Slashdot Mirror
A Peek At Script Kiddie Culture
Brian Bruns writes "NewsForge is covering an article on the Script Kiddie Culture, in an interview with my co-admin Andrew Kirch. It provides insight into a culture that not many people fully understand, or get to see."
Search, copy, paste.
Woho! Im leet!
Are people looking for some Gibson-esque secret cabal of script kiddies, who are building operating systems at age 8, can speak in hex, and have secret h4X0r access to everywhere?
I think people watch too many movies. Or is defining 'script kiddies' as a culture an attempt to rationalize the level of ignorance we experience when trying to comprehend all of computing technology? Since nobody can be good at everything, is it a mental safety valve to create uber-computer users, who 'get it', who can do 'cool things', who are 'in the know'? Isn't this the same thing as creating Gods to explain otherwise unknown natural phenomena?
I want to delete my account but Slashdot doesn't allow it.
The most amusing implications are:
a) Its a culture.
b) Someone would actually want to see it.
10 years ago I did the script kid thing for a bit (before having a life). Its a bunch of kids who's parents are not really involved in their lives, and have nothing better to do than look for a digital mate by typing "A/S/L?!?!??! and talking about their privates.
I could seriously care less.
where they mention that "no one wants to download grsecurity" or "tru64 is where it's at" or "some kiddies target Solaris and Irix because that usually means a big pipe".
Try a little reading comprehension first.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
From what I understand of script kiddies they mostly do stuff from sheer boredom (what ever happened to the good ole outdoors?) and for the extra pseudo attention they get from it. Surely by attempting to interview and do articles on this 'culture' they are just pandering to the desires of these script kiddies. And rather than helping them to realise that they need to grow up etc, the extra attention is only going to make them have a greater desire to wreak havock with their 'leet skills'
If at first you DON'T succeed, Skydiving is NOT for YOU!!
I think I have a comparison to sum this up.
Script Kiddies is as much a Culture as 1337 5p34k is a Language.
Buy Steampunk Clothing Online!
Like "terrorists," "script kiddies" and other "h4x0r" types just do this sort of shit for the notority and publicity. Unlike terrorists, they have no real goal. Therefor, once the publicity, which creates a justification for the activity, disapears the activity will become unprofitable in the sense that fame is a comodity which is worth something.
It'd be better just to ignore the little fuckers until they grow up and go away. At least, that is how it seems from where I sit.
Holy Crap!!!
You mean that stupid/lazy *PEOPLE* are the weak link in most security systems?!?! I am SHOCKED!
Everyone please take the time to configure your gateways to drop outgoing packets with spoofed source addresses. This doesn't take long and potentially saves everyone else a ton of grief. Logging these funny packets is also a good way to tell if a machine on your network has been compromised.
...is that some of these kiddies seem to strive to bring down the one thing that gives them any sense of purpose.
Like the attacks on the root servers, well done, bring the domain name system down, now update your hosts file by hand when you want to visit a website/chat on irc to your mates about how 31337 you are.
I am NaN
...the interviewed party sounds like he's making things up as he goes along for greater exposure and interest. There is nothing there that jumps out to me and says "liar", but at the same time, I think that the interviewee might have been, er thinking about this topic too much and might be blowing things out of proportion just a little bit.
Do people on IRC attack conference line services? Oh yes, I've seen it being done several times, and FoF is something of a wheel in this scene. Are said hijacked conference lines used for neferious purposes? I'm sure once in a while, but really they are mostly used for the purposes of socialization... same as has been the case with phreaking the past.
What do people do the first time they phreak? They call a faraway place and talk to someone just because it is neat to talk to someone in England, or Fiji or somewhere far away without cost.
What is the primary use of these phreak'd conference lines? Socialization, a way for people who are geographically distant who have got to know each other on IRC to talk to each other without cost. Believe you me, the content of these conversations is far more likely to contain dreary e/n stuff rather than Plots To Take Over The World.
The intimation that this culture could somehow be for sale to nefarious people and powers is frankly outrageous and hysterical at the very same time.
-- benton.
I know this is just asking to get flamed, but if these kids had some proper motivation and direction, they could probably do some pretty impressive stuff.
I know script kiddies are the bottom feeders of the hacker/cracker world, but most are still very young. But they obviously have enough technical knowledge to cause alot of trouble, and channeled in the right direction they could probably grow up to be fairly proficient developers and really become an asset to the tech community.
