DonkBoy Internet
Home of the famous
Information Archives.
Terms of use  

script kiddies pl.n.

1. [very common] The lowest form of cracker; script kiddies do mischief with scripts and programs written by others, often without understanding the exploit they are using. Used of people with limited technical expertise using easy-to-operate, pre-configured, and/or automated tools to conduct disruptive activities against networked systems. Since most of these tools are fairly well-known by the security community, the adverse impact of such actions is usually minimal. 2. People who cannot program, but who create tacky HTML pages by copying JavaScript routines from other tacky HTML pages. More generally, a script kiddie writes (or more likely cuts and pastes) code without either having or desiring to have a mental model of what the code does; someone who thinks of code as magical incantations and asks only "what do I need to type to make this happen?"

The Danger of Script Kiddies

There has often been a tendency among System Administrators to discount the danger of script kiddies, and this can be a misleading and dangerous thing to do. Script kiddies can have a much greater capability to cause problems then their skills alone would indicate.

By script kiddie I refer to people of low or almost nonexistent Unix skills who break into and crack other systems using scripts and programs that other people write and do not have the knowledge or abilities to write such scripts and exploits themselves. The term is most often used to categorize a cracker into one of two groups either the skilled system cracker or the script kiddie. In many cases it is used as a derogatory phrase and is used to show a lack of respect to the crackers skills and abilities.

Most of the time script kiddies will find their victims by using scripts that conduct automated searches and attacks. These scripts written by skilled crackers or modified by some less skilled person are traded via IRC, FTP sites, web sites and other methods and can spread through the net with lightning speed. Soon after a new exploit is discovered and a script written for it, you may find it being used to attack systems all over the world.

Using these tools even a very clueless script kiddie can find and compromise your system or one on your network. You have to find every vulnerability and they only have to find something that you have missed.

One of the hard realities of the net today is that you need to secure your machines before the first time you connect them to the net. Lance Spitzner has reported about machines that had been compromised by a script kiddie within minutes of being connected to the Internet. This effect was caused not by hoards of personal enemies just waiting for Lance to place a machine on the net where they can crack it but instead by scanning programs constantly searching the net for this weeks favorite script kiddie vulnerability.

With thousands of script kiddies who live for the next crack who needs enemies? At least if you had someone gunning for you you could have some idea of who was after you, what they could do etc. What the script kiddie lacks in skill he/she can make up in time and computing power. Each machine they crack adds to their arsenal for the next scanning attack.

I think that in many cases the process the script kiddies use in scanning for systems to crack make the attack less personal and more abstracted. It can be harder for them to identify with their victims and easier for them to do damage or destroy their target without feeling the twinges of conscious or remorse for their actions.

I have heard the argument time and time again that there is nothing wrong with cracking a machine if your motivations are pure and if you are just on a quest for knowledge. Well as a system administrator who has had a system trashed by a cracker let me state that I can not tell what motivates a cracker. All I can tell is that they have cracked my machine. So I have to treat each and every case just like they are going to trash the machine. This can waste an enormous amount of time. In my experience of being cracked I used about thirty or more hours of vacation time to recover from the crack. This time took me over a year to earn. The price in dollars may not be that high but the cost to me was not negligible. Cracking a box does it damage regardless of your motivations.

So what can you do about script kiddies and other crackers?

 

  1. minimize your system
    Turn off what you do not need to be running. This includes network daemons, set user id bits. Not running things as root that you do not need to run as root. Keep it simple and reduce the amount of things that can go wrong.
  2. Keep up to date
    Keep your patches up to date. Pay attention to security announcements. Most cracks could have been prevented by better system administration. (This includes mine)
  3. Use a firewall
    A firewall will not protect you from everything and you should not expect it to. It can help you to protect your more vulnerable machines.

For more information read:

Armoring Linux

Armoring Solaris

 

Script kiddies can greatly increase the danger of having a machine you run cracked even though their Unix skills may be very low. The multiplying factors of the scripts written by more advanced crackers and the availability of machines to attack from amplify their abilities and can make them much more dangerous that they would appear. We can discount their skills but should keep in mind that a cracked box is a cracked box no matter who has done the cracking.


Friday, January 12, 2007

GoStats stats counter
GoStats stats counter