In 2016, a then 19-year-old Daniel Kelley was charged with computer hacking, blackmail and fraud in connection with a major data breach at a British telecoms company. He was sentenced to four years’ imprisonment. Since his release, he has worked with more than 35 cybersecurity companies to produce campaigns and thought leadership pieces on the reality of digital threats.

When I was a teenager, gaming completely took over my life. I’d play for 12 or more hours a day; it was all I thought about. Video games gave me a different way to socialise because I didn’t enjoy school and didn’t have much of a social life offline. The gaming world became my entire environment, my escape, my community.

Things started to go wrong around 2011 or 2012. I was playing an online multiplayer game competitively and my internet disconnected right before the match began. I found out later that the opposing players had figured out how to grab my IP address and DDoS me (a form of cyber-attack). I started searching how they did it and stumbled on to an online hacking forum. That’s where the curiosity began, not from malice, but from trying to understand.

After I got into cheating on video games, I became curious about how websites worked and started learning web application hacking. I reported vulnerabilities to companies and even ended up gaining recognition from Microsoft as a security researcher.

What pushed me away from that path was how unrewarding it felt. Back then, there were no formal bug bounty programmes (where responsible hackers are rewarded for finding vulnerabilities in an organisation’s online systems), and most companies didn’t understand responsible disclosure. So when you reported an issue, you were often ignored or threatened. For a teenager who was looking for validation and community, that made a difference.

‘I would tell my younger self not to cross certain lines.’ (Picture posed by model). Composite: Stocksy/Guardian Design

Things escalated between 2012 and 2015. I built relationships with people on hacking forums, and slowly the conversations shifted. What started as curiosity turned into something darker; I slipped into cybercrime without even realising how far off track I’d gone.

After my arrest, there were endless legal discussions and delays – I spent four years on police bail.

The first prison I arrived in was HMP Belmarsh. Everything there felt loud and unpredictable. For the first few weeks I felt constantly alert, not out of fear but because of the atmosphere. Over time you learn the rhythms of prison life. You also realise how much time you have to think. It forces you to face yourself and your decisions. It was not all bad, but it was isolating.

“Weird” is probably the simplest way to describe being released. You imagine freedom as this huge emotional moment, but in reality, it is disorienting. You have spent months or years being told where to go, what to do, and when to do it. Then suddenly, you step outside and everyone expects you to be normal again. It took time to adjust, to get used to small choices again, and to rebuild confidence.

Part of my sentencing included a serious crime prevention order, which I am still under more than 10 years later. It affects nearly every aspect of my life. I have restrictions around technology and online activity, and I live with the constant awareness that a small mistake could lead to my freedom being taken away again. It creates a strange kind of tension.

Since release I have found a way to connect two things I understood deeply: cybersecurity and cyber threat intelligence. I realised that many marketing teams in cybersecurity lacked technical insight, and many technical people struggled to explain their work in a way the public could understand. I built a bridge between those worlds. The same knowledge that once got me into trouble now forms the foundation of my business. It is strange in a good way.

Kelley’s business now uses his skills as a force for good. Composite: Getty Images/Guardian Design

When you are talented but isolated, it is easy to get pulled in by communities that feel validating but lead you down the wrong road. There was a period in my teens where I did try to use my skills for good. If there had been more structured, positive ways for young people to channel those skills back then, things might have played out differently. I was not groomed into crime in the traditional sense. It was more a case of being enabled. No one stopped me, and no one showed me what using my skills legitimately could look like. That combination is dangerous: talent without structure.

Fergus Hay, the founder of The Hacking Games, is helping shift the narrative around hacking from something viewed as purely criminal to something that can be constructive and beneficial when guided in the right way. Co-op’s partnership with The Hacking Games helps young people channel their digital skills into ethical careers – exactly the kind of preventative work we need. It gives young, technically skilled people a positive outlet. I’m a member of The Hacking Games virtue community because I want to guide the next generation to avoid the mistakes I made and use their skills to protect society.

I would tell anyone passionate about tech not to underestimate how far you can go by being transparent about what you are learning. The internet can connect you to people who will recognise your ability and give you opportunities. The key is to direct your energy toward mastery instead of mischief. Pay attention to the intent of the people you surround yourself with. If someone tells you that laws do not matter or that it is all harmless, that is a red flag. The line between curiosity and crime can get blurry quickly if no one helps you understand it.

When I think about the advice I’d give my younger self, the answer keeps evolving. The obvious thing would be to say: “Don’t do it,” but the truth is that everything that happened ended up shaping who I am and what I do now.

Still, I would tell my younger self not to cross certain lines. Don’t blackmail or extort businesses. That was the worst part and something I will always regret. I’d also tell him to think more carefully about consequences and to realise how many people get affected when you make reckless decisions. The curiosity itself wasn’t wrong, but the way I used it was.

Find out more

Help keep children and young people safe online with Barnardo’s online safety guidance

Source link