Teenage hacker myth primed for a middle-age criminal makeover

The Hollywood image of criminal hackers being largely teenage ne’er do wells is due for an update.

That’s because profit-seeking career criminals — often approaching middle age — make up the largest cohort of today’s cybercriminals, according to an analysis of criminal cases carried out by Orange Cyberdefence.

The Orange Group’s cybersecurity unit analysed 418 publicly announced law enforcement activities conducted between 2021 and mid-2025, finding that cyber offenders’ engagement in crime peaks between the ages of 35 and 44, with this demographic accounting for 37% of all the cybercrime cases reviewed.

Collectively, the combined age groups of from 25 to 44 make up well over half (58%) of analysed cybercrime cases. This all goes against the Hollywood image of the maladjusted teen hacker living in their mum’s basement and up to no good.

Profit-motivated cybercrime escalates with age — unlike other forms of crime where criminal behaviour emerges in adolescence, peaks in the late teens or early adulthood, and then sharply declines.

The review of criminal cases found that 18- to 24-year-olds were the defendants in 21% of cybercrime cases, a figure that drops to 5% for the 12-to-17 age range.

Offender profiling

The study found a notable progression in cybercrime activity as offenders age.

Among 18- to 24-year-olds, cybercriminal activity is highly diverse, with a focus on hacking (30%), followed by selling stolen data and DDoS attacks (10% each).

“The variety of activities indicates the experimental, multifaceted nature of this demographic’s engagement in cybercrime as they test boundaries and trial tactics,” according to Orange Cyberdefence.

This begins to shift among offenders aged 25 to 34, where activities such as selling stolen data (21%), cyber extortion (14%), and malware deployment (12%) lead the way — indicating a move toward profit-motivated crime.

The trend intensifies among the 35-44 cohort, where cyber extortion (22%) is the dominant offence, followed by malware (19%), cyber espionage (13%), hacking (10%), and money laundering (7%).

“While younger, less experienced hackers engage in highly diverse crime they may be less likely to engage in calculated, profit-seeking activity,” said Charl van der Walt, head of security research at Orange Cyberdefense. “Instead, cybercrime careers appear to peak much later into adulthood, accompanied by vastly more sophisticated and intentional techniques.”

Cybercrime cartels

Dray Agha, senior security operations manager at managed detection and response services firm Huntress, said the analysis illustrates that the “Hollywood image of a teenage lone wolf hacking for bragging rights” is vastly outdated since the threat landscape is dominated by “highly organised, profit-driven syndicates.”

“While young people may still engage in digital vandalism or act as low-level affiliates, the architects orchestrating large-scale extortion and malware campaigns are mature adults operating what are essentially illicit technology companies,” Agha said.

Agha argued that the 35-44 age group aligns perfectly with the skills required to run modern cybercrime operations, such as ransomware-as-a-service (RaaS). These professionally run campaigns require project management, software development lifecycles, human resources (recruiting affiliates), and customer service (negotiating with victims).

“This level of operational maturity is rarely found in teenagers; it requires the business acumen typical of midcareer professionals,” Agha said.

While it might be relatively easy to breach a vulnerable system, successfully cashing in on illicit access is a tricky process that requires experience.

“The prominence of cyber extortion and money laundering in the 35-44 demographic highlights the need for a deep understanding of corporate pressure points, cryptocurrency tumbling, and illicit financial networks,” Huntress’ Agha added. “Older offenders have the real-world experience necessary to navigate these complex financial logistics and turn stolen data into usable cash.”

While younger offenders often act as “initial access brokers” — finding the initial way into a network — this access is typically sold onto older, more experienced threat actors who execute the high-stakes extortion and espionage.

“The young ‘pick the locks,’ while the adults ‘run the syndicate,’” Agha said.

Career ladder

Andra Zaharia, cybersecurity community lead at Pentest-Tools.com, said that many cybercrime operations look “less like solo activity and more like organised networks with roles, handoffs, and repeatable processes.”

“That structure naturally skews older because it rewards operational discipline and trust networks that take time to build,” Zaharia told CSO. “Technical skill matters, but so does reliability and consistency over months and years.”

Zaharia added: “Profit motive also reshapes the ‘career path.’”

Extortion and malware campaigns often involve different people for different jobs: access, tooling, infrastructure, negotiation, and moving money.

“Reputation becomes a form of currency in those environments,” Zaharia concluded. “Actors build it, protect it, and use it to climb into higher-earning roles.”