Script kiddie
|
|
In computing, a script kiddie (occasionally script bunny or script kitty) is a derogatory term for inexperienced crackers who use scripts and programs developed by others for the purpose of compromising computer accounts and files, and for launching attacks on whole computer systems (see DoS). In general, they do not have the ability to write said programs on their own. Such programs have included WinNuke applications and Back Orifice.
Script kiddies, instead of attacking an individual system, often scan thousands of computers looking for vulnerable targets before initiating an attack. The term is also often used as a derogatory moniker for individuals who do not contribute to the development of new security-related programs, especially exploits, but rather benefit from the work of others.
Script kiddies can be a potential aid to more dangerous types of crackers who can encourage and manipulate them into being more destructive.
| Contents |
Script kiddie scene
From around 1995 on, the widespread use of the Internet in the business and home computer field, and the full disclosure movement's policy of disclosing working exploitation tools has led to an enormous growth of the script kiddie scene.
Script kiddies often act out of boredom, curiosity or a desire to 'play war' on the Internet. There are many organized script kiddie groups, who often meet in anonymous chat channels such as IRC.
Script kiddies are always looking for new exploits which are unknown to the public, and hence particularly effective. Such exploits are leaked from research labs or given to script kiddies by insiders; they are then used to compromise a large number of hosts on the Internet.
One example of the work of a script kiddie was the Kournikova Worm in which millions of Microsoft Outlook users received e-mails with the prospect of viewing a picture of tennis star, Anna Kournikova, in an attachment. This virus was similar to the Love Bug, in that it sent itself to all the people in the address books of the recipients.
Not all script kiddies are bad, though; some even inform the webmaker of leaks and problems out of pure kindness, considering themselves to be knights in cyberspace. Script kiddies hate to be called script kiddies.
Typical Example
These are actual IRC logs from a conversation with a script kiddie who had used his botnet to DDoS a server several times before and was threatening to do so again. The admin of the server is 'Flanders' (the nick has been changed from the original) and the kiddie is guest2626:
00:57 <guest2626> is there a problem ? 00:57 <@Flanders> Yes 00:57 <guest2626> what 00:57 <@Flanders> You are a script kiddie. They are not allowed here. 00:57 <guest2626> mm 00:58 <guest2626> i am a cracker 00:58 <@Flanders> HAHAHAHAHA 00:58 <@Flanders> That's almost funny enough to be a joke. 00:58 <@Flanders> You find someone else's code for a bot, simply edit it, and you call yourself a cracker. 00:58 <guest2626> nop 00:58 <@Flanders> Anyone who DDoS's isn't a cracker. 00:58 <@Flanders> Crackers don't use any type of brute force method 00:58 <guest2626> this bot 00:58 <guest2626> is edited 00:59 <@Flanders> That's what I said 00:59 <guest2626> by me 00:59 <@Flanders> You edited it. 00:59 <@Flanders> You did not make it. 00:59 <@Flanders> You are no cracker. 00:59 <guest2626> i edited almost the whole botnet 00:59 <Catcher> crackers make their stuff 00:59 <guest2626> want me to get u down 00:59 <guest2626> for severals hours
He did in fact take the server down for around 10 minutes, but no serious harm was done, this time. Notice how he insists that he is a cracker. The so-called "editing" of the bot encompassed only a config.h file which included the IRC server and channel to which to connect; a very simple programming feat. This is a classic example of a script kiddie.
Other usage
The term has spread into other usage. In the world of Information Technology consulting, script kiddie is used as a disparaging term for Visual Basic programmers or HTML text writers who lack skills in a more heavyweight programming language.