Script Kiddie - Characteristics

Characteristics

In a Carnegie Mellon report prepared for the U.S. Department of Defense in 2005, script kiddies are defined as

"The more immature but unfortunately often just as dangerous exploiter of security lapses on the Internet. The typical script kiddy uses existing and frequently well known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet—often randomly and with little regard or perhaps even understanding of the potentially harmful consequences.

Script kiddies have at their disposal a large number of effective, easily downloadable malicious programs capable of breaching computers and networks. Such programs have included remote denial-of-service WinNuke, trojans Back Orifice, NetBus, Sub7, and ProRat, vulnerability scanner/injector Metasploit, and often software intended for legitimate security auditing. A survey of college students in 2010, supported by UK's Association of Chief Police Officers, indicated a high level of interest in beginning hacking: "23% of 'uni' students have hacked into IT systems 32% thought hacking was 'cool' 28% considered it to be easy."

Script kiddies vandalize websites both for the thrill of it and to increase their reputation among their peers. Some more malicious script kiddies have used virus toolkits to create and propagate the Anna Kournikova and Love Bug viruses. Script kiddies lack, or are only developing, coding skills sufficient to understand the effects and side effects of their actions. As a result, they leave significant traces which lead to their detection, or directly attack companies which have detection and countermeasures already in place, or in recent cases, leave automatic crash reporting turned on.