Previously, becoming a hacker required deep knowledge of programming, computer networks, and security. However, in recent years, numerous attack toolkits (from DDoS and phishing to ransomware) shared openly on the Internet and dark web have nearly eliminated technical barriers.

With just a few hours of learning through YouTube or social media groups, even high school students can launch a cyberattack.

Tools like LOIC, Metasploit, Havij, Aircrack-ng, or “DDoS-for-hire” services, which accept cryptocurrency payments, are widely available. Many students download “phishing kits” or “malware builders” that require only drag-and-drop operations to create malicious codes.

A cybersecurity expert told VietNamNet that many forums offer many attack tools and hacking tutorials, including guides for “cracking” or creating viruses.

The danger lies in these tools often coming with detailed instructions and even YouTube or TikTok video tutorials, making cyberattacks feel “as easy as a game” for many students.

As a result, hacking is no longer the domain of seasoned computer experts. Cyberattacks have become more popular than ever.

Attack tools, from simple to complex, are openly shared on the Internet, underground forums, or black markets, enabling even those without programming skills to cause significant damage.

Student hackers launch cyberattacks to show off

In Vietnam, there have been several cases of student hackers causing significant disruptions to public systems. In 2005, security companies discovered a virus named “Love” that spread across computer systems in Vietnam.

If not detected early, this virus could have posed serious risks to computers.

Investigations found that a student from Hai Phong created the virus.

However, as the student was only 16 years old, the Inspectorate of the Ministry of Post and Telecommunications (now the Ministry of Science and Technology) only imposed an administrative penalty for this act.

In 2006, a 12th-grade student from Vinh Long hacked into the Ministry of Education and Training’s website, replacing the Minister’s image with a personal photo. 

The student said he did this just to warn about security vulnerabilities, but the act was still considered illegal.

At 2 pm on November 27, 2006, Bui Minh Tri, a physics-informatics student at Nguyen Binh Khiem High School attacked the website, replacing the Minister’s photo with one of a shirtless young man sitting in front of a computer screen.

In a written statement, Tri wrote: “In mid-July 2006, I visited the Ministry of Education and Training’s website and noticed some security flaws. I tried to infiltrate it. After two days, I found a vulnerability. I left a file to warn the website administrators, but received no response. On November 27, 2006, I revisited the site to check if the flaw had been fixed, but it hadn’t. Disappointed by their lack of responsibility, I replaced the Minister’s photo with my own for five minutes, hoping someone would notice the website’s vulnerability and alert those responsible (since my earlier warning had no effect). I had no other intentions beyond issuing a warning.”

In March 2017, two 9th-grade students attacked and altered the interfaces of websites for five major airports, including Tan Son Nhat, Da Nang, Phu Quoc, Rach Gia, and Tuy Hoa. Both admitted their motive was to “test their skills” and show off their achievements.

On March 8, 9, and 10, 2017, the websites of Tan Son Nhat International Airport, Da Nang International Airport, Phu Quoc, Rach Gia, and Tuy Hoa were hacked, with their interfaces altered and messages left behind.

At the police station, L.C.K.D. and P.H.H. confessed and admitted their wrongdoings. According to their statements, their motive was a desire to explore, show off, and boast about their achievements within the hacker community.

The Civil Aviation Authority of Vietnam concluded that the hackers did not steal data or show intent to sabotage the systems, and only left messages about website security vulnerabilities.

Recently, a 10th-grade student from Bac Ninh “cracked” multiple pay-TV channels, setting up an illegal streaming system for nearly 1,000 channels.

Notably, this student didn’t need advanced servers or hardware, but just an old smartphone and learning to break encryption from underground tech groups on social media.

The young hacker admitted to being able to decrypt the signals of major pay-TV channels in Vietnam, such as K+ and VNPT, in just 30 seconds.

Cybersecurity experts warn that preventing such incidents requires combining legal awareness education with digital skills training for students.

Thai Khang