Script kiddie
Encyclopedia
A script kiddie or skiddie, occasionally skid, script bunny, script kitty, script-running juvenile (SRJ) or similar, is a derogatory term used to describe those who use script
Scripting language
A scripting language, script language, or extension language is a programming language that allows control of one or more applications. "Scripts" are distinct from the core code of the application, as they are usually written in a different language and are often created or at least modified by the...

s or programs developed by others to attack computer systems and networks and deface websites.

Characteristics

In a Carnegie Mellon report prepared for the U.S. Department of Defense in 2005, script kiddies are defined as
"The more immature but unfortunately often just as dangerous exploiter of security lapses on the Internet. The typical script kiddy uses existing and frequently well known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet—often randomly and with little regard or perhaps even understanding of the potentially harmful consequences.


Script kiddies have at their disposal a large number of effective, easily downloadable malicious programs capable of breaching computers and networks. Such programs have included remote denial-of-service WinNuke
WinNuke
The term WinNuke refers to a remote denial-of-service attack that affected the Microsoft Windows 95, Microsoft Windows NT and Microsoft Windows 3.1x computer operating systems. It is responsible for the famous "blue screen of death"...

, trojan
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...

s Back Orifice
Back Orifice
Back Orifice is a controversial computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location. The name is a word play on Microsoft BackOffice Server software.Back Orifice was designed with...

, NetBus
NetBus
NetBus or Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor....

, Sub7
Sub7
Sub7, or SubSeven or Sub7Server, is the name of a Remote Administration Tool program. Its name was derived by spelling NetBus backwards and swapping "ten" with "seven"....

, and ProRat, vulnerability scanner/injector Metasploit, and often software intended for legitimate security auditing. A survey of college students in 2010, supported by UK's Association of Chief Police Officers
Association of Chief Police Officers
The Association of Chief Police Officers , established in 1948, is a private limited company that leads the development of policing practice in England, Wales and Northern Ireland.ACPO provides a forum for chief police officers to share ideas and coordinates the strategic...

, indicated a high level of interest in beginning hacking: "23% of 'uni' students have hacked into IT systems [...] 32% thought hacking was 'cool' [...] 28% considered it to be easy."

Script kiddies vandalize websites both for the thrill of it and to increase their reputation among their peers. Some more malicious script kiddies have used virus toolkits to create and propagate the Anna Kournikova
Anna Kournikova (computer virus)
The Anna Kournikova computer virus was a computer virus authored by Dutch programmer Jan de Wit on February 11, 2001. It was designed to trick email users into opening a mail message purportedly containing a picture of tennis player Anna Kournikova, while actually hiding a malicious program...

 and Love Bug
ILOVEYOU
ILOVEYOU, also known as Love Letter, is a computer worm that successfully attacked tens of millions of computers in 2000 when it was sent as an attachment to a user with the text "ILOVEYOU" in the subject line. The worm arrived e-mail on and after May 4, 2000 with the simple subject of "ILOVEYOU"...

 viruses.
Script kiddies lack, or are only developing, coding skills sufficient to understand the effects and side effects of their work. As a result, they leave significant traces which lead to their detection, or directly attack companies which have detection and countermeasures already in place, or in recent cases, leave automatic crash reporting turned on.

Examples

Script kiddies are often able to exploit vulnerable systems and strike with moderate success. Some of the most infamous examples include:

Michael Calce

Calce, a.k.a. MafiaBoy
MafiaBoy
MafiaBoy was the Internet alias of C Tizzle, a high school student from West Island, Quebec, who launched a series of highly publicized denial-of-service attacks in February 2000 against large commercial websites including Yahoo!, Fifa.com, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN....

, a high school student from Montreal
Montreal
Montreal is a city in Canada. It is the largest city in the province of Quebec, the second-largest city in Canada and the seventh largest in North America...

, Canada
Canada
Canada is a North American country consisting of ten provinces and three territories. Located in the northern part of the continent, it extends from the Atlantic Ocean in the east to the Pacific Ocean in the west, and northward into the Arctic Ocean...

