Wikipedia

Script kiddie: Difference between revisions

Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
No edit summary
simplified lead sentence
Tags: Visual edit Mobile edit Mobile web edit
 
(572 intermediate revisions by more than 100 users not shown)
Line 1:
{{Short description|Unskilled malicious hacker}}
{{Security-Hacking}}
{{Computer hacking}}
<!--ATTENTION:Please keep this list free of random phrases or personal names. Only commonly used phrases belong here -->
 
A '''script kiddie''', '''skript kiddie''', '''skiddie''', '''kiddie''', or '''skid''' is a pejorative for an unskilled individual who uses malicious scripts or programs developed by others or [[Large_language_model|LLMs]].
A '''script kiddie''' or '''skiddie''',<ref name="Reg01"/> also ''skid'', ''script bunny'',<ref>{{cite web |url=http://www.spywareguide.com/term_show.php?id=92 |title=''Script bunny'' - definition|publisher=SpywareGuide.com}}</ref> ''script kitty'',<ref>Baldwin, Clare; Christie, Jim (July 9, 2009). [http://in.reuters.com/article/idINTRE5680CC20090709 "Cyber attacks may not have come from North Korea"]. San Francisco; Reuters.com.</ref> ''script-running juvenile (SRJ)'' or similar, is a derogatory term used to describe those who use [[scripting language|script]]s or programs developed by others to attack computer systems and networks and [[deface websites]].<ref name="zdnet">{{cite web| last=Lemos| first=Robert| date=July 12, 2000|url=http://www.zdnet.com/news/script-kiddies-the-nets-cybergangs/96163| publisher=[[ZDNet]]| title=Script kiddies: The Net's cybergangs| accessdate=2007-04-24}}</ref> It is also used to describe those who do the previous, but do not have an understanding of [[programming]] or [[computer networks]].
 
==Characteristics==
The term script kiddie was first used in 1988.<ref>{{Cite thesis |last=Arifgoğlu |first=Saliha Figen |title=Information security, privacy issues and an application |date=1988 |publisher=Middle East Technical University |type=Master's thesis }}</ref>
In a [[Carnegie Mellon]] report prepared for the [[U.S.United States Department of Defense|US Department of Defense]] in 20052000, script kiddies are defined as <blockquote>"The more immature but unfortunately often just as dangerous exploiter of security lapses on the Internet. The typical script kiddy uses existing and frequently well known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet—often randomly and with little regard or perhaps even understanding of the potentially harmful consequences.<ref>{{cite webreport|authorpublisher=Mead,[[Carnegie Nancy R.; Hough, Eric D.; Stehney, Theodore R. IIIMellon University]]|datedoi=May 16, 2006 |url=http://www.cert10.org1184/archiveR1/pdf/05tr0096583673.pdf v1|title=Security Quality Requirements Engineering (SQUARE) Methodology|author1=Mead, Nancy CMU/SEI-2005-TR-009 R.|formatauthor2=PDFHough, Eric|workauthor3=CarnegieStehney, MellonTheodore University,R.|date=31 DODOctober 2005|publisherurl=CERThttps://kilthub.orgcmu.edu/articles/journal_contribution/Security_Quality_Requirements_Engineering_SQUARE_Methodology/6583673/1}}</ref></blockquote>
 
Script kiddies typically have at least one or more effective and easily downloadable programs capable of breaching computers and networks.<ref name="zdnet">{{cite news| last=Lemos| first=Robert| date=July 12, 2000 |url=https://www.zdnet.com/article/script-kiddies-the-nets-cybergangs/ <!--http://www.zdnet.com/news/script-kiddies-the-nets-cybergangs/96163-->| work=[[ZDNet]]| title=Script kiddies: The Net's cybergangs| access-date=2007-04-24}}</ref>
Script kiddies have at their disposal a large number of effective, easily downloadable malicious programs capable of breaching computers and networks.<ref name="zdnet"/> Such programs have included remote denial-of-service [[WinNuke]],<ref>{{cite book |author=Klevinsky, T. J. ; Laliberte, Scott; Gupta, Ajay |year=2002 |url=http://books.google.com/books?id=31Kis_vaadwC&pg=PA409&lpg=PA409#v=onepage&q&f=false |title=Hack I.T.: security through penetration testing| publisher=[[Addison-Wesley]] |isbn=978-0-201-71956-7}}</ref> [[Trojan horse (computing)|trojan]]s [[Back Orifice]], [[NetBus]], [[Sub7]],<ref>{{cite web|author=Granneman, Scott |date=January 28, 2004 | url=http://www.theregister.co.uk/2004/01/28/a_visit_from_the_fbi/ |title=A Visit from the FBI - We come in peace |publisher=[[The Register]]}}</ref> and [[ProRat]], vulnerability scanner/injector [[Metasploit]],<ref>{{cite web|author=Biancuzzi, Federico |date=March 27, 2007 |url=http://www.securityfocus.com/columnists/439 |title=Metasploit 3.0 day |publisher=SecurityFocus.com}}</ref> and often software intended for legitimate security auditing. A survey of college students in 2010, supported by UK's [[Association of Chief Police Officers]], indicated a high level of interest in beginning hacking: "23% of 'uni' students have hacked into IT systems [...] 32% thought hacking was 'cool' [...] 28% considered it to be easy."<ref>{{cite web|author=Zax, David|date=September 22, 2010|url=http://www.fastcompany.com/1690541/it-security-company-fear-the-children|title=IT Security Firm: Fear Students|publisher=Fast Company}}</ref>
 
Script kiddies vandalize websites both for the thrill of it and to increase their reputation among their peers.<ref name="zdnet"/> Some more malicious script kiddies have used virus toolkits to create and propagate the [[Anna Kournikova (computer virus)|Anna Kournikova]] and [[ILOVEYOU|Love Bug]] viruses.<ref name="Reg01">{{cite web|author=Leyden, John|date=February 21, 2001|url=httphttps://www.theregister.co.uk/2001/02/21/virus_toolkits_are_skiddie_menace/|title=Virus toolkits are s'kiddie menace |publisherwebsite=[[The Register]]}}</ref>
Script kiddies lack, or are only developing, codingprogramming skills sufficient to understand the effects and side effects of their actions. As a result, they leave significant traces which lead to their detection, or directly attack companies which have detection and countermeasures already in place, or in recentsome cases, leave automatic crash reporting turned on.<ref>{{cite web|author=Taylor, Josh |date=August 26, 2010|url=httphttps://www.zdnet.com.au/article/hackers-accidentally-give-microsoft-their-code-339305548.htm?omnRef=NULL/ |title=Hackers accidentally give Microsoft their code|publisher=ZDNet.com.au|archive-url=https://web.archive.org/web/20120120160424/http://www.zdnet.com.au/hackers-accidentally-give-microsoft-their-code-339305548.htm?omnRef=NULL |archive-date=January 20, 2012 |url-status=live}}</ref><ref>{{cite web|author=Ms. Smith|date=August 28, 2010)|url=http://www.networkworld.com/community/node/65571 |title=Error Reporting Oops: Microsoft, Meter Maids and Malicious Code|work=Privacy and Security Fanatic|publisher=[[Network World]]|url-status=dead|archive-url=https://web.archive.org/web/20220816064753/https://www.csoonline.com/article/2227020/error-reporting-oops--microsoft--meter-maids-and-malicious-code.html|archive-date=August 16, 2022}}</ref>
 
Although script kiddie attacks might become increasingly more effective in the future, researchers have noted that other models, like the language model, can also be used to enhance protection against the improved script kiddie attacks. This continuous back and forth improvement suggests that the competition between cyber attackers and defenders will continue to increase.<ref>{{Citation |last1=Moskal |first1=Stephen |title=LLMs Killed the Script Kiddie: How Agents Supported by Large Language Models Change the Landscape of Network Threat Testing |date=2023-10-10 |arxiv=2310.06936 |last2=Laney |first2=Sam |last3=Hemberg |first3=Erik |last4=O'Reilly |first4=Una-May}}</ref>
==Examples==
Script kiddies are often able to exploit vulnerable systems and strike with moderate success. Some of the most infamous examples include:
<!--ATTENTION:If you're going to modify or add a name to this list as a prank, DON'T DO IT. Please consider improving Wikipedia instead of damaging it. Thank you.-->
 
===William Premore===
William Premore, a.k.a. Hex00010 or XXxxImmortalxxXX is a notable script kiddie known for his actions in the Electronik Tribulation Army. During the time he was using his monicker XXxxImmortalxxXX, Premore had participated in multiple script kiddie attacks with an ally, Jesse McGraw a.k.a. GhostExodus, who had posed as a security guard at his own job at Carrell Clinic in [[Dallas]], [[Texas]]. After this point, XXxxImmortalxxXX was taken into custody, given the option to be a Federal informant, a job that his accepted. Coming back after his arrest, Premore changed his online monicker to Hex00010 and successfully gained trust in multiple hacking organizations such as [[TeaMp0isoN]], leading to their eventual demise as he would hand his fellow members' information back to the government.
 
 
===Michael Calce===
{{main|Mafiaboy}}
Calce, a.k.a. [[MafiaBoy]], a high school student from [[Montreal]], [[Canada]], was arrested in 2000 for using downloaded tools to launch a series of highly publicized denial-of-service attacks against high-profile Web sites such as [[Yahoo!]], [[Dell]], [[eBay]], and [[CNN]]. The financial impact was estimated at roughly $1.2 billion in global economic damages. Calce initially denied responsibility but later pled guilty to most of the charges brought against him.<ref>{{Citation|newspaper=[[Wired magazine]] |first=Tony |last=Long |title=February 7, 2000: Mafiaboy's Moment|date=February 7, 2007 |url=http://www.wired.com/science/discoveries/news/2007/02/72573|accessdate=2007-03-27}}</ref> His lawyer insisted his client had only run unsupervised tests to help design an improved firewall, whereas trial records indicated the youth showed no remorse and had expressed a desire to move to [[Italy]] for its lax [[Computer crime#Applicable laws|computer crime laws]].<ref>{{Citation|newspaper=[[Wired magazine]]|title=Prison Urged for Mafiaboy|date=June 20, 2001|url=http://www.wired.com/politics/law/news/2001/06/44673|accessdate=2007-03-27}}</ref> The Montreal Youth Court sentenced him on September 12, 2001 to eight months of "open custody," one year of probation, restricted use of the Internet, and a small fine.<ref>{{cite web|publisher=[[Federal Bureau of Investigation]]|title=FBI Facts and Figure 2003 - Cyber Attacks Net Jam |url=http://www.fbi.gov/libref/factsfigure/factsfiguresapri2003.htm#cybercrimes |archiveurl=http://web.archive.org/web/20031210215217/http://www.fbi.gov/libref/factsfigure/factsfiguresapri2003.htm#cybercrimes |archivedate=2003-12-10|accessdate=2010-09-22}}</ref>
 
===Netbus===
{{main|Netbus}}
In 1999, an unknown script kiddie used [[NetBus]] to discredit a law student studying at the [[Lund University]] in [[Sweden]]. [[Child pornography]] was uploaded onto his computer from an unidentified ___location. He was later acquitted of charges in 2004 when it was discovered that [[NetBus]] had been used to control his computer.<ref>{{cite web| url=http://www.expressen.se/1.153215 | title=Offer för porrkupp |language=Swedish |first= Mikael |last=Olander |publisher= [[Expressen]]| date=November 28, 2004}} ([http://translate.google.com/translate?u=http%3A//www.expressen.se/1.153215&hl=en&langpair=auto|en&tbb=1&ie=ISO-8859-1 English Tr.])</ref><!-- this is a non-notable Myanmar blog, which quotes the Wikipedia article. Do not re-add. <ref>{{cite web| url=http://blogs.iium.edu.my/jaiz/2008/03/31/script_kiddie/ | title=All About Script Kiddie |publisher= ERM Blog| date=March 31, 2008}}</ref>-->
 
===Jeffrey Lee Parson===
{{main|Blaster (computer worm)}}
[[Jeffrey Lee Parson]], a.k.a. T33kid, was an 18-year-old high school student from Minnesota who was responsible for spreading a variant of the infamous [[Blaster (computer worm)|Blaster computer worm]]. Parson only modified the original Blaster worm, already prevalent, using a [[hex editor]] to add his screen name to the existing executable, and then attached another existing backdoor, Lithium, and posted it on his website. By making this subtle modification, the new executable was considered a variant, and authorities were able to trace the name back to him. The program was part of a DoS attack against computers using the [[Microsoft Windows]] operating system. The attack took the form of a [[SYN flood]] which caused only minimal damage. He was sentenced to 18 months in prison in 2005.<ref>{{Cite web| last=Lagorio| first=Christine| title=Prison Time For Teen Virus Guru| date=January 28, 2005|url=http://www.cbsnews.com/stories/2005/01/28/tech/main670176.shtml| publisher=[[CBS News]]| accessdate=2008-12-22}}</ref><ref>{{cite web|author=Leyden, John |date=September 1, 2003|url=http://www.theregister.co.uk/2003/09/01/parson_not_dumbest_virus_writer/ |title=Parson not dumbest virus writer ever, shock!|publisher=[[The Register]]}}</ref>
 
==See also==
* [[LamerBlack hat hacker]]
* [[Computer security]]
* [[Exploit (computer security)]]
* [[Hacker (computer security)]]
*[[Hacktivism]]
* [[white hat (computer security)|Black hat hacker]]
* [[Lamer]]
* [[List of convicted computer criminals]]
* [[Luser]]
* [[Noob]]
* [[Web shell]], a tool that script kiddies frequently use
 
==References==
{{reflist|230em}}
 
==Further reading==
* {{cite journal |author=Samuel Chng, Han Yu Lu, Ayush Kumar, David Yau |date=Mar 2022 |title=Hacker types, motivations and strategies: A comprehensive framework |url=https://www.sciencedirect.com/science/article/pii/S245195882200001X |journal=Computers in Human Behavior Reports |volume=5 |issn=2451-9588 |pages= |doi= |access-date=27 Jan 2022}}
* {{cite book | last = Tapeworm | firsttitle = 1337 h4x0r h4ndb00k | titleurl = 1337https://archive.org/details/1337h4x0rh4ndb000000tape h4x0r| h4ndb00kurl-access = registration | year = 2005 | isbn = 0-672-32727-9 | publisher = Sams Publishing |url=http://my.safaribooksonline.com/0672327279/firstchapter }}
* ''The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers'' (2005) {{ISBN|978-0471782667}}
 
==External links==
* [https://web.archive.org/web/20180721180838/http://old.honeynet.org/papers/enemy/ Honeynet.org - Know Your Enemy (Essay about script kiddies)] preserved at [[Internet Archive]]
* [https://deepminds.science/cracking-hacker-mindset/ Cracking the Hacker Mindset] {{Webarchive|url=https://web.archive.org/web/20180816063250/https://deepminds.science/cracking-hacker-mindset/ |date=2018-08-16 }}
 
{{DEFAULTSORT:Script Kiddie}}
[[Category:Hacking (computer security)]]
[[Category:ComputingHacker culture]]
[[Category:Pejorative terms for people]]
 
[[ar:أطفال السيكربت]]
[[bg:Script Kiddie]]
[[de:Skriptkiddie]]
[[es:Script kiddie]]
[[fr:Script kiddie]]
[[ko:스크립트 키디]]
[[is:Forskriftarkrakki]]
[[it:Script kiddie]]
[[nl:Scriptkiddie]]
[[ja:スクリプトキディ]]
[[pl:Script kiddie]]
[[pt:Script kiddie]]
[[ro:Haxor]]
[[ru:Скрипт-кидди]]
[[sv:Scriptkiddie]]
[[tr:Script kiddie]]
[[uk:Скрипткіді]]
[[zh:脚本小子]]
Retrieved from "https://en.wikipedia.org/wiki/Script_kiddie"