A Peek At Script Kiddie Culture

Brian Bruns writes "NewsForge is covering an article on the Script Kiddie Culture, in an interview with my co-admin Andrew Kirch. It provides insight into a culture that not many people fully understand, or get to see."

What is there to understand?

Search, copy, paste.
Woho! Im leet!

Re:What is there to understand?

[rpeh]

U ju57 g4v3 4\/\/4y 477 0ur 1337 h4x0r 53cr375! U r 14/\/\3! 1 \/\/i11 g37 r007 0n 411 ur b0x35 4nd 0wn0r U! 411 Ur 53rv3r5 r b310ng m3!

Re:What is there to understand?

[k31bang]

i don't know which is worse. that you wrote that, or that i could read it. =/

Re:What is there to understand?

[mister_tim]

Ah - you've been caught out. You're not a real script kiddie after all! A real script kiddie would be like all the others and write '0wnz0r' - you left out that crucial 'z', giving away that you're probably a normal person after all (well, as normal as anyone on /. )

Re:What is there to understand?

[WhitehatSystems.com]

I can not for the life of me understand what is so different and "NEWS" of this? I remember these exact things being done back in the Late 80's and earlier even, but those people have later learned things and worked into careers as Security Consultants, etc. I dont see anything different in thet 'Scene' since then, Phone Conferences and Teenage Ego's combined with Scriptz.. nothing new..

Re:What is there to understand?

[rpeh]

Damn. And the first "477" should have been "411" too. I guess these script kiddies are just too clever for me!

addendum to topic paragraph

[cmacmanus]

..or want to see.

Re:addendum to topic paragraph

[poptix_work]

No kidding, both Brian Bruns and Andrew (trelane on IRC) are script kiddies furiously trying to display a white hat.

If in doubt, search google. This "SOSDG" is hosted on someones cable modem, yet claims to run DNSBL's used by "Hundreds of government sites including .mil and .gov"

In conclusion, I have my own IRC logs:

[28/1806] [trelane(trelane@adsl-68-78-10-171.dsl.ipltin.amer itech.net)] packeting an NYPD officer, have you no patriotism?
[28/1809] [trelane(trelane@adsl-68-78-10-171.dsl.ipltin.amer itech.net)] you're a whore for packeting sigdie resources, and a terrorist for packeting an NYPD officer's COLOC, treason is punishable by execution still isn't it?
[28/1812] [trelane(trelane@adsl-68-78-10-171.dsl.ipltin.amer itech.net)] terrorist.
[28/1812] [trelane(trelane@adsl-68-78-10-171.dsl.ipltin.amer itech.net)] packetmonkey
[28/1812] [msg(trelane)] this is great stuff, keep spewing
[28/1812] [msg(trelane)] funny stuff
[28/1812] [trelane(trelane@adsl-68-78-10-171.dsl.ipltin.amer itech.net)] fuck you for dos'ing my equipment last night btw
[28/1814] [trelane(trelane@adsl-68-78-10-171.dsl.ipltin.amer itech.net)] you're a fat ugly spunkmonkey for packeting an RBL
[28/1814] [trelane(trelane@adsl-68-78-10-171.dsl.ipltin.amer itech.net)] you realize the feds are giving us madhelp after the shit from this fall?

(Despite their rantings, they can only hop on IRC and point fingers when their cable modem gets attacked)

Re:addendum to topic paragraph

But aren't you a bit embarrassed to admit that you hang out in these places?

Re:addendum to topic paragraph

[poptix_work]

"these places" being EFNet, no.

Re:addendum to topic paragraph

[Adam9]

Ah, so trelane is having his first dose of being slashdotted. I guess there's a little packetmoney in all of us ;)

Re:addendum to topic paragraph

[monkubus]

Uh.

umm

oh, nevermind.

Re:addendum to topic paragraph

[Solosoft]

EFnet used to be alot like that. I stoppped hanging around that area after I kept getting hit. But EFnet is like a "city". You enter the wrong area "bad neighbourhood" your going to get in trouble. I used to hang out in those areas. Never did anything bad but just knew some people and ended up in those channels.
Most of the time, I noticed it's VERY young kids with a DDoS net but most of the time it's not their DDoS net. Also, if you "buddy buddy" with them they will show you the net to brag and show how cool they are. Them being stupid would DDoS me sometimes and I would log the packets. Of course to see if it would effect me (which my server was WAY too slow at the time to handle any of that DDoS the most I would see come in is like 50k/s so they couldn't take my line just bog my computer to a bitch. While I was logging I would simply find there address in there and match it with the IRC txt and send it into there ISP. Most of the time they would come back a few days later complaining there ISP sent them a warning. It was actually kinda funny. "What you mean I can get into trouble for this".

Anywho my Opinion on Script kiddies

not many people fully understand, or get to see..

[chrispycreeme]

...or care about.

How is this a 'culture'?

[Gothmolly]

Are people looking for some Gibson-esque secret cabal of script kiddies, who are building operating systems at age 8, can speak in hex, and have secret h4X0r access to everywhere?
I think people watch too many movies. Or is defining 'script kiddies' as a culture an attempt to rationalize the level of ignorance we experience when trying to comprehend all of computing technology? Since nobody can be good at everything, is it a mental safety valve to create uber-computer users, who 'get it', who can do 'cool things', who are 'in the know'? Isn't this the same thing as creating Gods to explain otherwise unknown natural phenomena?

Re:How is this a 'culture'?

[H1r0Pr0tag0n1st]

It's a culture in the same way that it is a culture if I scrape crud off the toilet and throw it in a petri dish with some growth media....

Re:How is this a 'culture'?

[_Sharp'r_]

I thought the script kiddies were the ones that didn't do any more cracking than search/download/copy-and-paste?

The people who actually know what they're doing are much more dangerous, generally on the grey to white side of the law and don't bother with DDOS on somebody's little website, since if they really wanted to, they'd just take entire nations' Internet access down.

I mean, I could think of a 1/2 dozen ways to wipe out a whole country's internet access completely for a day or two (no, I'm not going into details here, but if use BGP in your work life, you can probably think of a few also), but most people who've spent the time to learn at that level also are mature enough to realize that there isn't much of a point to wanton destruction.

Re:How is this a 'culture'?

