A SCRIPT KIDDIE, also known as a script kiddy, skiddie or skid, is a derogatory term for programmers with limited technical proficiency. In practice, these would-be hackers are hobbyists who know enough to dangerous, implementing well-known techniques, open source libraries, and programs written by experienced hackers for a litany of threats. These could range from distributed denial of service (DDoS) attacks to the defacing of websites and other forms of cyber vandalism.
But never underestimate the power of beginner’s luck! A script kiddie may hold little experience in cracking advanced security systems or be thought of as nothing more than an Internet troll or simple nuance. The truth, however, is that they can be rather formidable and cause a great deal of damage for the average Internet user. In the year 2000, for example, a Canadian teenager with the screenname of Mafiaboy was responsible for a number of notable hacks, including the DDoS attacks on the Amazon, CNN, Dell, E-Trade, eBay and Yahoo websites. Mafiaboy, whose real name is Michael Calce, wound up being charged with fifty (50) crimes and sentenced to eight months in a youth detention center.
Today, Calce is a reputable security consultant who helps companies protect their online assets. We covered this phenomenon in our article on Blackhat Turned Good? Why the Dark Side Makes For Good Ethical Hacking.
The Script Kiddie in Popular Culture
In modern media, script kiddies are typically portrayed as bored and lonely juveniles. Possessing a knack for all things technical, they begin vandalizing websites and other software systems for cheap thrills: To impress their friends, who are also aspiring hackers, or to gain some form of notoriety in the black hat communities. The criminal-minded script kiddie, on the other hand, may set his cap for world conquest. Fraud, theft and blackmail are each on the table as they seek the ultimate satisfaction of money and power.
The catch, however, is that a script kiddie is not a professional hacker by any stretch of the imagination. In a tragic (albeit comical) ending, their lack of programming expertise usually translates to them leaving behind significant clues and remnants of their intrusion. This, of course, leads to them being caught and often hilarious explanations for why they did what they did. The god complex of hacking isn’t just reserved for the adept: There are thousands of fallen angels who, too, wanted a shot at the throne!
How They Do It
The arsenal of a script kiddie is comprised of effective, easy-to-use libraries and scripts. With little knowledge of their inter working, or the extent of danger they might actually cause, a script kiddie will then pick a random target (usual a web server) that’s connected to the Internet.
From here, they follow a simple process.
They gather a list of IP addresses that are active and reachable, and store these in a database.
They scan these addresses to identify a security flaw in an application, web site, or operating system.
They gain access to a system and take control.
Once inside, they can either choose to steal data or install a malware package from their arsenal of exploits. Like anyone snooping in unauthorized areas, the script kiddie wants to mask their presence but often lacks the ability to do so efficiently. They attempt to cover their tracks by clearing log files, edits and replacing system files, but are usually unsuccessful at this stage of the exploit. Still, they manage to wreak havoc by scanning and exploiting nearby and connected systems, or by leveling as much damage as possible to the one they have gained access to.