Script kiddie
From Wikipedia, the free encyclopedia
In computing, a script kiddie (occasionally script bunny, script kitty, script kiddo, "skidiot", skiddie or Victor Skill Deficiency (VSD) and even lamer) is a derogatory term for inexperienced crackers who use scripts and programs developed by others, without knowing what they are or how they work, for the purpose of compromising computer accounts and files, and for launching attacks on whole computer systems (see DoS). In general, they do not have the ability to write these kinds of programs on their own. Such programs have included WinNuke applications, Back Orifice, NetBus, Sub7, and Metasploit.
It is a common belief that many script kiddies also enjoy cracking any website they can, just to prove their "superiority" in the underground cracker community.
Script kiddies, instead of attacking an individual system, often scan thousands of computers looking for vulnerable targets before initiating an attack. This is similar to wardialing and wardriving in which the attacker isn't looking at one specific system, but instead anything that is open and looks interesting. The term is also often used as a derogatory moniker for individuals who do not contribute to the development of new security-related programs, especially exploits, but rather benefit from the work of others.
Script kiddies can be a potential aid to more dangerous types of crackers who can encourage and manipulate them into being more destructive.
The term is a reference to Linux/Unix scripts, which are small simple-to-use applications that can accomplish a specific task with little more input than the target of the attack. To some however the term expresses considerable contempt, being meant to indicate that they are immature, and only use "scripts" and programs created by other people, in an act of uninspired vandalism.
Another use of the word refers to people who use a program to perform the bulk or all of the actual programming work for them and then portray themselves (often braggartly) as advanced computer programmers. This usage overlaps considerably with the jargon term code monkey.
Contents |
[edit] Script kiddie scene
From around 1995 on, the widespread use of the Internet in the business and home computer field, and the full disclosure movement's policy of disclosing working exploitation tools has led to an enormous growth of the script kiddie scene.
It has been said that script kiddies often act out of boredom or a desire to 'play war' on the Internet. There are many organized script kiddie groups, who often meet in anonymous chat channels on IRC servers. NorthBay Crew and bay6-kr3w are examples of such script kiddie gangs.
Script kiddies often deface random sites and vulnerable targets. They misuse "Google Dorks" (search methods designed to find vulnerable machines), and attack most sites available. For example, when an easy exploit is released, in a matter of minutes, script kiddie groups join and start defacing. However, some -often the script kiddies- believe that they are often unfairly stereotyped. They say that not all script kiddies are cyber thugs that deface websites and commit other acts of online mischief.
[edit] Tactics
The characteristic approach of the script kiddie attack is to use port scanners. These programs can be given a designated IP range which identifies those systems that fall within the range. These often require little direct interaction by the script kiddie and can be executed easily. Once the systems are identified, he or she can scan the ports in an attempt to identify vulnerabilities. Then the ports are used in an attempt to connect to the computer terminal. If the attempt to connect succeeds (which is almost inevitable given the number of computer systems that can be automatically scanned), the script kiddie can upload a wide variety of viruses onto the host.
[edit] Tools
Script kiddies have at their disposal a large number of effective, easily downloadable malicious programs capable of harassing even advanced computers and networks.
[edit] Computer worms
A computer worm is not the same as a virus. A virus works by attaching itself to other programs within the targeted computer, and is therefore dependant on this program. A computer worm is more dangerous, in that it is self sufficient and does not require attachment to another program. If a worm strikes a computer network, it can be sent throughout the entire system, often without the users realizing it. The purpose of a worm varies, from sapping the targeted computer or network of bandwidth and therefore slowing performance, to deleting or encoding files. Other commands can be preprogrammed before they are released into a host.
[edit] Denial-of-service attack
A denial-of-service attack (DoS) is an attempt to shut down network activity in a target system by sapping the computer network of bandwidth. A number of distinct DoS attacks exist which pursue this goal through different means:
- A SYN flood involves sending a number of information packets to a server requesting connection and failing to respond when the server replies. The server will eventually drop connection requests if the script kiddie does not respond, but the sheer number of requests overwhelms the network. This prevents the server from responding to other legitimate attempts to connect to the server, thus slowing the whole server.
- An ICMP flood (a.k.a smurf attack) involves targeting sources on the Internet. In this attack, packets of information are sent to the host computers of a computer network. Once received, the network distributes the information packets to customer computers on the network. “Smurf attacks” target network clients by exploiting flaws in the system of the network service provider. Another form of an ICMP flood, called a ping flood, simply sends large information packets to a target computer in an attempt to overwhelm it with excessive amounts of information. To work, the script kiddie computer must have higher bandwidth than the target computer, or else the he or she will not be able to send enough information to slow the target’s computer.
- A banana attack more commonly known as a Land attack readdresses all outgoing communication back to the sender, both preventing communication and overwhelming the target computer with information.
- A 'pulsing zombie' is often carried out by a number of script kiddies. A target system is bombarded with pings in an attempt to slow the working of the network. This occurs over extended periods of time and is meant to break down server quality slowly.