Given that there are always a considerable number of individuals at this 'level of ignorance', and that they associate with one another on a regular basis, I would call it a culture. Just because this 'script kiddie level' is merely a stepping stone to greater understanding of technology does not mean it, as just a snapshot of one point in this progression, is not worthy of being a culture in and of itself. After all, like other cultures of this kind (gaming, geek, fratboy, whatever) there are new script kiddies joining and old script kiddies retiring from it each day.

Also, if you've ever associated with them, script kiddies have their own rules (mostly unspoken), trends, and even something of their own language. It may all be borne of ignorance and immaturity, but the same could be said about a number of other cultures/subcultures.

Re:How is this a 'culture'?

[LostCluster]

It's a culture that we should try to understand, because if we can find a way to take away their motivations, we'll have less hassles to do with on our networks.

What a 0day really boils down to is a mistake that a programmer made that never got corrected and therefore got distributed, but this mistake has yet to be documented in any way. White hats announce what they've discovered in the form of a patch, or at worst a security alert to the public. Black hats announce what they've discovered in the form of a malware attack.

Really... we'd like to know what motivates black hats, because we'd like to find a way to get them to play on the white team.

Re:How is this a 'culture'?

[LostCluster]

I thought the script kiddies were the ones that didn't do any more cracking than search/download/copy-and-paste?

The script kiddies we're talking about are those who are copy-and-pasting 0day hacks. A hack that the White Hats don't know about yet, and even most black hats don't know about yet. The big mysterious question: Just how did these kids get into the web-of-trust it takes to have this tool before the "good guys" do?

Afterall, the first "good guy" who gets this tool will hand it over to the white hat experts who will start the work on the patch that makes the hack worthless. So, the web of trust on these things has to be tight... so again, how do the new script kiddies get in the club?

Re:How is this a 'culture'?

[digitalsushi]

but if use BGP in your work life, you can probably think of a few also)

I dont know how BGP works, but I heard that way back in the day, some dude at some ISP announced that he had a /0, or some such thing, and the entire net got routed to him, and subsequently, broken. And then they put in filters into BGP so that core routers could say "you're full of crap that's not your ASN". Is the BGP system still sketchy enough that the existing safeguards against taking down stuff as big as a country still exist? (granted a lot of countries probably have one internet connection going in, sadly)

Re:How is this a 'culture'?

[SavingPrivateNawak]

But the script kiddies described in the article seems quite technical (not just "I winnuke you lolol") since they seem to discover vulnerabilities way before everyone else (Cf Article).

I don't want to start another hacker/cracker flamewar but I think we should reserve the term script kiddies to people who effectively do nothing more than running other people's malicious scripts.
We need to find another term for describing these immature, yet skilled, adolescents that discover vulnerabilities by themselves in order to higher their social rank. (Cf article where they talk about '0day servers' with newly found vulnerabilities ready for kiddies' next war)

Re:How is this a 'culture'?

[_Sharp'r_]

Exactly. Someone with knowledge of multiple "0day" vulnerabilities doesn't fit into what I'd call a script kiddie. They could be a kiddie, but "0day" and "script" in this sense are usually mutually exclusive.

Re:How is this a 'culture'?

[_Sharp'r_]

BGP is a little less fragile than that, but not by much.

A well setup core router will protect your network from most bad announcements from your downstream clients, but if one of your upstream providers gives you the right bad info because their router has been screwed with, you're out of luck until a real person figures it out and takes the link down.

Then of course, all the outgoing traffic for that link cascades over to your others.... and now that many people are blocking snmp due to Cisco vulnerabilities it gets a little harder to figure problems out.

And of course, much of the incoming traffic probably still sees the downed link as a valid ASN path, and since that's beyond your control... yeah, you can get screwed pretty easily by one router on an upstream provider's network that misbehaves in just the right ways.

Truthfully, most major ISPs' NOCs are pretty fast to respond to BGP screwups, but problems caused by a mistake vs. problems caused on purpose with a little forethought and topology knowledge are two different beasties...

Re:How is this a 'culture'?

I'd mod parent funny but not insightful. As a kid in the 80s I was part of a bbs culture. Whether people liked it or not it still had its own social norms and modes of expression and behavior. Just because these kids are assholes doesn't mean there's no culture there .. it just means it's a culture of assholism. that said, i think parent post is legitimately humorous.

Re:How is this a 'culture'?

[Unregistered]

Most scipt kiddies are kids who ain't got friends so they're likely (both for being immature and lonely) to be overtrusting.

Re:How is this a 'culture'?

[iminplaya]

...how do the new script kiddies get in the club?

I think they're appointed by the president, and after a confirmation hearing, they're in.

Re:How is this a 'culture'?

[Lumpy]

Um script kiddies are NOTHING like a real hacker or the darker side, the cracker...

script kiddies are ankle biters that dont have a fricking clue as to what they are doing.

I.E. the suburban white kids that you see trying to dress like black getto kids or rappers... that's a script kiddie... a poser or wannabe.

I've seen them, they've been around cince the beginning of hacker or crackerdom. nothing new, they are just more annoying today.

Re:How is this a 'culture'?

[myowntrueself]

"but most people who've spent the time to learn at that level also are mature enough to realize that there isn't much of a point to wanton destruction."

If only that applied to the guys in the Whitehouse, Dubyas boyz.

yeah yeah troll, flamebait, whatever.

Re:How is this a 'culture'?

[DoraLives]

if we can find a way to take away their motivations, we'll have less hassles to do with on our networks.

Bored children break stuff for the sheer hell of it. To seek deeper meaning here is to completely fail to understand bored children. Distract (and that's all you can do, merely distract) child A from breaking a thing, and child B will come along and break it while you're still busy with child A. There's nothing to see here. Move along.

we'd like to know what motivates black hats

You're presuming to use logic (or something similar) to understand a non-logical phenomenon. Don't work. Human emotion is a manifestly NONlinear function and additionally changes from one state to another with about the same level of predictabliity as the position and momentum of a particular subatomic particle. Fuggabouddit.

we'd like to find a way to get them to play on the white team

That way has already been found: Let them grow up. They'll get over it. Or at least most of them will. But you can never predict with certainty exactly which ones. And every year a new crop is growing.

Re:How is this a 'culture'?

[mingot]

Really... we'd like to know what motivates black hats, because we'd like to find a way to get them to play on the white team.

Desire to compete coupled with a strong fear of rejection. All you have to do to 'win' is be hated.

Re:How is this a 'culture'?