But then maybe I'm just being naive and optimistic.
ce n'est pas un Sig.
In Blair's UK, the scripts kid you
"If you think nobody cares if you're alive, try missing a couple of car payments." Earl Wilson
I'm betting that the kiddies play a role, in much the same way the messenger does for the author of the letter.
And like the messenger, they are more likely to get shot by the good guys when the let a hack loose into the wild.
Could it be that a few black (and possibly white) hatters find that they serve a purpose?
You are checking your backups, aren't you?
Wonderful. Now the vandals have a culture. Charming. Let's next do an article on the graffiti "artists" who spraypainted my brother's garage. How about the spamming "free speech activists?" Or the good souls at NAMBLA?
Vandalism is vandalism, and crime is crime, no matter how you dress it up. Criminals have a long history of pretending to walk to the beat of a different drummer, being misunderstood, put-down, trod on, etc.; but at the end of the day, they're just fucking criminals looking for a scapegoat instead of taking responsibility for their crimes.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
Kids do all sorts of anti-social stuff, but, even when they're mostly minding their own business, they get pissed on. I love it how everyone expects *teenagers* to spend their free time caring for puppies and the homeless.
Here in a decent-sized city in the (yay) midwest, the evening activities available to those under eighteen are: bowling, cruising, wandering the streets aimlessly, and, ummm, well that's pretty much it.
Everything in town closes at 9:00. *Public* parks close. There's a constant crackdown on 'cruising' for some reason. There's an 11:00 curfew for everyone under-18.
So, the choices for a kid growing up around here are: 'sit in your room all evening with your computer' or 'break some sort of law'. Apparently, now our fearless leaders have found a way to make 'sitting in your room' against the law as if they would rather these kids be roaming the streets vandalizing cars and buildings. Great.
At least, this way, they are actually learning some things about computers and causing *very* little damage in the process. I think we all need to be a little more realistic: kids cost money and destroy things. The fact that *the internet* isn't a little more kid-proof should be of more concern to everyone than the slightly-less-than-moral decisions made by a bunch of teenagers.
"I assumed blithely that there were no elves out there in the darkness"
They could have just called the FBI first. I think a nice frendly chat first works better for all parties, don't you?
the only thing I did find sad about the article is that no one cared about them much... just like "oh let's just throw them all in jail, they are dumbfucks anyways!"... it's a kinda sad state of affairs, instead of thinking on how to divert their attention to something more useful and perhaps trying to help them with getting a social life... my posts are useless... hehe
Joe Average needs tax dollars spent ensuring the welfare of our society, not the welfare of Bob Businessman's T3 lines so profit margins remain high.
Generally I agree, except...
Bob Businessman is Joe Average's boss's boss's boss. When his T-3 line for the site that sells whatever widgets Joe Average is putting together gets sucked dry, it costs the company money. Six months later, when they have a shareholder meeting coming up, that expensive worm might cost Joe Average his job in a layoff.
It's important to recognize that the resources needed by some people aren't the resources needed by everyone. But by the same token, it's also useful to recognize when the resources sucked up by one abuse end up costing others important resources down the line.
Don't you wish your girlfriend was a geek like me?
That's not always how your boss will see it :(
Look, if you're not going to discipline your kid, don't be surprised if he learns the hard way. It's not like the guy even hit the kid, he just put a bit of realism into the kid's vandalism spree. It's a sad world when parents defend their kids' vandalism.
That poor admin can call his ISP... but there's really not much the ISP can do from their side of the line.
Sniff the garbage, analyze it, block IPs somewhere upstream. Worst case, if the zombies are randomly spoofing IP addresses you could still trace them back hop by hop. A giant pain in the ass, but possible. Steve Gibson has a great article about dealing with a DDoSing script kiddie.
I know plenty of people here can come up with a long list of things our government wastes money on. Furthermore I'll bet'cha we can get over half those involved in the discussion to agree to the slashing of this or that. What say ye pantheon of knowledge?
Unfortunately...
The liberal voters here will say that the tax cuts for millionaires are what we should get rid of.
The conservative voters will say that services for the poor (welfare, etc) are what we should get rid of.
Neither side will agree with the other.
Twenties Retirement
This is a Newsforge article. It's part of OSDN, just like Slashdot. In other words, the chance of Newsforge getting slashdotted is only slightly better than the chance of Slashdot being slashdotted.
