Anyone can download software from the internet. These days, all it takes is someone with a computer and access to the web. There are thousands of hacking and security programs that exist online. These programs are written by skilled programmers and individual hobbyists. Many of them are free to download and use. This can be a blessing to the user who wants to learn cybersecurity. However, it can spell trouble when a script kiddie tries to use them for hacking.
What is a Script Kiddie?
A script kiddie, or “skiddie,” is someone who lacks programming knowledge and uses existing software to launch an attack. Often a script kiddie will use these programs without even knowing how they work or what they do. For example, imagine a child gets their first computer. The child watches a movie about hacking and then downloads a copy of Kali Linux. They begin playing with the various programs while searching for online tutorials. At first, they may be perceived as nothing more than an internet troll or noob, due to their lack of experience and quickness to brag and boast. Sometimes they will even resort to cyberstalking or bullying. However , this may simply be a cover for other more nefarious activity.
Hackers by Accident
The availability of free and open source software poses a significant risk for websites and networks. Programs originally intended for computer security and forensics could be used to unleash a distributed denial of service (DDoS) attack on a website or network. This could cause hundreds or even thousands of dollars in lost revenue or damage. A script kiddie can easily find vulnerabilities to access private systems using programs developed for pen-testing. If an attacker has the skill, they can either steal data or plant malware.
Social Engineering: The most common form of attack
The most serious threat a script kiddie poses is through the use of Social Engineering. A script kiddie lacks the knowledge to create software or exploit vulnerabilities. To compensate, they often turn to social engineering in order to manipulate victims into granting access or sharing information. A script kiddie has very little issues learning HTML and website development. This is because HTML and web development is easier to learn than software programming. They create a fake website or portal to trick the user into entering login credentials. This allows a script kiddie access to the system or account.
Fake emails containing malicious links can be sent to large groups or even targeted to a specific person, which is known as spear phishing. Spear phishing installs malware on to a computer without ones knowledge. The malware redirects them to a fake website used to collect sensitive data. This same method was used by Russia to hack the DNC. Vishing is similar to phishing but is done over the phone. The threat actor calls the victim and impersonates others in order to trick the user into revealing personal information or allowing access. Sometimes the attacker even calls a company the victim does business with and pretends to be the victim themselves. Bad actors can create a fake identity through social media in order to trick the victim and gain their trust.
Should you worry about Script Kiddies?
Do not make the common mistake of assume a script kiddie is a simple nuance. Do not dismiss them as unskilled amateurs or wannabes. They are not always just cyber stalkers and trolls. They can be quite formidable at causing damage despite their lack of experience. Additionally they can use social engineering techniques to manipulate users and steal data. As always, the best protection against any hacker or script kiddie still comes from knowledge, education, and proactive cybersecurity.