[autopr0n]

You're presuming to use logic (or something similar) to understand a non-logical phenomenon. Don't work. Human emotion is a manifestly NONlinear function and additionally changes from one state to another with about the same level of predictabliity as the position and momentum of a particular subatomic particle. Fuggabouddit.

That's rediculous. You might not want to belive it, but Human Nature is extreemly predictable. It follows probability theory, not logic (not a -> b, but P(a = x|b) = normal_distribution(x,y)). That sort of thing. I'm not saying that we know the exact stastical probability for everything, But we can usualy say pretty well what a given person will do in a given situation.

Re:How is this a 'culture'?

[CAIMLAS]

I don't know about you, but I've noticed on quite frequent occassion when one of these kiddies who "gets it" will enter a channel I'm in and start asking overly pointed questions about various kiddie like things. They don't "get it" that it's fairly obvious to everyone else that they're kiddies, nor do they "get" how Linux, or even windows, actually works.

I'd say it's more a social group or culture than it is an 'elite cabal'. But what do I know, I only use IRC. Same goes for the Any guy. You obviously know a lot more.

Re:How is this a 'culture'?

[Prof.+Pi]

if we can find a way to take away their motivations, we'll have less hassles to do with on our networks.

After R'ing TFA, I'd guess that the most efficient way to take away their motivation would be for the major ISPs to chip into a fund to get hookers for them.

Re:How is this a 'culture'?

[Imperator]

Yeah, but if the president knows they're not going to get past a confirmation hearing, he can use a "recess appointment", in which he appoints them during recess.

Re:How is this a 'culture'?

[zagmar]

I think one of the points being made in the article was that these kids are fed the exploits in order to remove any potential legal reprisal from the original discoverer, hence the mention of Al-Qaeda. Think about it this way: I'm a 30 year old sysadmin with a chip on my shoulder and I discover a nasty security hole in a piece of software that my employer, as well as hundreds or thousands of other companies, use. Am I going to use this myself, opening me up to all kinds of charges (which are much easier to back up because of my position, and which have much nastier names, such as "corporate sabotage,") or am I going to tell the gang of 1337 h4x0rz that I see every night on IRC, hoping that they will hit my company as well as all the others that use the software?

Re:How is this a 'culture'?

The ones the article is talking about are still script kiddies-the 0day ones are only highly skilled in building social networks. In the vast majority of cases the original source of the vulnerability "accidentally" leaks it to some random but well-known "ub3r l33t" script kiddie who is guaranteed to use and spread the crack in a predictable manner, but who isn't able to trace the original author. The 0day inner circle is simply an informal distribution network, and that's exactly what the "script" part means. That's not to say they're dumb-staying in the inner circle takes good social engineering skills that very few script kiddies have.

Re:How is this a 'culture'?

They don't necessarily know what they're doing. Admittedly, when I was in highschool I tried to launch my own botnet. I was DoSed twice on unrelated conditions and got fed up. Plus I wanted to mess with my own friends' connections. After a little digging I found a binary for a botnet which I was able to hex edit and customize to create my botnet. At this time I was just learning C++ and later I found an open source trojan that had much more abilities already coded plus I could add my own. I knew nothing about the inner workings of the net, spoofing (which was hard on win9x machines), or very much C++ at all. One week summed up a nice botnet. At a very young age I discovered that people will run anything if you just plant enough binaries. I disguised it as things I myself would've been interested in: console emulators, porn (yes executable porn, youve seen this), and secuirty related software. I found out that some of my closest online friends has independetly and secretly built their own botnets. It seems like the best thing since well..the internet. To have so much power at a young age and EVERYONE was doing it. Soon I was confronted by a very intelligent person who talked me out of this shit, very nicely even though I was trying to infect him. I uninstalled the bots and shut down the channel. Now I know if I had kept going I would have had a lot of power that I shouldnt. I wasn't using exploits that affect hundreds of thousands of windows machines or any other fancy distribution methods. I just put my file on the net and let them come to me. Botnets are too easy to create and since bandwidth is cheap they will cause more problems. Something must be done to stop these kids without ruining their lives. I wanted to learn and destroy, but not without good reason to. Of course if someone will DDoS company sites and cause damage they should be punished but they should be stopped before this happens. They dont know what they are doing.

Re:How is this a 'culture'?

[lxs]

I guess in the same way that glue-sniffers that scrawl their names on bus-shelters are part of an 'artistic movement'

Give a kid a felt-tip pen and he thinks he's Bastiat, give the same kid a computer and he thinks he's Kevin Mitnick.

Re:How is this a 'culture'?

When you get back from being high, please note that the aggregate behavior of large populations (which is predictable) has little to do with the individuals that make up the group.

Re:How is this a 'culture'?

[golgotha007]

i ran a bbs in the early 80's and was part of the 'scene'. yes, i had a message subboard called 'ELITE' where we would all post our MCI and Sprint codes and intesteresting phone numbers.

most of us then were total geeks that either couldn't hold his own at a jock party or was too nervous around girls. the one thing that we did have was power when it comes to telecommunications. and that power, because it wasn't to be enjoyed outside the computer, made us all arrogant little assholes.

i see nothing has changed.

of course, then we didn't call them script kiddies (which i find appropriate), we called them 'kidhacks'.

Re:How is this a 'culture'?

[Build6]

mean, I could think of a 1/2 dozen ways to wipe out a whole country's internet access completely for a day or two (no, I'm not going into details here, but if use BGP in your work life, you can probably think of a few also

There's a difference between doing something, and doing something and not getting caught. Are your ideas the kind that will end up you being in a federal prison (i.e. quite pointless) or the kind where you cannot get traced (i.e. you are then in fact quite dangerous)?

there's a difference between going to the bank with a shotgun and getting a lot of money, right before being either shot dead or hauled off to prison, and figuring out some way to siphon off bank funds into your account in a way where nobody ever detects it (or only does long after you're gone).

Re:How is this a 'culture'?

[DerekLyons]

Bored children break stuff for the sheer hell of it.

No. Ill-raised children break things for the sheer hell of it, bored or not. These script-kiddies are no more and no less than the end product of the permissive 'kids-will-be-kids' theory of parenting.

Thank you Dr. Spock.

Re:How is this a 'culture'?

[Fwonkas]

You're presuming to use logic (or something similar) to understand a non-logical phenomenon. Don't work.

Whoah. Hold on there captain. You're basically saying that human behavior is fundamentally non-logical? While some behavior seems to fall into that category, it can be analyzed, and can be determined to be logical, even if it's based on false premises. Unless you think all script kiddies behave in totally chaotic, non-logical and insane patterns. Seriously.

