Script kiddie: Difference between revisions

A '''script kiddie''' or '''skiddie''',<ref name="Reg01"/>, occasionally ''script bunny'',<ref>{{cite web |url=http://www.spywareguide.com/term_show.php?id=92 |title=''Script bunny'' - definition|publisher=SpywareGuide.com}}</ref>, ''script kitty'',<ref>Baldwin, Clare; Christie, Jim (July 9, 2009). [http://in.reuters.com/article/idINTRE5680CC20090709 Cyber attacks may not have come from North Korea]. San Francisco; Reuters.com.</ref> ''script-running juvenile (SRJ)'' or similar, is a derogatory term used to describe those who use [[scripting language|script]]s or programs developed by others to attack computer systems and networks and deface websites.<ref name="zdnet">{{cite web| last=Lemos| first=Robert| date=July 12, 2000|url=http://www.zdnet.com/news/script-kiddies-the-nets-cybergangs/96163| publisher=[[ZDNet]]| title=Script kiddies: The Net's cybergangs| accessdate=2007-04-24}}</ref>

In a Carnegie Mellon report prepared for the U.S. Department of Defense in 2005, script kiddies are defined as <blockquote>"The more immature but unfortunately often just as dangerous exploiter of security lapses on the Internet. The typical script kiddy uses existing and frequently well known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet—often randomly and with little regard or perhaps even understanding of the potentially harmful consequences.<ref>{{cite web|author=Mead, Nancy R.; Hough, Eric D.; Stehney, Theodore R. III |date=2006-05-May 16, 2006 |url=http://www.cert.org/archive/pdf/05tr009.pdf |title=Security Quality Requirements Engineering (SQUARE) Methodology CMU/SEI-2005-TR-009 |format=PDF |work=Carnegie Mellon University, DOD |publisher=CERT.org}}</ref></blockquote>

Script kiddies have at their disposal a large number of effective, easily downloadable malicious programs capable of breaching computers and networks.<ref name="zdnet"/> Such programs have included remote denial-of-service [[WinNuke]],<ref>{{cite book |author=Klevinsky, T. J. ; Laliberte, Scott ; Gupta, Ajay |dateyear=2002 |url=http://books.google.com/books?id=31Kis_vaadwC&pg=PA409&lpg=PA409#v=onepage&q&f=false |title=Hack I.T.: security through penetration testing| publisher=[[Addison-Wesley]] |isbn=978-0201719567}}</ref> trojans [[Back Orifice]], [[NetBus]], [[Sub7]],<ref>{{cite web|author=Granneman, Scott |date=28 January 28, 2004 | url=http://www.theregister.co.uk/2004/01/28/a_visit_from_the_fbi/ |title=A Visit from the FBI - We come in peace |publisher=[[The Register]]}}</ref> and [[ProRat]], vulnerability scanner/injector [[Metasploit]],<ref>{{cite web|author=Biancuzzi, Federico |date=March 27, 2007 |url=http://www.securityfocus.com/columnists/439 |title=Metasploit 3.0 day |publisher=SecurityFocus.com}}</ref> and often software intended for legitimate security auditing. In a survey of college students in 2010, supported by UK's Association of Chief Police Officers, indicated a high level of interest in beginning hacking: "23% of 'uni' students have hacked into IT systems. And 32% thought hacking was 'cool.' Also, 28% considered it to be easy."<ref>{{cite web|author=Zax, David|date=September 22, 2010|url=http://www.fastcompany.com/1690541/it-security-company-fear-the-children|title=IT Security Firm: Fear Students|publisher=Fast Company}}</ref>

Script kiddies vandalize Web siteswebsites both for the thrill of it and to increase their reputation among their peers.<ref name="zdnet"/> Some, more malicious, script kiddies have used virus toolkits to create and propogatepropagate the Anna Kornikova and Love Bug viruses.<ref name="Reg01">{{cite web|author=Leyden, John|date=February 21, 2001|url=http://www.theregister.co.uk/2001/02/21/virus_toolkits_are_skiddie_menace/|title=Virus toolkits are s'kiddie menace |publisher=[[The Register]]}}</ref>

Script kiddies are often able to exploit vulnerable systems and strike with moderate success. Some of the most infamous examples include :

Calce, a.k.a. [[MafiaBoy]], Aa high school student from [[Montreal]], [[Canada]], was arrested in 2000 for using downloaded tools to launch a series of highly publicized Denial-of-Service attacks against high-profile Web sites such as [[Yahoo!]], [[Dell]], [[eBay]], and [[CNN]]. The financial damages were estimated at roughly $1.2 billion in global economic damages. Calce initially denied responsibility but later pled guilty to most of the charges brought against him.<ref>{{Citation|newspaper=[[Wired magazine]] |first=Tony |last=Long |title=February 7, 2000: Mafiaboy's Moment|year=2007 |date=February 7, 2007 |url=http://www.wired.com/science/discoveries/news/2007/02/72573|access-date=2007-03-27}}</ref> His lawyer insisted the child had only run unsupervised tests to help design an improved firewall, whereas trial records indicated the youth showed no remorse and had expressed a desire to move to [[Italy]] for its lax [[Computer crime#Applicable laws|computer crime laws]]. <ref>{{Citation|newspaper=[[Wired magazine]]|title=Prison Urged for Mafiaboy|year=2001|date=June 20, 2001-06-20|url=http://www.wired.com/politics/law/news/2001/06/44673|access-date=2007-03-27}}</ref> The Montreal Youth Court sentenced him on September 12, 2001 to eight months of "open custody," one year of probation, restricted use of the Internet, and a small fine.<ref>{{cite web|publisher=[[Federal Bureau of Investigation]]|title=FBI Facts and Figure 2003 - Cyber Attacks Net Jam |url=http://www.fbi.gov/libref/factsfigure/factsfiguresapri2003.htm#cybercrimes |accessdate=2007-03-27 |archiveurl=http://web.archive.org/web/20031210215217/http://www.fbi.gov/libref/factsfigure/factsfiguresapri2003.htm#cybercrimes |archivedate=2003-12-10|accessdate=2010-09-22}}</ref>

* [http://old.honeynet.org/papers/enemy/ Honeynet.org - Know Your Enemy (ScriptEssay Kiddieabout Essayscript kiddies)]