IT Security Outsourced IT

Script Kiddies

What are Script Kiddies?

Script kiddies is a term that dates back to the 90s and refers to novice hackers. Not all novice hackers are referred to as script kiddies, however. Many novice hackers make efforts to educate themselves about the hacking tools and resources that they are using. In contrast, script kiddies are novice hackers with little interest in understanding what they are doing and how; they are simply opportunistic hackers who use whatever exploits are easy and accessible. Script kiddies are generally motivated by basic, personal interests in creating chaos, entertaining themselves, taking revenge, or seeking attention. Script kiddies can also be especially dangerous as they may be influenced by more sophisticated cyberattackers who coerce them in chat rooms or online forums to compromise systems that the more sophisticated cyberattackers will proceed to further exploit on their own.

Script kiddies differ from hackers in the following ways:

Experience. Script kiddies may have some programming experience, but they generally lack the ability to write exploits or scripts on their own, so they use malicious code this freely available on the internet.

Skills. Without developed hacking skills, script kiddies lean toward cyberattacks that are easy to perform and require little in the way of research and preparation.

Objectives. Script kiddies, unlike hackers, are not interested in performing a high quality cyberattack that they can take pride in. Instead, script kiddies are more likely to perform a high number of low quality cyberattacks and are more likely to have the intentions of achieving personal acclaim or trolling.

Being opportunistic cyberattackers, script kiddies are most likely to perform cyberattacks that require low skill levels but can cause significant damage. Some of the types of cyberattacks that script kiddies may perform include:

Distributed denial-of-service (DDoS). DDoS cyberattacks are malicious attempts to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of internet traffic.

Social engineering. Social engineering cyberattacks use deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

Website defacement. A website defacement cyberattack involves a cyberattacker defacing a website by changing its appearance or content. Script kiddies may be motivated to conduct a website defacement attack for various reasons including embarrassing their victim or promoting alternative views. Cyberattackers may deface a website by injecting malicious code into the website’s script, allowing them to take control of the website. Once they have taken control of the website, they can gain access privileges to the website and acquire any sensitive data.