Friday, August 6, 2010

Hacking: Script Kiddie

Script kiddie, skiddie, script bunny, script kitty or script-running juvenile (SRJ)!

Script kiddy is a derogative term, originated by the more sophisticated crackers of computer security systems, for the more immature, but unfortunately often just as dangerous exploiter of security lapses on the Internet.

The typical script kiddy uses existing and frequently well-known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet - often randomly and with little regard or perhaps even understanding of the potentially harmful consequences.
 Hackers view script kiddies with alarm and contempt since they do nothing to advance the "art" of hacking but sometimes unleashing the wrath of authority on the entire hacker community.

While a hacker will take pride in the quality of an attack - leaving no trace of an intrusion, for example - a script kiddy may aim at quantity, seeing the number of attacks that can be mounted as a way to obtain attention and notoriety.

Script kiddies are sometimes portrayed in media as bored, lonely teenagers seeking recognition from their peers.
Script kiddies are often able to exploit vulnerable systems and strike with moderate success. 
Some of the most infamous examples include:
  • In 1999, NetBus was used to discredit a law student named Magnus Eriksson studying at the Lund University in Sweden. Child pornography was uploaded onto his computer from an unidentified location. He was later acquitted of charges in 2004 when it was discovered that NetBus had been used to control his computer.
  • Jeffrey Lee Parson, a.k.a. T33kid, was an 18-year-old high school student from Minnesota who was responsible for spreading a variant of the infamous Blaster computer worm. Parson only modified the original Blaster worm, already prevalent, using a hex editor to add his screen name to the existing executable, and then attached another existing backdoor, Lithium, and posted it on his website. By making this subtle modification, the new executable was considered a variant, and authorities were able to trace the name back to him. The program was part of a DoS attack against computers using the Microsoft Windows operating system. The attack took the form of a SYN flood which caused only minimal damage. He was sentenced to 18 months in prison in 2005. 

No comments:

Post a Comment