentorship and Community

Connecting young talent with cybersecurity professionals who can provide guidance, support, and real-world perspectives on the field.

5. Hands-on Experience

Opportunities for internships, apprenticeships, and practical application of skills in professional environments.

The Stakes Have Never Been Higher

As cybersecurity jobs multiply nationwide, so do opportunities for students to develop these critical skills through competitions and educational programs. The choice between creating cyber criminals or cyber defenders often comes down to the opportunities and guidance available to talented young people.

One student expressed their career aspirations: "Schultz hopes his skills in cybersecurity will culminate in a career as a pen tester — a hacker for hire who finds and exposes weaknesses in cybersecurity so defenses can be made stronger". This represents the ideal transformation: taking the same skills used maliciously in attacks like the MGM hack and applying them toward strengthening cybersecurity defenses.

Looking Forward: A Generation of Digital Defenders

As digital record-keeping becomes increasingly common in education and other sectors, cases like Final Forms serve as sobering reminders of the responsibility companies bear when handling sensitive information—particularly children's data. The potential consequences when that trust is broken extend far beyond individual companies to affect hundreds of thousands of families.

The teenagers who can expose these vulnerabilities also have the potential to become the cybersecurity leaders who protect against them. Whether a curious 14-year-old becomes a cybersecurity champion or a more serious threat often depends on the opportunities and guidance available to them at crucial moments in their development.

Even students who don't pursue careers directly in cybersecurity benefit from the knowledge gained, as understanding digital security becomes essential for everyone in our increasingly connected world.

As we face an uncertain digital future with AI-related incidents likely to become major headline makers in 2025, the importance of nurturing positive pathways for teen technical talent cannot be overstated. The teenagers hacking casino systems today could be the ones protecting our critical infrastructure tomorrow—if we give them the right opportunities to channel their abilities constructively.

The choice is ours: do we want teen hackers working for criminal organizations, or do we want them working for us? The answer should be obvious, and the time to act is now.

For students interested in exploring cybersecurity careers and educational opportunities, Future Cyber Pros offers comprehensive resources and guidance for building a successful career in cybersecurity.

Read more

The Global Cybercrime Empire: Mapping the Underground Economy, Partnerships, and Geopolitical Power Structures

The Global Cybercrime Empire: Mapping the Underground Economy, Partnerships, and Geopolitical Power Structures

Bottom Line: Cybercrime has evolved into a $10.5 trillion global economy dominated by sophisticated nation-state actors, ransomware cartels, and hybrid criminal-state partnerships. Four nations—Russia, China, Iran, and North Korea—control 77% of all state-sponsored cyber operations, while criminal organizations have formed unprecedented alliances, creating a complex web of

By Breached Company