, was arrested in 2000 for using downloaded tools to launch a series of highly publicized denial-of-service attacks against high-profile Web sites such as Yahoo!
Yahoo!
Yahoo! Inc. is an American multinational internet corporation headquartered in Sunnyvale, California, United States. The company is perhaps best known for its web portal, search engine , Yahoo! Directory, Yahoo! Mail, Yahoo! News, Yahoo! Groups, Yahoo! Answers, advertising, online mapping ,...

, Dell
Dell
Dell, Inc. is an American multinational information technology corporation based in 1 Dell Way, Round Rock, Texas, United States, that develops, sells and supports computers and related products and services. Bearing the name of its founder, Michael Dell, the company is one of the largest...

, eBay
EBay
eBay Inc. is an American internet consumer-to-consumer corporation that manages eBay.com, an online auction and shopping website in which people and businesses buy and sell a broad variety of goods and services worldwide...

, and CNN
CNN
Cable News Network is a U.S. cable news channel founded in 1980 by Ted Turner. Upon its launch, CNN was the first channel to provide 24-hour television news coverage, and the first all-news television channel in the United States...

. The financial impact was estimated at roughly $1.2 billion in global economic damages. Calce initially denied responsibility but later pled guilty to most of the charges brought against him. His lawyer insisted his client had only run unsupervised tests to help design an improved firewall, whereas trial records indicated the youth showed no remorse and had expressed a desire to move to Italy
Italy
Italy , officially the Italian Republic languages]] under the European Charter for Regional or Minority Languages. In each of these, Italy's official name is as follows:;;;;;;;;), is a unitary parliamentary republic in South-Central Europe. To the north it borders France, Switzerland, Austria and...

 for its lax computer crime laws. The Montreal Youth Court sentenced him on September 12, 2001 to eight months of "open custody," one year of probation, restricted use of the Internet, and a small fine.

Netbus

In 1999, an unknown script kiddie used NetBus
NetBus
NetBus or Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor....

 to discredit a law student studying at the Lund University
Lund University
Lund University , located in the city of Lund in the province of Scania, Sweden, is one of northern Europe's most prestigious universities and one of Scandinavia's largest institutions for education and research, frequently ranked among the world's top 100 universities...

 in Sweden
Sweden
Sweden , officially the Kingdom of Sweden , is a Nordic country on the Scandinavian Peninsula in Northern Europe. Sweden borders with Norway and Finland and is connected to Denmark by a bridge-tunnel across the Öresund....

. Child pornography
Child pornography
Child pornography refers to images or films and, in some cases, writings depicting sexually explicit activities involving a child...

 was uploaded onto his computer from an unidentified location. He was later acquitted of charges in 2004 when it was discovered that NetBus
NetBus
NetBus or Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor....

 had been used to control his computer.

Jeffrey Lee Parson

Jeffrey Lee Parson, a.k.a. T33kid, was an 18-year-old high school student from Minnesota who was responsible for spreading a variant of the infamous Blaster computer worm
Blaster (computer worm)
The Blaster Worm was a computer worm that spread on computers running the Microsoft operating systems: Windows XP and Windows 2000, during August 2003....

. Parson only modified the original Blaster worm, already prevalent, using a hex editor
Hex editor
A hex editor is a type of computer program that allows a user to manipulate the fundamental binary data that makes up computer files. Note that computer files can be very small to very large...

 to add his screen name to the existing executable, and then attached another existing backdoor, Lithium, and posted it on his website. By making this subtle modification, the new executable was considered a variant, and authorities were able to trace the name back to him. The program was part of a DoS attack against computers using the Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 operating system. The attack took the form of a SYN flood
SYN flood
A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.-Technical details:...

 which caused only minimal damage. He was sentenced to 18 months in prison in 2005.

See also

  • Lamer
    Lamer
    Lamer is a jargon or slang name originally applied in cracker and phreaker culture to someone who did not really understand what he or she was doing. Today it is also loosely applied by IRC, BBS, and online gaming users to anyone perceived to be contemptible. In general, the term has come to...

  • Exploit (computer security)
    Exploit (computer security)
    An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic...

  • Hacker (computer security)
    Hacker (computer security)
    In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...

  • Black hat
    Black hat
    A black hat is the villain or bad guy, especially in a western movie in which such a character would stereotypically wear a black hat in contrast to the hero's white hat, especially in black and white movies....

  • List of convicted computer criminals

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK