What is a Script Kiddie? 

What is a script kiddie? 

A script kiddie could be considered a wannabe hacker and is usually someone who doesn’t have a lot of understanding of the technology. The term combines “script,” referring to pre-written code, and “kiddie,” implying immaturity or lack of experience. 

What is the difference between a skilled hacker and a script kiddie? 

Unlike skilled hackers who understand the intricacies of system vulnerabilities, script kiddies operate without a great deal of technical knowledge, relying on publicly available resources to put together their attacks. 

Such resources, often created by more experienced hackers, are easily accessible online. Script kiddies use them to launch attacks without understanding fully what they do. 

The motivations of script kiddies vary, but they are often rooted in a desire for recognition or entertainment. It could be seen as a form of trolling. They may seek to impress peers or gain notoriety within online communities. Some think of themselves as the rebels of the internet. This quest for attention can lead them to undertake reckless actions without considering the legal or ethical implications. 

Some hackers, on the other hand, are not intent on destruction. They’re known as “white-hat” hackers, engage in ethical hacking to identify and fix security flaws, often with authorization. Others, termed “black-hat” hackers, pursue malicious objectives for personal gain. Script kiddies typically lack a defined ethical stance. 

Which techniques do script kiddies use to attack you? 

Script kiddie attacks are often unsophisticated but can still cause significant disruption. Common types of script kiddie attacks that may affect you include the following: 

• Website defacement: Altering the appearance of a website, often to display a message. 

• DDoS: Bringing down a website or service so you can’t use it. 

• Social engineering: This attack can just be an email blast with malicious links which script kiddie can use to phish the victim.  

• Password cracking: Guessing passwords with the aim of breaking into accounts.  

How dangerous is a script kiddie? Examples of attacks 

Despite their limited expertise, script kiddies can cause considerable damage. Their unpredictability and scattergun approach can lead to outcomes like big [data leaks](https://www.malwarebytes.com/cybersecurity/basics/data-breach) or downtime for services.  

In 2014, we saw a group of script kiddies attacking both the PlayStation Network and Xbox Live. The DDoS attacks disrupted the service for millions, and the group that was dubbed “Lizard Squad” also opted for some government targets, including the UK National Crime Agency. The attacks may involve blunt force, but they can cause disruption on services around the world. Xbox Live and PlayStation Network may be huge companies but the attacks show that even big companies can be susceptible. 

Another notable script kiddie example is the 2015 breach of TalkTalk, a UK-based telecommunications company. The attack was orchestrated by a 17-year-old who exploited known vulnerabilities using readily available tools leading to the exposure of personal data belonging to thousands of customers. Another UK teenager was arrested for his alleged role in hacking into an email account which was owned by CIA director John Brennan. 

The TalkTalk attack was estimated to have cost the company £42 million, which goes to show that the attacks are far from minor. 

How to not fall a victim to phishing, social engineering and scams: 

• Keep your devices updated and use antivirus and cybersecurity software. 

• Use a browser extension to block phishing sites and malicious sites that often host infostealers.  

• Use strong passwords, passkeys and multi-factor authentication to protect your personal data. 

• Set up identity monitoring: This alerts you if your personal information is exposed on dark web and what you can do about it.  

Monitor your digital footprint to detect any suspicious activity early on.