MySecureCyberspace: Script Kiddie

Someone who relies on existing tools and programs to exploit weaknesses in computers

A script kiddie is a person who relies on existing and easy-to-find techniques and programs to attack computers on the Internet. Usually a script kiddie has no desire to learn or pre-existing knowledge of how the programs work or even their side effects. According to Wikipedia , other names occasionally used are skid, script bunny, script kitty and script-running juvenile (SRJ).

Script kiddies generally probe for existing vulnerabilities in computers, without any bias. They build up computer addresses by using simple available tools that scan a given address range. On completion, the computers are probed for vulnerabilities in operating systems and services that are running on the system. Once a vulnerable system is identified, the script kiddies attack it. As a result of the random nature of the attacks, the script kiddies leave significant traces that eventually lead to their detection.

It is generally assumed that script kiddies are juveniles who lack the programming ability of hackers, and that their main objective is either to try to impress their peers or to entertain themselves. However, a group of "technologists" such as bloggers, writers, journalists or podcasters also indulge script kiddies to get information, without having regard of the repercussions.

In the indictment of a user called "Digerati" (Justice.gov) , a 21 year-old student at the University of Pennsylvania, it's revealed that the defendant offered payment to "AKILL," an 18 year-old in New Zealand (PC World) , to help organize a revenge attack on his former hacking group. He was instructed on how to employ his malicious software on a server and combine it with software that Digerati had employed on another server. These directions led AKILL to cause a distributed denial-of-service (DDoS) attack against the group's Internet relay chat channel, which they used for internet chat and messaging. Digerati was sentenced to 90 days in jail, followed by 90 days in a halfway house, and 180 days of house arrest. He was also not allowed to use a computer "other than for work or school activities" for five years. For the same charge, AKILL was later prosecuted and "ordered to pay $9,526 in reparations for damage caused to the University of Pennsylvania and $5,000 in costs." (New Zealand Herald)

Protective Measures

Practices

Avoid responding to unknown pop-up requests from the Internet: In most cases, these requests have backdoor scripts, which the attackers use to access your system. It is therefore important to always ensure that the source of the installation is known and verified.
Frequently run software and system updates: Software vendors usually release patches and updates for known vulnerabilities in their products. A frequent update of your system will help patch any known vulnerabilities that the script kiddies may use.
Threats of prosecution and fraud checking: As script kiddies usually leave traces of their attacks, prosecution threats or fraud-checking threats using information from the firewall logs can be used to deter them

Tools

Firewall: Gaining access to your PC is usually the first step of any attack, and a firewall offers protection. Most anti-virus software and operating systems, such as Windows, have built-in firewalls that can be used as a preventive measure.

Legal Issues

In the U.S., intentional access to a protected computer without authorization is against the Computer Fraud and Abuse Act. A protected computer is defined as one "used in or affecting inter-state or foreign commerce and computers used by the federal government and financial institutions." The federal punishment for this can be a fine, jail term or both.

Ethical Issues

The actions of script kiddies are clearly unethical and are backed by laws that protect a victim's privacy and property. As a parent, periodical monitoring of your child's activities on the computer is important. If there are any suspicions, either from firewall logs or recent tools downloaded to the computer, you should talk with your child to ensure that they understand the potential harmful consequences to others and also to themselves.

References

Conviction Would Harm Hacker's Future – Judge (New Zealand Herald)
Police Raid Botmaster Blamed for 1 Million Infections (PC World)
Prosecuting Computer Crimes (PDF) (Department of Justice)
Script Kiddies (Wikipedia)
United States of America vs Ryan Goldstein aka "Digerati" (Justice.gov)