What are Script Kiddies?

R. Kayne

Script kiddies are teenagers who use readily available tools written by experienced hackers to deface websites or break into computer systems, usually done for peer recognition and attention. Script kiddies have little or no personal knowledge of hacking and rely on other people’s programs or scripts, hence the name, “script kiddie.” They are not considered true hackers and are looked down upon in the hacking community as giving hackers a bad name by engaging in immature forms of vandalism.

Script kiddies deface websites or break into computer systems, usually for attention.
Script kiddies deface websites or break into computer systems, usually for attention.

A popular pastime for script kiddies involves gaining access to website administration privileges in order to “tag” sites with electronic graffiti for bragging rights. This practice of vandalism is known as “Web cracking.” Bored teens build reputations among friends by tagging tens or even hundreds of sites.

Jail time is one possible consequence for cyber-vandalism and DDoS attacks.
Jail time is one possible consequence for cyber-vandalism and DDoS attacks.

In addition to website defacement, script kiddies also use hacking tools to compromise remote computers. The process begins by using automated programs that scan computers connected to the Internet, looking for specific exploits. Once vulnerable targets are identified, other tools are used to penetrate the targets. If the target is a computer that is part of a private network, the entire network becomes compromised.

Script kiddies use hacker tools to compromise remote computers.
Script kiddies use hacker tools to compromise remote computers.

The next step involves installing “rootkits” on the targeted systems so that the remote computers can be used without the owners’ knowledge. Each compromised computer becomes a “drone” or “zombie computer.” Multiple zombie computers form a “botnet.” The remote operator can upload Trojans or viruses to the botnet, corrupt the computers, steal personal information including credit card numbers and passwords, erase entire hard drives, or just sit back and silently surveil.

Script kiddies commonly compete against each other to see who can build the largest botnet. Since zombie computers can be used to search for new vulnerable computers, botnets can build exponentially into very large networks consisting of hundreds, thousands, or hundreds of thousands of compromised computers. A script kiddie can issue a command to a botnet to carry out operations in the background while innocent users go about their business, completely unaware their computers are being used. With such power, script kiddies can bring down large commercial websites by launching Distributed Denial of Service (DDoS) attacks. A website is bombarded with repetitive requests from compromised computers in a botnet until the server becomes overloaded and crashes.

While cyber-vandalism and DDoS attacks might seem like fun to bored teenagers, these acts are criminal and can land a script kiddie in jail. Canadian teen Mike Calce caused a reported $1.7 million US Dollars (USD) in damages in February 2000 when the then 15-year-old launched DDoS attacks on CNN, eBay, Dell, Inc., E*TRADE, Yahoo! and Amazon. The Federal Bureau of Investigation followed router logs which eventually pointed to the teen's Internet service provider, located in Montreal, Canada. Canadian police placed a wiretap on the suspect's phone and after two months of surveillance, affected an arrest. Calce eventually pleaded guilty to 55 counts and was sentenced to eight months in a detention center, received a year of probation, and was ordered to pay a fine.

Unfortunately, script kiddies aren’t the only ones subject to arrest. Their illegal activities will map back to the compromised computers, implicating innocent owners. This can potentially result in an unannounced knock at the door by authorities and legal seizure of your computer, not to mention arrest (no matter how brief). In one reported case a man was taken into custody when child pornography was found on his computer, only to be released when it was discovered that the files had been uploaded there without his knowledge by a remote operator.

Legal problems, fraud, and the threat of identity theft aside, at the very least having your computer compromised by script kiddies can mean having to reformat the drive and rebuild the system. With the average computer boasting storage of one hundred gigabytes or more, this is no small feat. If the system isn’t backed up, rebuilding it from scratch can take days, weeks or even months, and it can also mean losing valuable data. Compromised networks have it even worse.

Because teenagers lack maturity, many script kiddies fail to realize the often-serious implications of their actions. Guarding against rootkits and keeping security software current will reduce the risk of being targeted by script kiddies.

Bored teens build reputations among friends by tagging hundreds of websites.
Bored teens build reputations among friends by tagging hundreds of websites.

You might also Like

Discussion Comments


@malmal: Scripts don't kill people, people kill people.


This is an interesting conversation! @Malmal and hanley79, your posts here made me think of something a bit scary: what if the elite hackers are making and distributing rootkits on purpose, knowing some script kiddy will download and use them, to keep anybody from catching on to their own trails? Like the script kiddies are a good cover, and if governments waste their time tracking these teens who have no scripting kills down, they won't catch the hackers? Just food for thought; has anybody ever found anything that mentioned this in the news or something?


@malmal: I'd imagine the source of the rootkits is impossible to track down, so they're punishing the script kiddies if they catch them to discourage use of the rootkits. If they can't control the rootkits, making people afraid to use them is about all they can do. Personally, when it comes down to script kiddies vs. elite hackers, the hackers are way more of a concern to me since they write their own code. They're probably the ones writing the rootkits for the script kiddies, actually! That would explain why elite hackers are so good at hiding their trails, too, which is why the script kiddies get caught and the elite hackers usually don't.


Hmm...when you consider the fact that script kiddies can't actually program any hacking code of their own, isn't it really the fault of the people who write and post these scripts for making such hacking tools so conveniently available for script kiddies to use? Especially considering the fact that the majority of script kiddies are teenagers (there are always exceptions), it seems like the experienced coders who create rootkits and such are the "root" of the problem (pun intended!) Does anybody try to trace back further than the script kiddies, or do they just prosecute them because they caught somebody?

Post your comments
Forgot password?