Reminds me of an argument a philosophy prof made - a person can be insane and make sane decisions. They think so and so is the devil, so they kill them. Yes, killing them is insane, but their reasons aren't. I mean, killing the root of all evil is not insane. Being mistaken is. But there's still a logical flow here.

Re:How is this a 'culture'?

[redhog]

Or the result of you-can't-do-this-and-you-can't-do-that raising, where the kid becomes more introvert/hiding in its search for playground, and eventually ends up doing really nasty things as soon as the parents aren't watching.

The only way to raise a child not triggering its "do the opposite of what you say" when you ask it not to do something that really is bad, is to never say no if it really isn't a problem, and when saying no out of rreal need, allways motivate the no with good arguments that the child just can not ignore the truth of.

Re:How is this a 'culture'?

[pacman+on+prozac]

Well as unwilling as most people are to admit it, there must be some of them with at least some skill.

If they had that much skill, they'd be getting paid huge amounts of cash to do what they're capable of in some professional context, not sitting on IRC flooding connections.

You're also assuming some script kiddy wrote the exploits they use in the first place, that usually doesn't happen. Exploits come from other places, that have interests in keeping hidden. Script kiddies make perfect cannon fodder for these people.

Re:How is this a 'culture'?

[Eil]

We need to find another term for describing these immature, yet skilled, adolescents that discover vulnerabilities by themselves in order to higher their social rank. (Cf article where they talk about '0day servers' with newly found vulnerabilities ready for kiddies' next war)


Well that's really where the whole cracker/hacker nonsense started. The problem is that you've had these two groups around for decades each calling themselves the same thing. Both legitimate and black hat hackers are computer experts on one level or another no matter how you look at it. So what's needed are a few supplementary terms, not replacements because you're never going get either group to change. And those supplementary terms need to come from within in order to stick. Nobody likes being told, "You are now X" especially hackers, whether legit or black hat. That's why you don't see 2600 changing its subtitle to The Cracker Quarterly. (Well, that and it just sounds utterly ridiculous.)

Re:How is this a 'culture'?

[chrispycreeme]

Assholism? What a cool word. It should be added to the dictionary along with 'dicketry'. As in 'You are acting like a dick! Stop your dicketry!"

Really tho any Sys admin or Network admin worth what they are paid doesn't worry about script kiddies. Its the hardcore blackhat hackers that are scary. That and the clue-sers opening email attatchments all willy nilly.

Re:How is this a 'culture'?

[Fred_A]

Human Nature is extreemly predictable. It follows probability theory, not logic (not a -> b, but P(a = x|b) = normal_distribution(x,y)). That sort of thing.

proof of this is the amazing success of economics so far...

</sarcasm>

Re:How is this a 'culture'?

[Decameron81]

It always strucks me to see that definitions that were meant to "label" a group of people in certain ways, can assume completely different meanings on the long run. An example of this, is the original meaning of the word hacker (from http://www.joabj.com/CityPaper/hacker.html):

"To these hackers though, these computers presented a whole new realm of possibilities. In the ensuring decade, they prodded the TX-O, and, later, the PDP-6 to play chess, hum Bach, emulate ping pong, act as a adding machine, and play space war games... All these applications were called hacks. Such work was seen as frivolous. These programs were written for no other reason than to be simply to have them be admired and improved upon by other programmers. In hindsight, its obvious these hackers were radically rethinking the way computers could be used."

And nowadays it has assumed a completely evil meaning. The same goes for these so called "script kiddies". I mean, as far as I remember a script kiddie was someone uncapable of making discoveries of security holes himself. One with little if any knowledge on computer security (or even programming) but with a good library of programs to let them achieve their goals. Their final goal being to be recognized as hackers without all the process of properly learning the stuff. The article above talks about script kiddies as kids who are good at creating programs, which gives the term a one hundred and eighty twist.

Diego Rey

Re:How is this a 'culture'?

basquiat

Re:How is this a 'culture'?

[lxs]

Oops! You're right. That'll teach me to post before my first cup of coffee.

Re:How is this a 'culture'?

[scifiber_phil]

Most people who take the time to learn at the level of "I can fly a commercial jetliner" realize that there isn"t much of a point to crashing one into a building on purpose. Opps, I guess this is not always the case.

Re:How is this a 'culture'?

[scifiber_phil]

Use crud off the kitchen sponge. The toilet is actually usually cleaner.

Re:How is this a 'culture'?

[identity0]

48 65 79 2C 20 74 68 61 74 27 73 20 6E 6F 74 20 74 72 75 65 21 20 49 20 62 75 69 6C 74 20 44 4F 53 20 66 6F 72 20 42 47 20 77 68 65 6E 20 49 20 77 61 73 20 37 21

59 6F 75 27 72 65 20 6E 6F 74 20 6C 33 33 37 20 65 6E 6F 75 67 68 20 74 6F 20 6A 6F 69 6E 20 6F 75 72 20 63 61 62 61 6C 20 3A 50

Re:How is this a 'culture'?

[cubic6]

how do the new script kiddies get in the club?

Well, I used to hang out in some "less than reputable" channels on IRC, and I've seen a few script kiddies earn their wings. Usually, they're introduced to the hacking scene via the Warez scene. A lot of warez is transferred and hosted on hacked boxes, so there's quite a demand for people who can 'r00t', basically meaning running a automated hacking tool on various subnets trying to get a collection of zombies used for dump sites or XDCC bots. Now, a side effect of this is that the kiddie will accumulate a large collection of zombies which don't have enough hard drive space or bandwidth to be useful to their warez ring. These are prime candidates for DDOS bots. I knew a person who had 40,000 or so bots, and could bring down our home IRC server by having them all connect at once. Or he could collect them all in a hidden channel on EFnet and randomly DDOS people in other channels. Eventually, people like that tend to find each other and either DDOS each other out of existence or exchange contacts and resources, and that's where they enter the serious hacking scene.

The reason White Hats don't get in on this is because you need to have an ante of a few thousand DDOS bots before you can even play the game. It's pretty sad that someone can enter an IP range, click a button, and have 5000 zombies in a few hours. Anyways, I hope that answered your question.

Re:How is this a 'culture'?

[IncohereD]

This is also probably why I had to go through tighter security on my recent tour of a Bell central office than I did going on a tour of a National Defense facility. The trick is getting access to a core router in the first place.