Kow know I feel pretty strong as I am giving up mod point to reply but.... NO.
Think of all the good things that upstream useage is for. Just running a small game server/hosting Multiplayer for a weekend will pretty kill a 512k line. To say nothing of SSH to the box at home, VNC/Xterm/Terminal Services, (legit or grey) file sharing. The real challeng is making your border routers work for you. Not cheap but it will pay off in the end.
The only reason I can see ISP's wanting to cut upload is control or power. I get the felling that as far as comcast/verizon/other big telecom are concerned we are consumers and the only reason we need more bandwith is to consume more not produce content on our own.
Having said that I think that in the next 3-5 years we will have a real two-teir system 256up/768down NAT'ed lite connection for consumers, and a 3meg up/down for techies.
What we really need to figure out is how to combine QoS, packet filtering, transparent proxies, and local mirrors and good ISP hosting solutions to really cut down on traffic. Imagine Joe User. He runs kazza, plays some online games, a fair amount of web browsing, and downloads game patches, and has a pretty good pr0n habit. He also has a server that he uses to show a love of cats and host games. He also has 3meg up/5 meg down line, however the traffic is limmited to 512/1.5 meg at the border router.
The QoS caps his P2P at 128/384, more that enough to get what he want without killing the network. His web browsing goes through a transparent proxy using Policy based routing, cutting the traffic in half. Any traffic coming off the proxy as well as mail and news comes in at 5meg. Same thing with game patches/legit ISO's. Since all of this traffic is coming off a "local" server it has no cost. He also has a colocated box along with 1500 of his friends and neighbors. He has local root.administrator and can host games/web pages off it.
Lower bandwith costs, better response as far a the user is concerned. everyone wins. Of course you do have to have trained Sr. Techs/Jr. Sysadmins but not too many.
What Mr. Lamo thought he was doing was demonstrating to the NYT that they had a security problem.
Now police are the only ones authorized to provide consequences or even make judgements which means anything that doesn't have critical mass slips under the radar.
Religion is a gateway psychosis. -- Dave Foley
My biggest concern is nothing will be done until it gets to the level we currently see for spam, and then it will be too late because as soon as half the taffic on the internet is false and can't be routed properly (due to spoofed addresses) we are all SCREWED
Normal people worry me!
Large companies have multiple IP addresses and pipes. It then becomes possible to reconfigure so that only one pipe becomes stuffed and normal traffic is redirected. It is more of a problem when you don't have so much spare capacity.
Maybe it's still too early in the morning for me, but I didn't understand much of what that article said. OK, Kiddies organize in gangs and they hang out on IRC. What else is going on?? What does the 'war' consist of, who controls more machines on the internet? And it's being fought by copy & pasting the lastet Viri, Trojan Horses etc. and spreadng them around? Why can't IRC be secured, after all those years?
Some understandable explanations would be much appreciated...
Scipt kiddie is the name minor hackers gives to a cracker that succeeded in its attempt so he publicly doesn't look like he knows what he's doing.
Fact: most so-called hacker actually opperate the same way script kiddies do, it's easier to use an already written software to hack into something so as to understand it than to reinvent the wheel each and every time, geeks know that. Most would-be hacker get frustrated when a virus writter or cracker succeed in doing something (whatever it is) because they simply can't do what he did, downsizing their exploit by calling them script-kiddies or packet monkeys just show how frustrated they are not to be the one in the spotlight.
Worst than a script-kiddie is the would-be hacker calling crakers script-kiddies so he looks to be above "that juvenile attitude", at least the script-kiddie does something more than talking/bragging, he shows proof.
Who cares what tool you use, it's the result that's important, plus, finding a "hacker tool" that actually works is an exploit in and out of itself so...
You are confusing two completely separate issues, egress filtering of IP addresses, and MAIL FROM: addresses in email.
Vixie is talking about configuring the big border routers used by ISPs at the edge of the ASes to also filter packets based on source address. There is a big problem with this, in that none of the big iron routers (Foundry, Cisco, Juniper, etc) has the circuitry in place to filter on source address. Certainly you can do this for feeble traffic levels. But the moment you switch in an ACL, the packets stop being routed by efficient ASIC packet handlers, and touch the CPU in the router. Even a small percentage of the traffic can bring a large router to its knees. All modern ASIC switching/routing circuitry looks at destination address, as well as MPLS labels and VLAN tags, but not much more.
