Script kiddie: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 20:48, 6 June 2017 edit Shinra07 (talk \| contribs) 17 edits Undid revision 784163196 by 81.2.233.244 (talk) (Vandalism) ← Previous edit		Latest revision as of 15:29, 14 August 2025 edit undo Volunteer1234 (talk \| contribs) Extended confirmed users 7,557 edits simplified lead sentence Tags: Visual edit Mobile edit Mobile web edit
(237 intermediate revisions by more than 100 users not shown)
Line 1: {{Short description\|Unskilled malicious hacker}} {{Computer hacking}} ~~<!--ATTENTION:Please keep this list free of random phrases or personal names. Only commonly used phrases belong here -->~~ A '''script kiddie''', '''skript kiddie''', '''skiddie''', '''kiddie''', or '''skid''' is a pejorative for an unskilled individual who uses malicious scripts or programs developed by others or [[Large_language_model\|LLMs]]. In programming and hacking culture, a '''script kiddie''' or '''skiddie'''<ref name="Reg01"/> (other names include ''skid'' or ''script bunny'')<ref>{{cite web \|url=http://www.spywareguide.com/term_show.php?id=92 \|title=Script bunny - definition \|publisher=SpywareGuide.com}}</ref> is an [[Amateur\|unskilled]] individual (like Glove) who uses [[scripting language\|script]]s or programs developed by others to attack computer systems and networks and [[Website defacement\|deface websites]]. It is generally assumed that script kiddies are juveniles who lack the ability to write sophisticated programs or exploits on their own and that their objective is to try to impress their friends or gain credit in computer-enthusiast communities.<ref name="zdnet">{{cite web\| last=Lemos\| first=Robert\| date=July 12, 2000 \|url=http://www.zdnet.com/script-kiddies-the-nets-cybergangs-3002080125/ <!--http://www.zdnet.com/news/script-kiddies-the-nets-cybergangs/96163-->\| publisher=[[ZDNet]]\| title=Script kiddies: The Net's cybergangs\| accessdate=2007-04-24}}</ref> However, the term does not relate to the actual age of the participant. The term is generally considered to be [[pejorative]]. Glove is a script kiddie. ==Characteristics== The term script kiddie was first used in 1988.<ref>{{Cite thesis \|last=Arifgoğlu \|first=Saliha Figen \|title=Information security, privacy issues and an application \|date=1988 \|publisher=Middle East Technical University \|type=Master's thesis }}</ref> In a [[Carnegie Mellon]] report prepared for the [[~~U.S.~~United States Department of Defense\|US Department of Defense]] in ~~2005~~2000, script kiddies are defined as <blockquote>The more immature but unfortunately often just as dangerous exploiter of security lapses on the Internet. The typical script kiddy uses existing and frequently well known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet—often randomly and with little regard or perhaps even understanding of the potentially harmful consequences.<ref>{{cite ~~web~~report\|publisher=[[Carnegie Mellon University]]\|doi=10.1184/R1/6583673.v1\|title=Security Quality Requirements Engineering (SQUARE) Methodology\|author1=Mead, Nancy R. \|author2=Hough, Eric D. \|author3=Stehney, Theodore R. ~~III~~ \|date=~~May~~31 ~~16, 2006~~October 2005\|url=~~http~~https://~~www~~kilthub.~~cert~~cmu.~~org~~edu/~~archive~~articles/~~pdf~~journal_contribution/~~05tr009.pdf \|title=Security Quality Requirements Engineering (SQUARE) Methodology CMU~~Security_Quality_Requirements_Engineering_SQUARE_Methodology/~~SEI-2005-TR-009 \|format=PDF \|work=Carnegie Mellon University, DOD \|publisher=CERT.org~~6583673/1}}</ref></blockquote> Script kiddies typically have at least one or more effective and easily downloadable programs capable of breaching computers and networks.<ref name="zdnet">{{cite news\| last=Lemos\| first=Robert\| date=July 12, 2000 \|url=https://www.zdnet.com/article/script-kiddies-the-nets-cybergangs/ <!--http://www.zdnet.com/news/script-kiddies-the-nets-cybergangs/96163-->\| work=[[ZDNet]]\| title=Script kiddies: The Net's cybergangs\| access-date=2007-04-24}}</ref> Script kiddies vandalize websites both for the thrill of it and to increase their reputation among their peers.<ref name="zdnet"/> Some more malicious script kiddies have used virus toolkits to create and propagate the [[Anna Kournikova (computer virus)\|Anna Kournikova]] and [[ILOVEYOU\|Love Bug]] viruses.<ref name="Reg01">{{cite web\|author=Leyden, John\|date=February 21, 2001\|url=~~http~~https://www.theregister.co.uk/2001/02/21/virus_toolkits_are_skiddie_menace/\|title=Virus toolkits are s'kiddie menace \|~~publisher~~website=[[The Register]]}}</ref>▼ Script kiddies have at their disposal a large number of effective, easily downloadable programs capable of breaching computers and networks.<ref name="zdnet">{{cite web\| last=Lemos\| first=Robert\| date=July 12, 2000 \|url=http://www.zdnet.com/script-kiddies-the-nets-cybergangs-3002080125/ <!--http://www.zdnet.com/news/script-kiddies-the-nets-cybergangs/96163-->\| publisher=[[ZDNet]]\| title=Script kiddies: The Net's cybergangs\| accessdate=2007-04-24}}</ref> Such programs have included remote denial-of-service [[WinNuke]],<ref>{{cite book \|author1=Klevinsky, T. J. \|author2=Laliberte, Scott \|author3=Gupta, Ajay \|year=2002 \|url=https://books.google.com/books?id=31Kis_vaadwC&pg=PA409&lpg=PA409#v=onepage&q&f=false \|title=Hack I.T.: security through penetration testing\| publisher=[[Addison-Wesley]] \|isbn=978-0-201-71956-7}}</ref> [[Trojan horse (computing)\|trojan]]s, [[Back Orifice]], [[NetBus]] and [[Sub7]]<ref>{{cite web\|author=Granneman, Scott \|date=January 28, 2004 \| url=http://www.theregister.co.uk/2004/01/28/a_visit_from_the_fbi/ \|title=A Visit from the FBI - We come in peace \|publisher=[[The Register]]}}</ref> vulnerability scanner/injector kit [[Metasploit]]<ref>{{cite web\|author=Biancuzzi, Federico \|date=March 27, 2007 \|url=http://www.securityfocus.com/columnists/439 \|title=Metasploit 3.0 day \|publisher=SecurityFocus.com}}</ref> and often software intended for legitimate security auditing.<ref name="Rodriguez">{{Cite web \|url=https://www.htbridge.com/publication/the_growing_hacking_threat_to_websites.pdf \|title=The Growing Hacking Threat to Websites: An Ongoing Commitment to Web Application Security \|last1=Rodriguez \|first1=Chris \|last2=Martinez \|first2=Richard \|publisher=Frost & Sullivan \|date=September 2, 2012<!--see pdf--> \|accessdate=November 30, 2013}}</ref> Script kiddies lack, or are only developing, programming skills sufficient to understand the effects and side effects of their actions. As a result, they leave significant traces which lead to their detection, or directly attack companies which have detection and countermeasures already in place, or in ~~recent~~some cases, leave automatic crash reporting turned on.<ref>{{cite web\|author=Taylor, Josh \|date=August 26, 2010\|url=~~http~~https://www.zdnet.com~~.au~~/article/hackers-accidentally-give-microsoft-their-code~~-339305548.htm?omnRef=NULL~~/ \|title=Hackers accidentally give Microsoft their code\|publisher=ZDNet.com.au\|archive-url=https://web.archive.org/web/20120120160424/http://www.zdnet.com.au/hackers-accidentally-give-microsoft-their-code-339305548.htm?omnRef=NULL \|archive-date=January 20, 2012 \|url-status=live}}</ref><ref>{{cite web\|author=Ms. Smith\|date=August 28, 2010\|url=http://www.networkworld.com/community/node/65571 \|title=Error Reporting Oops: Microsoft, Meter Maids and Malicious Code\|work=Privacy and Security Fanatic\|publisher=[[Network World]]\|url-status=dead\|archive-url=https://web.archive.org/web/20220816064753/https://www.csoonline.com/article/2227020/error-reporting-oops--microsoft--meter-maids-and-malicious-code.html\|archive-date=August 16, 2022}}</ref>▼ Although script kiddie attacks might become increasingly more effective in the future, researchers have noted that other models, like the language model, can also be used to enhance protection against the improved script kiddie attacks. This continuous back and forth improvement suggests that the competition between cyber attackers and defenders will continue to increase.