World Library  
Flag as Inappropriate
Email this Article

Script kiddie

Article Id: WHEBN0000027750
Reproduction Date:

Title: Script kiddie  
Author: World Heritage Encyclopedia
Language: English
Subject: Hacker (term), Timeline of computer security hacker history, Reference desk/Archives/Computing/2010 August 25, Internet slang, Leet
Publisher: World Heritage Encyclopedia

Script kiddie

In coding culture a script kiddie or skiddie[1] (also known as skid, script bunny,[2] script kitty)[3] is an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks, and deface websites. It is generally assumed that script kiddies are juveniles who lack the ability to write sophisticated coding programs or exploits on their own, and that their objective is to try to impress their friends or gain credit in computer-enthusiast communities.[4] The term is typically intended as an insult.


In a Carnegie Mellon report prepared for the U.S. Department of Defense in 2005, script kiddies are defined as
"The more immature but unfortunately often just as dangerous exploiter of security lapses on the Internet. The typical script kiddy uses existing and frequently well known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet—often randomly and with little regard or perhaps even understanding of the potentially harmful consequences.[5]

Script kiddies have at their disposal a large number of effective, easily downloadable malicious programs capable of breaching computers and networks.[4] Such programs have included remote denial-of-service WinNuke,[6] trojans Back Orifice, NetBus, Sub7,[7] and ProRat, vulnerability scanner/injector kit Metasploit,[8] and often software intended for legitimate security auditing.[9] A survey of college students in 2010, supported by UK's Association of Chief Police Officers, indicated a high level of interest in beginning hacking: "23% of 'uni' students have hacked into IT systems [...] 32% thought hacking was 'cool' [...] 28% considered it to be easy."[10]

Script kiddies vandalize websites both for the thrill of it and to increase their reputation among their peers.[4] Some more malicious script kiddies have used virus toolkits to create and propagate the Anna Kournikova and Love Bug viruses.[1] Script kiddies lack, or are only developing, coding skills sufficient to understand the effects and side effects of their actions. As a result, they leave significant traces which lead to their detection, or directly attack companies which have detection and countermeasures already in place, or in recent cases, leave automatic crash reporting turned on.[11][12]


Script kiddies are often able to exploit vulnerable systems and strike with moderate success. Some of the most infamous examples include:

Michael Calce

Calce, a.k.a. MafiaBoy, a high school student from Montreal, Canada, was arrested in 2000 for using downloaded tools to launch a series of highly publicized denial-of-service attacks against high-profile Web sites such as Yahoo!, Dell, eBay, and CNN. Calce initially denied responsibility but later pled guilty to most of the charges brought against him.[13] His lawyer insisted his client had only run unsupervised tests to help design an improved firewall, whereas trial records indicated the youth showed no remorse and had expressed a desire to move to Italy for its lax computer crime laws.[14] The Montreal Youth Court sentenced him on September 12, 2001 to eight months of "open custody," one year of probation, restricted use of the Internet, and a small fine.[15]


In 1999, a legal researcher working for Lund University in Sweden was reported to the police as having a large number of pornographic images, including child pornography, on his university computer. As a result of the charges, he lost university privileges, and due to public persecution, left the university and Sweden.[16] A computer security expert examined an image of the computer hard drive; he testified at trial that the researcher had no privileges to install software on the computer and that a remote-control software called Netbus (a script-kiddie favorite at the time) had been used to take remote control of the computer. A second program had then been installed to download the pornographic images.[17] The researcher was finally acquitted of all charges in 2004.[16]

Jeffrey Lee Parson

Jeffrey Lee Parson, a.k.a. T33kid, was an 18-year-old high school student from Minnesota who was responsible for spreading a variant of the infamous Blaster computer worm. Parson only modified the original Blaster worm, already prevalent, using a hex editor to add his screen name to the existing executable, and then attached another existing backdoor, Lithium, and posted it on his website. By making this subtle modification, the new executable was considered a variant, and authorities were all able to trace the name back to him. The program was part of a DoS attack against computers using the Microsoft Windows operating system. The attack took the form of a SYN flood which caused only minimal damage. He was sentenced to 18 months in prison in 2005.[18][19]

See also


  1. ^ a b Leyden, John (February 21, 2001). "Virus toolkits are s'kiddie menace".  
  2. ^ "Script bunny - definition". 
  3. ^ Baldwin, Clare; Christie, Jim (July 9, 2009). "Cyber attacks may not have come from North Korea". San Francisco;
  4. ^ a b c Lemos, Robert (July 12, 2000). "Script kiddies: The Net's cybergangs".  
  5. ^ Mead, Nancy R.; Hough, Eric D.; Stehney, Theodore R. III (May 16, 2006). "Security Quality Requirements Engineering (SQUARE) Methodology CMU/SEI-2005-TR-009" (PDF). Carnegie Mellon University, DOD. 
  6. ^ Klevinsky, T. J. ; Laliberte, Scott; Gupta, Ajay (2002). Hack I.T.: security through penetration testing.  
  7. ^ Granneman, Scott (January 28, 2004). "A Visit from the FBI - We come in peace".  
  8. ^ Biancuzzi, Federico (March 27, 2007). "Metasploit 3.0 day". 
  9. ^ Rodriguez, Chris; Martinez, Richard (September 2, 2012). "The Growing Hacking Threat to Websites: An Ongoing Commitment to Web Application Security". Frost & Sullivan. Retrieved November 30, 2013. 
  10. ^ Zax, David (September 22, 2010). "IT Security Firm: Fear Students". Fast Company. 
  11. ^ Taylor, Josh (August 26, 2010). "Hackers accidentally give Microsoft their code". 
  12. ^ Ms. Smith (August 28, 2010). "Error Reporting Oops: Microsoft, Meter Maids and Malicious Code". Privacy and Security Fanatic.  
  13. ^ Long, Tony (February 7, 2007), "February 7, 2000: Mafiaboy's Moment",  
  14. ^ "Prison Urged for Mafiaboy",  
  15. ^ "FBI Facts and Figure 2003 - Cyber Attacks Net Jam".  
  16. ^ a b Olander, Mikael (November 28, 2004). "Offer för porrkupp" [Victims of porn coup].   (English Tr.)
  17. ^ Olander, Mikael (November 28, 2004). "Fler oskyldiga har drabbats" [More innocent people have suffered].   (English Tr.)
  18. ^ Lagorio, Christine (January 28, 2005). "Prison Time For Teen Virus Guru".  
  19. ^ Leyden, John (September 1, 2003). "Parson not dumbest virus writer ever, shock!".  

Further reading

External links

  • - Know Your Enemy (Essay about script kiddies)
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.