If it ever became a market necessity to move source address filtering into the ASICs, you would see products on the market within weeks. But this will require hardware upgrades on every box, not just a simple firmware patch. Until there is a major reason to offer such technology, such as poorly thought out legislation, it will be impossible to perform egress filtering.
I have seen some responsible ISPs filter at the luser access router (ingress), where the flow of traffic is miniscule and can be CPU filtered by each box. But a Cisco AS5300 with 60 installed modems becomes unstable if you put a complex ACL in its config. There are a number of ISPs I know who are now filtering on 127.0.0.1 as a source address, to prevent damages from the blaster worm, but in doing so they are uncovering all kinds of other problems. Adding an ACL which limits traffic from each PPP session to the assigned address would bog down all the access server CPUs, and result in a huge increase of customer complaints. So most ISPs just can't do source address filtering until there is kit which can do it as efficiently as needed.
Vixie's rant mentions only peering agreements, which tend to be only minimal amounts of traffic from one AS to another. Typically, traffic crossing a peer arrangement is not going to be routed to another AS. What he really meant to say is that Transit connections need to be filtered. Transit connections are what UUNet and other big carriers provide to many hundreds of other ASes. Its this high volume traffic which needs to be filtered.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Right. If you don't have the nerve to correct your sons behaviour, I'd bet you don't have the nerve to confront anyone else. Sounds like yer just one of those folks who scream on forums because you know no one will do anything about it and it makes your nads feel better.
Take control of *your own* responsibilities first (read your son), before whining about someone else doing it for you.
end the 'war on drugs' and other such ideological wars.
Emory: Uh..we're still..beta testing that.
Oglethorpe: What you're testing is me and my patience!
Skript Kiddiez:
Lots of idiots
Children
Can't spell
Do damage
Slashdot:
Some idiots, mostly sensible
Mostly adults
Can spell, aside from typos
Don't do damage
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
The term cyberpunk was invented to describe a scifi subgenre that started to bloom in the late seventies to early eighties (around the same time that punk did) that intended to shake scifi out of the tame complacent mode that scifi had gotten itself into. (similar to the rock around the time period punk came along.) The cyperpunk authors were new, and their work had some obvious weaknesses, but if you put aside the analytical criticisms and read it for pure enjoyment, you would get a better story than you would from the authors with decades of work under their belt, or reading their decades old, but really good work yet again(Do I have to keep putting these cyberpunk <-> punk rock comparisons in parenthesis? When I'm talking about the old and out of touch, think Asimov, Baen, Pournelle, Jagger, Townshend, etc. When I'm talking about new and explosive for the day, think of Gibson, Sterling, the Sex Pistols, the clash and the Ramones ) If you think that the term cyberpunk has nothing to do with punk rock, you are the one that is confused.
Both punk movements did their job of shaking up the status quo, and relegated themselves to part of the establishment. What we have for big budget scifi movies are things like The Matrix, not Capt. Kirk Saves Whales From Extinction With Transparent Aluminum. Punk music is now being used for television commercials and television theme songs.
Of course, you could co-opt the word for your own meaning (to some extent, the cyberpunk movement that grew out of the cyberpunk scifi movement already has) then why don't you just steal "hacker". Its already been misused by a large part of the general public for just this purpose.
The sad part is people SHOULD care. Everyone from Joe Average to Bob Businessman should take notice of this.
Joe and Bob should get advice from a competent computer tech. Script kiddies do what they do because there are so many unsecured boxes out there. You don't need a real pro to at least get some basic security. The one problem that's hardest to deal with is a ping flood. It's a problem because it's super easy to nail users on the Internet with ports wide open, users that click on malware e-mail attachments without even considering the source or the content.
If I chose to be a kiddie, I could go out and spread malware through via e-mail tomorrow, and rack up thousands of ping zombies over a couple of weeks. Jeez, I wouldn't have to lift a finger, I could just google some code and tweak a few things. I couldn't care less about script kiddie culture; It's the same as latchkey kid "culture" has been for the last 20 years (the slang may change, but behavior is the same). The real issue is the fact that technology allows an unattended latchkey kid drenched by material wealth (equipment and network service) act out his unchecked, hormone-influeced frustration and seriously disrupt any endpoint on the Internet.
Fred
"A fool and his freedom are soon parted"
-RMS