<ref>{{Citation \|last1=Moskal \|first1=Stephen \|title=LLMs Killed the Script Kiddie: How Agents Supported by Large Language Models Change the Landscape of Network Threat Testing \|date=2023-10-10 \|arxiv=2310.06936 \|last2=Laney \|first2=Sam \|last3=Hemberg \|first3=Erik \|last4=O'Reilly \|first4=Una-May}}</ref> ▲Script kiddies vandalize websites both for the thrill of it and to increase their reputation among their peers.<ref name="zdnet"/> Some more malicious script kiddies have used virus toolkits to create and propagate the [[Anna Kournikova (computer virus)\|Anna Kournikova]] and [[ILOVEYOU\|Love Bug]] viruses.<ref name="Reg01">{{cite web\|author=Leyden, John\|date=February 21, 2001\|url=http://www.theregister.co.uk/2001/02/21/virus_toolkits_are_skiddie_menace/\|title=Virus toolkits are s'kiddie menace \|publisher=[[The Register]]}}</ref> ▲Script kiddies lack, or are only developing, programming skills sufficient to understand the effects and side effects of their actions. As a result, they leave significant traces which lead to their detection, or directly attack companies which have detection and countermeasures already in place, or in recent cases, leave automatic crash reporting turned on.<ref>{{cite web\|author=Taylor, Josh \|date=August 26, 2010\|url=http://www.zdnet.com.au/hackers-accidentally-give-microsoft-their-code-339305548.htm?omnRef=NULL \|title=Hackers accidentally give Microsoft their code\|publisher=ZDNet.com.au}}</ref><ref>{{cite web\|author=Ms. Smith\|date=August 28, 2010\|url=http://www.networkworld.com/community/node/65571 \|title=Error Reporting Oops: Microsoft, Meter Maids and Malicious Code\|work=Privacy and Security Fanatic\|publisher=[[Network World]]}}</ref> ==See also== {{portal\|Computer security}}▼ * [[Black hat hacker]] ▲~~{{portal\|~~* [[Computer security}}]] * [[Exploit (computer security)]] * [[Hacker (computer security)]] [[Hacktivism]] [[Lamer]] * [[List of convicted computer criminals]] * [[Luser]] * [[Noob]] * [[Web shell]], a tool that script kiddies frequently use ==References== Line 23 ⟶ 31: ==Further reading== * {{cite journal \|author=Samuel Chng, Han Yu Lu, Ayush Kumar, David Yau \|date=Mar 2022 \|title=Hacker types, motivations and strategies: A comprehensive framework \|url=https://www.sciencedirect.com/science/article/pii/S245195882200001X \|journal=Computers in Human Behavior Reports \|volume=5 \|issn=2451-9588 \|pages= \|doi= \|access-date=27 Jan 2022}} * {{cite book \| last = Tapeworm \| title = 1337 h4x0r h4ndb00k \| url = https://archive.org/details/1337h4x0rh4ndb000000tape \| url-access = registration \| year = 2005 \| isbn = 0-672-32727-9 \| publisher = Sams Publishing \|}} * ''The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers'' (2005) {{ISBN\|978-0471782667}} ==External links== * [https://web.archive.org/web/20180721180838/http://old.honeynet.org/papers/enemy/ Honeynet.org - Know Your Enemy (Essay about script kiddies)] preserved at [[Internet Archive]] * [https://deepminds.science/cracking-hacker-mindset/ Cracking the Hacker Mindset] {{Webarchive\|url=https://web.archive.org/web/20180816063250/https://deepminds.science/cracking-hacker-mindset/ \|date=2018-08-16 }} {{DEFAULTSORT:Script Kiddie}} [[Category:Hacking (computer security)]] [[Category:~~Computing~~Hacker culture]] [[Category:Pejorative terms for people]]