A person who gains illicit access
to networked computer systems
by using short programs (scripts
) which automate the process of finding vulnerable computers
and breaking into them. Because it is possible to scan many hundreds of IP addresses
in a second, and because a small but significant fraction of the hosts
on the Internet
harbor well-known security holes
, script kiddies are able to do quite well at their chosen hobby
Different script kiddies use their compromised hosts for different purposes. The most widely visible script kiddie action on a compromised host is to vandalize any Web pages it might contain. However, Web vandalism is by no means a script kiddie's only use for a system. Many use them to operate IRC bots, which help them harass other IRC users or fight for territory on IRC. Others use them as storage areas for bootleg software or other contraband files. Some run distributed denial-of-service daemons, which let the script kiddie flood other hosts off the network. Script kiddies also, of course, use well-connected hosts as stepping stones to break into other hosts.
Script kiddies are often condemned by crackers — people who discover and exploit new security holes — as immature and uncreative, as they only run scripts to attack holes others have discovered and documented; they don't do anything original. Despite their uncreativity, though, script kiddies pose a serious problem to many Internet sites. For various reasons, ranging from incompetence to understaffing to internal politics, it is not always possible for Net sites to maintain top-notch security — and those who cannot, can expect to be rooted on a regular basis.
The easiest defenses against script kiddies are to restrict the services running on your publicly exposed hosts, and to keep the daemons that run these services up to date with the latest patches from your software distributor. Since script kiddies rely on publicized, well-known security holes to do their mischief, keeping up to date with the latest fixes can cut them off. In addition, you should be running some sort of firewall to block at least the most obviously illegitimate accesses into your network.
If you are in a position where you can't preëmptively require all the exposed hosts on your network to keep up to date, you may find that running a portscan detector or other network intrusion detection system — such as the ever-popular snort — will give you some chance to catch the kiddies in the act and take measures in response.
Script kiddies are not going to go away easily. The law can catch some of them and deter some others, but it will not stop the mass of script kids from continuing to commit their crimes. For every 14-year-old "hacker wizard" the FBI catch, there are a couple hundred whom nobody has the time or resources to even chase. In the long run, everyone who participates in the Internet — from end users to large sites to ISPs to programmers and software vendors — is going to have to get a lot more security conscious if the damage due to Internet hooliganry is to be stemmed.