Pin Me

I was a Script Kiddie

written by: •edited by: Bill Bunter•updated: 2/4/2011

A peek into the psyche of young hackers, a.k.a. Script Kiddies.

  • slide 1 of 1

    Young, curious and destructive...

    How did I first get into security? On the other side. I was a so called script kiddie. Script kiddies (also known as script bunnies or script running juveniles) are a subset of hacker-culture. As a general guideline they are young, unknowledgeable, curious and destructive. Unlike ‘hackers’ who attack a system for profit or personal satisfaction, script kiddies do it because they can.

    Lacking the knowledge to write their own exploit code (or understand the code written by others), they turned to pre-made tools that make exploits click-a-button easy (like the Metasploit framework). Unlike a hacker, who chooses a system then scans it for vulnerabilities and exploits them, script kiddies learn about a specific exploit then look for any site, system or server that is vulnerable to it.

    This is what makes attacks by script kiddies dangerous to small businesses. They attack randomly, so even if you think that there is no one out there who would be interested in compromising your machines, there is a whole community dedicated to searching and scanning for anything to exploit. The adolescent demographic that makes up the majority of script kiddies are searching for power - not money and certainly not a cause that they feel is worthy. Once they find power, they exercise it.

    Some more aggressive adolescents turn to bullying or physical violence, but most young hackers wouldn’t be able to commit a crime (let alone violence) in person. Attacks on systems however add a layer of separation that removes both the stigma and the fear from what they do. They see no connection between their actions on the web and the harm they can and do cause.

    So what can you do to protect yourself from the masses of untrained, unscrupulous hackers bristling to take control of your system? Firstly, create a patch management plan and update constantly. Secondly, whenever choosing an application to perform a specific task (for instance a web browser) make security a major part of that decision. There are literally hundreds of articles on Bright Hub detailing the security features of every major browser release - you would do well to read at least a few. Obviously this just scratches the surface, but the basic idea is: keep up to date. Generally vulnerabilities are discovered and eliminated within 2 weeks of their arrival, however many people won't update their systems for weeks or even months after patches arrive.

    The only way to win in this game is to stay one step ahead of the hackers and ironically this is easy to do with script kiddies. They won't dig deep into your system, they won't be persistent and they won't focus, but all you have to do is leave your computer unguarded from the latest vulnerabilities and they will be on your system in hours (if not minutes).