Script Kiddie

Information about Script Kiddie

In hacker culture, a script kiddie (occasionally script bunny, skidie, script kitty, script-running juvenile (SRJ), or similar) is a derogatory term used for an inexperienced malicious cracker who uses programs developed by others to attack computer systems, and deface websites. It is generally assumed that script kiddies are kids who lack the ability to write sophisticated hacking programs on their own,^[1] and that their objective is to try to impress their friends or gain credit in underground cracker communities.^[1]

Script kiddie scene

In modern cracker and Internet subcultures, script kiddies are widely considered novices, who seek reputation by free-riding on the work of the hacker community. The goal is typically to impress friends.^[2] Portrayed as teenage technological dilettantes, script kiddies are the subject of contempt among experienced hackers. In spite of this, they are feared among network administrators for their ability to scan many computer systems automatically over the course of days or weeks to find weak points.^[3] The fact that very little technical knowledge is needed to download these programs is an added threat, since nearly any individual on the Internet can obtain malicious viruses and the means to infect large numbers of computers, costing the owners millions of dollars in damage.

Tactics

Script kiddies often scan thousands of computers looking for vulnerable targets before initiating an attack. This is similar to wardialing and wardriving in which the attacker isn't looking at one specific system, but instead anything that is open and looks interesting.

Script kiddies often deface random sites and vulnerable targets. They misuse "Google Dorks" (search methods designed to find vulnerable machines), and attack most sites available. For example, when an easy exploit is released, in a matter of minutes, script kiddie groups join and start defacing.

Tools

Script kiddies have at their disposal a large number of effective, easily downloadable malicious programs capable of harassing even advanced computers and networks.^[1] Such programs have included WinNuke applications, Back Orifice, NetBus, Sub7, Metasploit, ProRat and any auditing program as well.

Another simple means of attack is a computer worm. These are spread through e-mails, and once opened, it can be automatically sent throughout the entire system, often without the users realizing it. The purpose of a worm varies, from sapping the targeted computer or network of bandwidth and therefore slowing performance, to deleting or encoding files. Other commands can be preprogrammed before they are released into a host.

In a denial-of-service attack (DoS), the attacker tries to shut down network activity in a target system by sapping the computer network of bandwidth or other resources. A number of distinct DoS attacks have been created which pursue this goal through different means, such as SYN flood, ICMP flood (a.k.a smurf attack) and ping floods. If the server gets overwhelmed with excessive amounts of information, it will stop responding, and may require a restart.

Famous examples

Script kiddies are often able to exploit vulnerable systems and strike with great success. The most famous examples include:

A 15-year-old script kiddie called MafiaBoy was arrested in an upper class neighborhood in Montreal in 2000. Using downloaded tools to begin DoS attacks, he struck famous websites such as Yahoo!, Dell, Inc., eBay, and CNN, causing roughly $7.5 million worth of damage. He pleaded guilty to 55 criminal charges and served 8 months in a youth detention center.
In 1999, NetBus was used to discredit a law student named Magnus Eriksson studying at the University of Lund. Child pornography was uploaded onto his computer from an unidentified location. He was later acquitted of charges in 2004 when it was discovered that NetBus had been used to control his computer.
Jeffrey Lee Parson, an 18-year-old high school student from Minnesota was responsible for using the B variant of the infamous Blaster worm. The program was part of a DoS attack against computers using the Microsoft Windows operating system. The attack took the form of a SYN flood which caused only minimal damage. He was sentenced to 18 months in prison in 2005.

References

1. ^ Lemos, Robert. Script kiddies: The Net's cybergangs Retrieved on 24 April 2007.
2. ^ Michael Fitzgerald ''Hackers, Hackers and Script Kiddies, Oh My!: How to sort the good guys from the bad, in the Internet version of Spy vs. Spy.
3. ^ Honeynet Project Know Your Enemy. Retrieved on 24 April 2007.

Related Books

tapeworm, tapeworm (2005). 1337 h4x0r h4ndb00k. Sams Publishing. ISBN 0672327279.

External links

hacker is a person who follows a spirit of playful cleverness and enjoys programming. The context of academic hackers forms a voluntary subculture termed the academic hacking culture.
..... Click the link for more information.

A black hat is a person who compromises the security of a computer system without permission from an authorized party, typically with malicious intent. The term white hat is used for a person who is ethically opposed to the abuse of computer systems, but is frequently no less
..... Click the link for more information.

computer is a machine which manipulates data according to a list of instructions.

Computers take numerous physical forms. The first devices that resemble modern computers date to the mid-20th century (around 1940 - 1941), although the computer concept and various machines
..... Click the link for more information.

A website defacement is when a Defacer breaks into a web server and alters the hosted website or creates one of his own.

A message is often left on the webpage stating his or her pseudonym and the output from "uname -a" and the "id" command along with "shout outs" to his or
..... Click the link for more information.