Re:How is this a 'culture'?

[IncohereD]

Sheesh. You're probably the same guy who got fired from a tech job for having no people skills, because you didn't think they were important.

Having been a BBS kid back in the day, there's plenty of people who wasted more of their life than those on the 'inside', but everyone recognized as fucking idiots. Those with better access were almost invariably those who also had friends/connections in real life, (or sometimes just money for the lastest, fastest modem...but rich kids also tend to have better things to do with their time), and had better social skills. And only used the '1337 speak' for humorous effect.

e.g. I knew that the '1911' in Razor 1911 was 777 in hex, but just because it was funny and we were bored with our base converter in computer class.

It's analogous to how the best metal bands are the ones who thing all the satanic shit is just a hilarious lark and do it over the top, not the ones who take it seriously.

Two implications

The most amusing implications are:

a) Its a culture.
b) Someone would actually want to see it.

10 years ago I did the script kid thing for a bit (before having a life). Its a bunch of kids who's parents are not really involved in their lives, and have nothing better to do than look for a digital mate by typing "A/S/L?!?!??! and talking about their privates.

I could seriously care less.

Re:Two implications

no no one actually wants to see it. the story submitting user made it seem like this was something important. All this was was a fake interview to try to get the point across that linux zealots aren't the ones hacking. and they arrive at that conclusion because the hackers use windows xp.. which is incredibly stupid of a conclusion

Re:Two implications

[WwWonka]

The most amusing implications are:
a) Its a culture.

So is yogurt.

b) Someone would actually want to see it.

Somebody somewhere paid money to watch Gigli as well.

Re:Two implications

[zakezuke]

It's rather annoying the fact that now it's 2004 and just about anyone can go online in yahoo and say, "hello, my name is gwen, and this is my vagina"

Before 1998 a person had to have some skill to do that sorta thing, and you asked them what they were using. Now it's like, "Good vagina, that's a very nice vagina, now go play" thinking to your self they must have gotten their webcam in a box of fruit loops or something.

Re:Two implications

[Maserati]

That's *very* profound. Yeah, I've noticed that too. Thank goodness someone finally said it.

Re:Two implications

[fuctape]

>I could seriously care less.

Which means you *do* care somewhat. I think you mean that you couldn't care less.

Re:Two implications

[adamofgreyskull]

I don't know why this idiotic "idiom" is so pervasive in American English. Everyone over here can use it correctly, thus:
"I couldn't care less" - I care the smallest amount,it's impossible for me to care any less.

I was going to say "maybe something got lost in translation" and now that I have, I just want to kill Sofia Coppola again, way to make me recall repressed memories, jackass.

Re:Two implications

[antime]

Hey, it was written by Robin Miller. Stupid Linux-zealot conclusions are his trademark.

Re:Two implications

[identity0]

Its a bunch of kids who's parents are not really involved in their lives, and have nothing better to do than look for a digital mate by typing "A/S/L?!?!??! and talking about their privates.

That pretty much describes most celebritiees these days, except they get laid in real life.

Come to think of it, it would be funny to do a "Real World: H4x0r5" show... "5ee wh4t h@pp3n5 wh3n p33pl3 5t0p b3ing p0li7e..." It could feature a dozen guys in a rented house with a OC3 connection bitching at each other while "hacking". Of course, all the romance would have to be either cyber or gay...

Nevermind.

Re:Two implications

[Art+Tatum]

Somebody somewhere paid money to watch Gigli as well.

There is no hope for the human race.

Re:Two implications

[Art+Tatum]

I'm an American, and I know that it's "couldn't." I think you're seeing the results of our wonderful socialist education establishment.

No Social Life?

[firstadopter.com]

The quote that says young adolescents have no social life is pretty damn funny.

h4h4h4h4h4

[segment]

_xXx_h4x0r3rZer0_xXx [#31337] d00d sl4shd0t p0st1d 0ur sh1zzl3 m4h n1zz73
XxX-|-Ne()-|-XxX [#31337] /exec ./winuke slashdot.org:80
XxX-|-Ne()-|-XxX [#31337] l4m3rz!@_!@

Re:h4h4h4h4h4

[DaLiNKz]

I'm guessing this is you trying to make a IRC chat.. well.. Can't have ()'s in IRC ;)

--- () :Erroneus Nickname

Re:h4h4h4h4h4

[Lost+Dragon]

d00d, U H/\X0rD /. - 5K0r3!!!!

A peak at script kiddie culture..

Look no further.

Did you miss the part...

[Ayanami+Rei]

where they mention that "no one wants to download grsecurity" or "tru64 is where it's at" or "some kiddies target Solaris and Irix because that usually means a big pipe".

Try a little reading comprehension first.

Publicity

[Un0r1g1nal]

From what I understand of script kiddies they mostly do stuff from sheer boredom (what ever happened to the good ole outdoors?) and for the extra pseudo attention they get from it. Surely by attempting to interview and do articles on this 'culture' they are just pandering to the desires of these script kiddies. And rather than helping them to realise that they need to grow up etc, the extra attention is only going to make them have a greater desire to wreak havock with their 'leet skills'

Re:Publicity

[a8o]

They're not rational human beings. They'll grow out of it eventually, when more will come to take their place. Many of us here, probably, have had a go with packetflooders. Once upon a time in 1998 i took down a cable modem and I was on a 56k. That was fun seeing his name drop off the IRC chatroom. But, I got over it and now hardly can use a computer.

Re:Publicity

From what I understand of script kiddies they mostly do stuff from sheer boredom (what ever happened to the good ole outdoors?) and for the extra pseudo attention they get from it.


I used to be slightly into the script kiddie scene, hanging out on IRC all night. script kiddies do what they do as a result of conflicts that arise in their online social life. Someone might insult them, kickban them from a channel, something involving a girl, pull a prank/trick them into doing something stupid. Basically, the same kinds of conflicts that arise in the social life of any other teenager only they're online. Other teenagers might pull pranks in real life or punch each other in the face... script kiddies launch ddos attacks, try to takeover channels & nicks, crack each other's computers, etc... the only difference is the medium.

Re:Publicity

[chevelleSS]

7 years ago I did the script kiddie thing, and for me it wasn't because I was bored (I lived on a farm 25 miles from the nearest town; I was always out hunting, building contraptions and doing of some sort). The main reason I used the programs was to a) impress a few friends b) do something "cool" with Linux.

