Young people can easily slip into a life of cyber-crime because of easy-to-use hacking tools online, says the National Crime Agency.
But there is a way of legally hacking company websites - and even getting paid for it.
Jake Davis, known online as Topiary, was arrested for illegal hacking in 2011 but now works on the right side of the law in cyber-security.
He explains how he is now paid by the likes of Twitter to hack their website.
"Ethical hacking" is when a hacker is paid by a company to break into their websites to discover bugs and security flaws.
They then get paid for discovering the gaps, which the company patch up.
"Twitter have paid me for disclosing bugs to them," Jake tells Newsbeat. "It's very simple."
He says that hackers would do it without getting paid anyway, so the money is just a bonus.
According to Jake, the main reward for many hackers is "kudos from other hackers. They're good at hacking, and they want to be seen to be good at the thing."
By ethical hacking, "they get the kudos, they get recognised by the company - they even get points on a leader board sometimes".
Therefore, they've "been diverted away from doing something malicious, because they get everything they want and a little bit of cash too".
The larger tech companies can be generous with their payouts, says Jake.
"Facebook are particularly good, they have got a £500 minimum for disclosing bugs to them."
He says that Twitter's minimum payout is $140 (£110), and they have paid 642 hackers so far at a cost of $800,000 (£625,000).
Jake estimates that over the whole industry, "in the past 24 hours, there would probably have been between $100,000 [£78,000] and $200,000 [£156,000] paid out to freelance hackers".
Companies often pay in crypto-currencies such as Bitcoin so that the hackers can stay anonymous if they want to.
"You've essentially done everything you would usually do as a malicious hacker, except without the malicious part.
"You get everything you want," he says.
Jake went from being a "black hat" (illegal) hacker to a "white hat" (legal) hacker after he was released from a young offenders' institute.
He used to work with the LulzSec and Anonymous groups, under the alias of Topiary.
"We were most known for hacking the homepage of the Sun newspaper and planting satirical fake stories on their website," he says.
After being arrested, Jake got a two-year ban from the internet.
His prison sentence, initially two years long, lasted six weeks because he'd already spent two years under house arrest.
"I'm currently under a five-year ban from encrypting files or deleting my internet history, which will expire in one year's time," he says.
Jake is now a cyber-security expert and hacking consultant for film and TV.
He adds that he now has more perspective on the effects of malicious hacking.
"It took a couple of years after even being arrested to come to terms with what the hacks were, what they even meant," he says.
"When you get to the actual hacking itself, you've completely forgotten what that end bit is. You don't see faces, you don't see victims."
"You forget that on the other end of the system you're breaking into, there are humans behind it."