For dilettante see:

Dilettante Society

..... Click the link for more information.

Overview

The terms network administrator, network specialist and network analyst designate job positions of engineers involved in computer networks, the people who carry out network administration.
..... Click the link for more information.

War dialing or wardialing is a method of automatically scanning telephone numbers using a modem, usually dialing every telephone number in a local area to find where computers or fax machines are available, then attempting to access them by guessing passwords.
..... Click the link for more information.

Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle using a Wi-Fi-equipped computer, such as a laptop or a PDA. It is similar to using a radio scanner, or to the ham radio practice of DXing.
..... Click the link for more information.

An exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).
..... Click the link for more information.

The term WinNuke refers to a remote denial-of-service attack (DoS) that affected the Microsoft Windows 95, Microsoft Windows NT and Microsoft Windows 3.1x computer operating systems.
..... Click the link for more information.

Back Orifice (often shortened to BO) is a controversial computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location.
..... Click the link for more information.

NetBus or Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor.
..... Click the link for more information.

Sub7, or SubSeven, is the name of a popular backdoor program. It is mainly used by script kiddies for causing mischief, such as hiding the computer cursor, changing system settings or loading up pornographic websites.
..... Click the link for more information.

Metasploit Project is an open source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
..... Click the link for more information.

ProRat is a Microsoft Windows based backdoor trojan horse, more commonly known to the Hacker community as a RAT (Remote Administration Tool). As with other trojan horses it uses a client and server.
..... Click the link for more information.

A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program.
..... Click the link for more information.

Bandwidth is the difference between the upper and lower cutoff frequencies of, for example, a filter, a communication channel, or a signal spectrum, and is typically measured in hertz.
..... Click the link for more information.

"DoS" redirects here. For other uses, see DOS (disambiguation).

A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users.
..... Click the link for more information.

A resource, or system resource, is any physical or virtual component of limited availability within a computer system. Every device connected to a computer system is a resource. Every internal system component is a resource.
..... Click the link for more information.

SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system.

When a client attempts to start a TCP connection to a server, the client and server exchange a series of messages which normally runs
..... Click the link for more information.

For other uses, see Smurf (disambiguation).

The smurf attack is a way of generating a lot of computer network traffic to a victim site. That is, it is a type of denial-of-service attack.
..... Click the link for more information.

A ping flood is a simple Denial of service attack where the attacker overwhelms the victim with ICMP Echo Request (ping) packets. It only succeeds if the attacker has more bandwidth than the victim (for instance an attacker with a DSL line and the victim on a dial-up modem).
..... Click the link for more information.

MafiaBoy was the Internet alias of a high school student from the upscale area of the West Island in Montreal, Canada who launched a series of highly publicized script kiddie denial-of-service attacks in February 2000 against large commercial websites including Yahoo!, Amazon.
..... Click the link for more information.

Yahoo! Inc.

Public (NASDAQ: YHOO )
Founded Santa Clara, California
(March 1, 1995)
Headquarters 701 First Avenue
Sunnyvale, California, USA

Key people Jerry Yang, CEO, Chief Yahoo! and Co-founder
David Filo, Chief Yahoo! and Co-founder
..... Click the link for more information.

Dell, Incorporated

Public (NASDAQ: DELL SEHK: 4331 )
Founded Austin, Texas (November 4,1984) (as "PC's Limited")
Headquarters Round Rock, Texas, United States of America

Key people Michael Dell, Founder and CEO
Don Carty, CFO
..... Click the link for more information.

eBay Inc.

Public (NASDAQ: EBAY )
Founded San Jose, California, USA (September 3, 1995)
Headquarters San Jose, California, USA

Key people Meg Whitman, CEO & President
Pierre Omidyar, Founder and Chairman
John Donahoe, Chief of eBay Marketplace
..... Click the link for more information.

Availability
Satellite
DirecTV Channel 202 (SD/HD)
Dish Network Channel 200
Cable
Available on all cable systems Channels vary Cable News Network, commonly referred to by its acronym CNN
..... Click the link for more information.

youth detention center, also known as juvenile hall, is a prison for people from the age of responsibility, which varies by jurisdiction, to the age of majority, which also varies by jurisdiction.
..... Click the link for more information.

Lund University (Swedish: Lunds universitet), located in Lund in southernmost Sweden, is one of Sweden's most prestigious universities^[2] and Scandinavia's largest institution for education and research^[3]
..... Click the link for more information.

This article is copied from an article on Wikipedia.org - the free encyclopedia created and edited by online user community. The text was not checked or edited by anyone on our staff. Although the vast majority of the wikipedia encyclopedia articles provide accurate and timely information please do not assume the accuracy of any particular article. This article is distributed under the terms of GNU Free Documentation License.

Herod_Archelaus

iPedia Free Information Center