Site icon Rivet

What is a script kiddie?


Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of internet security weaknesses. Script kiddies aren’t interested in learning and understanding the exploits they use, instead using what is easy to find and available.

What are the characteristics of a script kiddie?

The typical script kiddie uses existing, well-known techniques, programs and scripts to find and exploit weaknesses in internet-connected computers. Their attacks are random and with little understanding of the tools they are using, how they work and the harm they cause.

Script kiddies are typically motivated by simple, personal reasons — to have fun, create chaos, seek attention or take revenge.

 script kiddies can do major damage. As a result, they can unleash the wrath of security authorities on the entire hacker community. The media often portrays script kiddies as bored teenage loners seeking recognition from their peers.

What is the origin of script kiddie?

The term script kiddie first appeared in hacker zines, blogs, message boards and Internet Relay Chat in the mid-1990s. It was used to describe people who downloaded a tool without knowing or caring how it worked.

The exact origin of the term is unknown. Some early uses of script kiddie and related terms include the following:

More recently, the term was used in several episodes of the television series Mr. Robot.

What is the difference between a hacker vs. a script kiddie?

Hackers and script kiddies differ in three areas:

  1. Level of experience. Script kiddies are less experienced with cybersecurity exploits than real hackers. They generally cannot write exploits or scripts on their own, so they use programs written by other people and found on the internet.
  2. Skills. Script kiddies have less developed hacking skills than more advanced, well-organized threat actors. As a result, they often use attacks that are easier to perform. They may prepare less for an attack, doing little research before launching it. They are also more likely to give up if their easy exploit doesn’t work in the first few tries. Experienced hackers have the programming and computer networking knowledge to adapt their attacks to dynamic internet security defenses. They can interpret a situation and adapt to new scenarios.
  3. Intent. Script kiddies are more likely to perform exploits for personal acclaim or to troll. They don’t always understand the tools they use and pay less attention to the consequences of hacking. A hacker will take pride in the quality of an attack, such as leaving no trace of an intrusion, for example. Most experienced threat attackers understand the consequences and ethics of what they do. By comparison, a script kiddie often focuses on quantity, seeing the number of attacks that can be mounted to get attention and notoriety.

There’s an added level of complexity to what hackers do compared to script kiddies. Because of that, there are many different types of hackers, and they are categorized based on intent.

For example, ethical hackers seek vulnerabilities and perform exploits where they know it is legal to do so. They often work as penetration testers, who are information security professionals paid to test an organization’s network and computer systems for vulnerabilities.

Script kiddies don’t fit in hacker categories because they lack the skills, experience and general competence.

Examples of script kiddies

Script kiddies are not talented hackers, but they are still capable of performing exploits with powerful consequences. Some examples of low-skill but potentially detrimental exploits that script kiddies might pull off include the following:

Real-world script kiddie attacks include the following:

The bottom line: Script kiddies are unskilled but dangerous

A script kiddie is considered a bad thing to be in the hacker community. They are often less skilled, experienced and knowledgeable than true hackers.

Exit mobile version