Hey! after downloading 20 something slackware disks on a 14.4 modem you would want to make the thing do something "useful" too!

Re:Publicity

[SmackCrackandPot]

(what ever happened to the good ole outdoors?)

It got sold off to developers to build luxury flats for young professionals and retirees. See it all the time over here in the UK. In some places they are even closing down oversubscribed schools in popular areas in order to shuffle the kids to undersubscribed schools in deprived areas. Guess what happens to the school and playing fields - it gets converted into luxury flats with private parking.

Re:Publicity

[danila]

How can something be insightful if it is wrong? This is the first article about script kiddies that I saw and I bet the same is true for many people here. Despite that lack of recognition, script kiddies, apparently, didn't stop their doings many years ago, as they should have, according to your logic...

It's really simple in fact. They don't want a recognition from you, they want recognition from their peers. It's the same as with pirates, professional photographers, case modders, etc. They have their online communities where they display their leet skilz.

Re:Publicity

[skifreak87]

It's not just sheer boredom. It's a social outlet. Yes I'm generalizing and stereotyping, but your average script kiddie doesn't have a normal social life/real friends. His friends are people he's met online. He can be popular and "cool" if he has cool hacks to use and scripts to run or he can write the stuff himself. It's about as arbitrary as being popular and cool for being able to run fast and catch a ball. Yet one activity is detrimental to society and the other is not. Regardless, it's (IMO) a result of these kids having the rather universal desire to be cool in some way. Maybe they're not athletic so they can't be "cool" in the jock sense but if they can be part of this leet group, then they feel cool and important.

I personally don't think it's done out of solely boredom and a desire for publicity, I think there's more to it than that. While publicity might be desired because it leads to increasing one's uber-leetness factor among other script kiddies, I don't think the desire really stems beyond that.

Again, just my $.02, no facts to this, just opinions based on my limited life experiences.

Bahh, these kids today...

[k4_pacific]

Back in my day, we didn't have computers. We would see how long we could balance on a flagpole or we would see how many goldfish we could fit in a telephone booth. Hell, once I danced the Charleston on a flagpole for 12 hours. Won me a brand new LaSalle. Now, pranks and mischief are all electronic, done with them newfangled computers by them so called script-kiddies.

Takes the fun out of being a kid if you ask me. Hmmmpphh

Re:Bahh, these kids today...

[4b696e67]

There is a lot of truth in what you say. There have always been "script kiddie" types. In the past they were pranksters and getting arrested for vandalism/arson/(pick stupid crime). Now, with easy access to the world through the internet, they create trouble for everyone on a massive scale instead of just the local town they live in.

Re:Bahh, these kids today...

[DataPath]

That's "harrumph" you insensitive codger!

Re:Bahh, these kids today...

[caino59]

yea, and instead of getting a slap on the wrist or a trivial fine, these 'kiddies' are getting time and getting branded forever as delinquents and fugitives with felon status.

been there done that.....i think the justice system needs a peer edit, but like that will ever happen...

Re:Bahh, these kids today...

[puffing_billy69]

...or we would see how many goldfish we could fit in a telephone booth.

For the record, how many? Power of 10 will be fine.

Re:Bahh, these kids today...

[ColaMan]

Average volume of a goldfish (6cmx1cmx3cm) 18cm3
Average volume of a telephone booth 1mx1mx2m - 2m3

Number of goldfish to a telephone booth = 111,000*

* give or take a few, not taking into account any spaces in between goldfish , or hardware in the booth.

WTF

[Facekhan]

Is this guy just making stuff up as he goes along. I swear he comes off like Gibson at GRC for christ sake. Secret groups of anti-social 11 year olds taking down whole isp's because their male "competition" for the heart of an equally dysfunctional haxo4 chica is a subscriber.

Re:WTF

[AArmadillo]

Sadly enough, it is mostly accurate. Usually taking down whole ISPs is a side-effect -- more likely, someone who was using that ISP pissed them off and they were trying to cut off their connection. Look at the attacks several months ago on DALnet as an example. Gigabits of bandwidth from DDoS zombies taking down an extensive IRC network at the whim of a bunch of script kiddies (apparantly because they were mad that DALnet banned some of their warez bots).

Just how do you stop a DDoS?

[LostCluster]

From an admin's perspective, a DDoS is the scariest attack of all. There's nothing you can do to prevent it, and nothing you can do to stop it.

An admin whose network is being DDoSed really doesn't have much hope of doing anything. Their inbound communication line to the outside world is being flooded with so much garbage information, the signals that they want to get over that line are simply drowned out. Incoming connections can't get a turn going down the pipe, so they time out. He's powerless, everything in his shop is nice and secure, but can't function without geting any useful requests. That poor admin can call his ISP... but there's really not much the ISP can do from their side of the line.

The real problem in a DDoS attack is not that the final victim's security has gone wrong, but the security of other computers elsewhere on the Internet have been compromised, and they've been turned into zombies contributing to the DDoS flood. The DDoS will not subside until nearly all those machines are all patched, but that's not something the victim's people can do. They have to wait for the Anti-Virus providers and software providers to knock down the flamethrowers that are all being shot in the same direction.

Any time you're relying on third parties who don't work for you to save your business, you're really up a creek and are throwing yourself on the mercy of the tech world. Hopefully they'll save you in time, because there's really not much you can do from your own datacenter.

Re:Just how do you stop a DDoS?

[gnu-sucks]

Ever get slashdotted?

Re:Just how do you stop a DDoS?

[LostCluster]

Ever get slashdotted? Nope, although I think my site could survive it. :)

Re:Just how do you stop a DDoS?

[pyrrhonist]

Nope, although I think my site could survive it.

Did you just issue a challenge to Slashdot? You poor fool.

Re:Just how do you stop a DDoS?

[0racle]

I just don't see how a DDoS that does nothing except bog down your network connection, usually just to the outside world if you actually earned that job, is the scariest.

It slows things down, to a crawl or a dead stop, its irritating, and all you can do is sit it out, but in the end, what did it really do, again from the admins perspective? Nothing, it didn't do anything. You don't now have to worry about machines being used as zombies or otherwise compromised and there's next to no cleanup. And as for the there's no hope till the AV companies update scanners, I don't really recall MS's net admins running around and crying when MyDoom.whatever was supposed to flatten their network.

There may be monetary implications in a DDoS, but from an admins perspective, there's nothing to do, and nothing to worry about.

Re:Just how do you stop a DDoS?

