More than 3500 cyber attacks on Australia from foreign countries and criminals were reported in April, the Australian Federal Police (AFP) says.

And the threat is only going to increase, warns the head of the AFP’s cyber crime unit, Commander David McLean.

“Cyber threats in Australia are typically classified as being state-sponsored or criminally motivated in terms of attribution to the source,” Commander McLean told ABC’s 7.30.

• FBI tracks down celebrity nude hacker
• Illegal downloaders, watch your back

As a result, the AFP along with at least one Australian spy agency is moving to recruit young, so-called white hat hackers with the skills to repel and track the threats.

White hat hackers are people who love to hack systems, but say they only do so to help identify security flaws and weaknesses.

A shortage of these skilled hackers could leave the country vulnerable.

“We, as an organisation, have a current and an increasing demand for high-level skills to help support us in our cyber crime operations,” Commander McLean said.

“There’s not a large available workforce out there in our experience. Getting suitably skilled and qualified and experienced people to support us in our work is quite difficult.”

Shubham Shah is a young, Sydney-based information security professional who admits to unethical hacking in the past.

Mr Shah said criminal gangs target young hackers.

Sydney-based information security professional, Shubham Shah, says criminal gangs take advantage of young hackers. Photo: ABC

“I think that people who are at this young age, they kind of tell people that they can do these sort of things and it kind of spreads quite fast,” he told 7.30.

“If people do know what they can do, they’re a prime target to be picked on. People can take advantage of it all the time.

“What kind of things would a gang want a hacker for? It totally depends what the hacker can do. They can be related to fraud … to espionage or getting access to things that they shouldn’t have access to.

“And if a hacker … is well known for doing something, this gang is most likely going to take advantage of it if they do know who that person is.”

Mr Shah says bug bounties, where hackers identify security flaws and report them to companies in exchange for cash, allowed him to transition to a good job in information security.

He and his friend made almost $100,000 reporting bugs in Yahoo, Facebook and PayPal, as well as gaining industry experience.

“Most of my bugs were actually submitted to Paypal and Facebook,” he said. “That’s where I got the majority of my money from.”

“For Paypal, I found vulnerabilities which allowed me to access databases internally at Paypal … as well as their beneficiaries.

“So, Bill Me Later, which is one of their services that they acquired, I was able to access their internal databases and customer information.”

Commander McLean said the AFP would continue to work to attract the right people to boost its cyber crime unit.

“A capacity and a capability to address cyber crime has been flagged by our commissioner as a priority for our agency and we’re working hard at doing that,” he said.

-ABC