- A teardrop attack exploits the way in which Internet Protocol deals with the sending of large amounts of information. According to IP, large portions of information are broken down into fragments which are sent individually and reassembled once they reach the target destination. In a teardrop attack, one of the later information fragments is corrupted, causing the target system receiving the information to crash.
- A buffer overflow attack (or buffer overrun attack) is a relatively simple form of DoS attack which seeks to overwhelm the information parameters of the target system. An example of this is sending an email message that contains attachments with more than 256 characters in the filename. Once the message is sent and opened in a computer using Netscape or Microsoft email systems, the computer crashes. The same can be done using a “From” email address of more than 256 characters.
- A reflected attack involves sending a forged email to a large list of addresses. The forged email appears to be from an unsuspecting target. When the recipients open the email and reply to it, the responses go to the email address of the target, thus flooding his or her email account and slowing the system.
[edit] Indirect programs
Other easily accessible programs offer indirect means of accessing target computers rather than simply overwhelming them with information:
- Back Orifice is a computer program that enables a script kiddie to access a target computer system and control it remotely. While this program is useful in the hands of technical support, it can be used to inflict considerable damage by a malicious hacker. It was created by a computer hacker called Sir Dystic and appeared in August 1998.
- Netbus is another program which allows a script kiddie to control Microsoft machines. It was created by Swedish programmer Carl Fredrik Neikter in 1998.
- The Metasploit Project was originally created in order to provide information about vulnerabilities in computer systems by probing systems and identifying possible points of entry. In the hands of a script kiddie, however, Metasploit can be used to identify weaknesses which he or she hopes to exploit.
[edit] Defense
A number of possibilities exist for defense against the threat of script kiddies. These malicious viruses, worms, and programs are available on the internet and can have devastating effects on unprepared systems. This means that network security is of the highest priority. The following steps are useful for system defense.
Implementing a system of worker education (or self education in dealing with personal computers) is essential for protection against malicious programs. Many of the DoS attacks, for example, require an action by the host before the program can take full effect (for example, opening an attachment). By informing knowledge workers about commonly used tactics and implementing safety protocol, the chances of a successful script kiddie attack is greatly reduced.
Firewalls are helpful in protecting a network. Firewalls attempt to provide boundaries for Internet connection in order to reduce the chance of malicious programs being uploaded onto the computer system. Firewalls require administrators capable of managing them. By controlling and monitoring network traffic, the Firewall greatly reduces the chance of a script kiddie exploiting a network without IT security realizing it.
Anti-virus software has also flooded the market in recent years. These automatically scan a computer in search of unwanted virus and automatically inform the user. These programs allow the easy deletion of unwanted programs. Often, anti-virus software scans emails automatically.
Updating the operating system on a regular basis is often important, since methods of exploiting OS weaknesses are quickly and easily found on the Internet. It is important to stay abreast of the latest software improvements.
Ensuring the security of passwords is also important to prevent unknown entry.
[edit] Famous examples
Script kiddies are often able to exploit vulnerable systems and strike with great success. The most famous examples include:
- A 15-year-old script kiddie called Mafiaboy was arrested in an upper class neighborhood in Montreal in 2000. Using downloaded DoS attacks, he struck famous websites such as Yahoo!, Dell, Inc., eBay, and CNN, causing roughly 1.7 billion dollars worth of damage. He pled guilty to 55 criminal charges and served 8 months in a youth detention center.
- In 1999, NetBus was used to discredit a law student named Magnus Eriksson studying at the University of Lund. Child pornography was uploaded onto his computer from an unidentified location. He was later acquitted of charges in 2004 when it was discovered that NetBus had been used to control his computer.
- Jeffrey Lee Parson was an 18-year-old high school student from Minnesota responsible for using the B Variant of the infamous Blaster worm. The program was part of a DoS attack against computers using the Microsoft Windows operating system. The attack took the form of a SYN flood which caused only minimal damage. He was sentenced to 18 months in prison in 2005.
[edit] Script kiddies and cracker culture
In modern cracker and Internet subcultures, script kiddies are widely considered novices or worse. For their failure or inability to create their own viruses (choosing instead to use easily available ones) they are seen as reputation seeking free-riders of the hacker community who take advantage of others’ work. They also scan large numbers of computers to find weaknesses rather than taking the time to find weaknesses in more advanced systems. The goal is typically to impress friends.[1] Portrayed as teenage technological dilettante, script kiddies are the subject of contempt among experienced crackers. In spite of this, they are feared among network administrators for their ability to scan many computer systems automatically over the course of days or weeks to find weak points. The fact that very little technical knowledge is needed to download these programs is an added threat, since nearly any individual on the Internet can obtain malicious viruses and the means to infect large numbers of computers, costing the owners up to millions of dollars in damage.
[edit] References
- ^ Michael Fitzgerald Hackers, Crackers and Script Kiddies, Oh My!: How to sort the good guys from the bad, in the Internet version of Spy vs. Spy.