[Darkangael]

That's not always how your boss will see it :(

Re:Just how do you stop a DDoS?

[caino59]

hey, everyone wants to at least try ;oP

Re:Just how do you stop a DDoS?

That poor admin can call his ISP... but there's really not much the ISP can do from their side of the line.

Sniff the garbage, analyze it, block IPs somewhere upstream. Worst case, if the zombies are randomly spoofing IP addresses you could still trace them back hop by hop. A giant pain in the ass, but possible. Steve Gibson has a great article about dealing with a DDoSing script kiddie.

Re:Just how do you stop a DDoS?

[Lost+Race]

www.studioqb.com has address 69.57.153.168
CIDR: 69.57.128.0/19
OrgName: Everyones Internet, Inc.
NameServer: NS1.EV1.NET

I think we already established that EV1 has enough bandwidth to survive a slashdotting.

Re:Just how do you stop a DDoS?

[Slashamatic]

Large companies have multiple IP addresses and pipes. It then becomes possible to reconfigure so that only one pipe becomes stuffed and normal traffic is redirected. It is more of a problem when you don't have so much spare capacity.

Re:Just how do you stop a DDoS?

[f0rt0r]

Sorry, Gibson lost my respect a long time ago. I e-mailed him when the Windows Help & Support "delete" vulnerability was revealed and showed him how by changing browsers ( it only worked in IE ) or disabling the Help and Support service would block this exploit. I also added that Windows XP SP1 contained language in the EULA and in the patched ( the infamous Windows Media Player 'security patch' ) that many people did not agree with, so giving them alternatives other than installing SP1 was a good idea.

He never replied, and kept the ol' "You must install SP1 now! Here is why!" announcement up on his site. That tells me he is both a sensationalist and a Microsoft zombie. I mean, its not in *his* best interests to present people alternatives to M$ solutions, and that seems all he cares about - traffic and consulting jobs to fix damage caused by M$ software.

Re:Just how do you stop a DDoS?

[Billly+Gates]

Configure your router.

Notice how Slashdot has never been DDOS and that you can not ping www.slashdot.org?

They have specific routers and switches to cancel out garbage traffic.

Easy? Hell no, but its doable. Cisco routers and expensive engineers have alot of options and configurations.

I do realize they are a luxury though.

Re:Just how do you stop a DDoS?

[LostCluster]

They have specific routers and switches to cancel out garbage traffic.

The thing is, in order for such a filtering system to have any good traffic left to find, one must have more bandwidth upstream of the filter than the DDoSers have available to them. In short, one must have the ability to burst their connection to much much much more bandwidth than you need to handle your legit traffic, your incoming bandwidth must be your legit traffic plus the size of the DDoS you wish to be able to handle.

Translation: Keep any server you want to keep up at a major data center. They've got the bandwidth to spare, you have no hope of affording that much.

Baseball BATS !

[MajorDick]

We had a script kiddie (didnt know it at first) trying desperatley to hack several of our servers, I reckognized the IP block he was on and called up my buddy who was the sysadmin for the ISP he was connected from, Soooo he gave mne his name and address. Me and my dad Im 6'2 230 lbs and my dad looks like george carlin on steroids, well we knocked on the door of a very nice house at about 4:00 pm , to the door comes a pimpled faced rugrat about 14, I told him we were here about the hacking attempt on our server, the kid turned purple, andd I honest to gfod thought he was gonna piss himself , we had a nice little discussion and told him the next call was to the FBI for attempted bank robbery as we hosted several credit unions, never had anymore problems from this fellow. We did take a baseball bat along just in case he was bigger than we were , This was going back some time 96 or so.

Re:Baseball BATS !

[twoslice]

Now you did it, He has your IP address and his dad and him are coming over to your house right now to kick your ass....

Re:Baseball BATS !

[Cynikal]

hmm thats so freaky cause every script kiddie i ever met online was 6'2 and 230lbs

i wonder if its a gentics thing we could track down, find out what makes peopel grow to 6'2 and weigh 230, and do the script kiddie thing?

we could call it the script kiddie gene!

Re:Baseball BATS !

[Monkelectric]

In 97 or 98 I had a similiar problem, this 15 year old kid was rooting our servers and messing up our IRC channel, he never seemed to use the same IP, and honestly we just couldn't stop him. Fourtanately a member of our organization worked at IBM and he had a bit of juice with the security department. A few days later someone at IBM got us name and a phone number, and we called and had a long conversation with the guys dad :) Never heard another peep out of him, although we were all still very emberassed (hey erik if you're out there, email me!)

Re:Baseball BATS !

[geekoid]

you do that to my son, and your ISP will be the victim of a tragic backhoe accident.

Your revenge is measured in pounds, mine is measured in grains.

Re:Baseball BATS !

[MegaFur]

Ah yes. The powerful threat of "meat damage". There was some fakey "hacker" card game put out by WotC once where that could happen. I forget what it was called though.

Re:Baseball BATS !

[YrWrstNtmr]

They could have just called the FBI first. I think a nice frendly chat first works better for all parties, don't you?

Re:Baseball BATS !

[ZzzzSleep]

Quoth Megafur:

The powerful threat of "meat damage". There was some fakey "hacker" card game put out by WotC once where that could happen. I forget what it was called though.

Were you thinking of Netrunner perhaps?

Re:Baseball BATS !

[LittleGuy]

We did take a baseball bat along just in case he was bigger than we were ,

You *did* check to see if he wasn't a card-carrying member of the NRA, did you?

Re:Baseball BATS !

[Night+Goat]

Look, if you're not going to discipline your kid, don't be surprised if he learns the hard way. It's not like the guy even hit the kid, he just put a bit of realism into the kid's vandalism spree. It's a sad world when parents defend their kids' vandalism.

Re:Baseball BATS !

[MegaFur]

Yeah, that was it. The encyclopedia remembers it better than I do. I just remembered the phrase "meat damage". It made it sound so gross, but at the same time it's just a PC way of saying "get the crap kicked out of you".

I'm somewhat impressed that WotC doesn't totally deny it's existence. I probably would if I were them. It's not that it was a bad game (it may or may not have been, I don't know), it's just that it tanked so completely.

Re:Baseball BATS !

[illuminatedwax]

I can't believe he didn't stonewall you!
I can just see you guys:
You see what happens when you fuck a stranger in the ass?! YOU SEE WHAT HAPPENS WHEN YOU FUCK A STRANGER IN THE ASS?!!!!

--Stephen

Re:Baseball BATS !

[Oligonicella]

Right. If you don't have the nerve to correct your sons behaviour, I'd bet you don't have the nerve to confront anyone else. Sounds like yer just one of those folks who scream on forums because you know no one will do anything about it and it makes your nads feel better.
Take control of *your own* responsibilities first (read your son), before whining about someone else doing it for you.

Re:Baseball BATS !

[Jeremy+Erwin]

Steroids. Or, if you're a total wuss, you could try reading the back matter of "Muscle and Fitness"


"Why does it say, 'For Veterinary use Only'?"
"Never you mind that. You want to get big and strong, don't you?"

Re:Baseball BATS !

[psergiu]

Simmilar story. 17yr old h4x0r hacks and destroys all data on some server at my uni. The owner of the server - an prof who had his research data on that server - found from the uni network admins who was the culprit and at the next exam told to all the failed students that if "they will take care" of the h4x0r they will get a passing grade. They all did. The h4x0r spent next 2 months in hospital with both arms broken and other injuries. Not urban legend.

Re:Baseball BATS !

[YrWrstNtmr]

umm...that was my point exactly. Better to do a face to face rather than get the authorities involved.

Re:Baseball BATS !

[MHerrington]

I call bullshit.

Re:Baseball BATS !

[Reteo+Varala]

I don't understand what's the workup about...

He said that they brought baseball bats along in case the perpetrator was larger than they were, no doubt meaning to use it upon the possibility of violent response; at the time, they had thought this was a bank robber.

When they reached the place and found out who it was who was doing it, they did not threaten him with a baseball bat... they threatened to inform the FBI of a bank robbery.

Not a culture

[Lord_Dweomer]

This is hardly a culture. This is a personality stereotype. And a fairly accurate one at that. It's a derogative term used to identify people who do not make their software toys on their own, but instead download the hard labor of others and use it to perform meaningless, and often times annoying pranks.

I think I have a comparison to sum this up.

Script Kiddies is as much a Culture as 1337 5p34k is a Language.

Re:Not a culture

[rawb]

Maybe the 'script kiddies' aren't exactly what he was describing, and there needs to be a new term for the characters in the story, but what he did describe certainly is a culture.

When I was 15 I had a friend give me a few scripts which i ran randomly for a few days. I didn't go to chat rooms for that stuff. I didn't talk online with those people, and I didn't become involved in the alliances of groups. I was given a program, and I used it to get me some earthlink passwords. That's a script-kiddie.

The descriptions in the story, though, is definitely a culture where alliances are formed, a circle of silence and shadow is formed around those with 0day-whatever access, and the people who program the exploits most likely came up into the circle of trust by way of these allianced groups, gaining the trust of people higher and higher and showing competance in their coding.

The fact that attacks on government machines occur not for the purpose of attacking a government machine, but instead to trick your opponent into doing it and getting him/her into trouble shows it's a culture of its own, one that has no respect for the predominant culture and is willing to use our tools to hurt their enemy.

So yeah, I say its definitely a culture. WHether it deserves to be one or not is another matter altogether.

bah

[kurosawdust]

What I want to know is how the hell those guys ever understand each other when they talk in person.

"Dude that DOS attack was so seven-three-three-plus sign!"

Re:bah

[StuWho]

What do you mean "talk in person"? That would imply entering the real world.

Re:bah

[landrocker]

Spelling mistake. It was supposed to be 'Talk in prison'

Innate Security of Windows vs Linux

[miyako]

I noticed that microsofts statment that (if|when) Linux gains as much popularity as Windows, we will find that it is not inherintly more secure because "Using Linux does not make you defacto smarter"
Reading this I knew that SOMEONE would bring it up, so I might as well be the first
I think that as linux sits right at this moment, it does make one smarting to be using it, simple because it requires the user to be more aware of their system. I do not see this changing in the near future either, not because of the technical inability of linux to emulate Windows automagic configuration, but because the people who write the software do not seem to want that (I know I don't).
So does this mean Linux is more secure by default? I would have said yes if you asked me a week ago, but this last weekend I was at a LAN party and installed Linux on several machines of friends who were interested in learning about it. What I saw made me realize that in the hands of an average (l)user, Linux can be LESS secure
The thing is, even after my lecure I still had people choosing root passwords like "poopoo" and "iforgotit". Not only that, after a brief tutorial on how to do basic system administration through YaST (I installed SuSE 9 on their boxen), I had at least 3 people go in and turn on every single network service that was offered. One of these people even set up his box as an anonymous FTP server with read and WRITE priviliges to the root directory!
At the same time I had another guy logging on to IRC as root and downloading files, while I was taking care of these machines someone else had already created a user account and given the user name and password out to several people in his AIM buddy list.
I'm the last person to say that we should include less software with a distrobution. I think the fact that most distorbutions contain a complete operating environment is a good thing, but with a little bit of knowledge these people had already made their system much much less secure than a windows box with the security updates applied would have been.
The whole point of that rant being (other than just getting that off my chest), as linux becomes more popular I can easily see scripts writen to take advantage of clueless linux users just the same as there are scripts to take advantage of clueless windows users.

Re:Innate Security of Windows vs Linux

Holy Crap!!!

You mean that stupid/lazy *PEOPLE* are the weak link in most security systems?!?! I am SHOCKED!

Re:Innate Security of Windows vs Linux

[King_TJ]

Yep... but the real issue here isn't so much a problem with *Linux* and its defaults. It's much more an issue with giving the relatively clueless a server-grade operating system to use as their workstation!

Windows spares people from many of these fatal mistakes, simply by not offering the functionality. (EG. Accidently enabling an anonymous ftp server with read and write access to all directories.)

I think even Mac OS X would suffer from some of this, if it wasn't for the fact that Apple desperately wants to make some extra cash off selling a seperate "OS X Server" product. Therefore, many of the server-related services found in OS X are purposely pretty difficult to enable and use, unless you buy the "Server" version that provides control panels and menus to access them. (EG. Postfix or Sendmail, or SQL server support)

Re:Innate Security of Windows vs Linux

[toby]

Using Linux does not make you defacto smarter

But the fact it's more secure out of the box sure helps!

Re:Innate Security of Windows vs Linux

[Maserati]

Or you could look at the cost of OS X Server as being for the nice admin tools. Apple is well aware that much of the value proposition of OS X is in the GUI, APIs and development tools, that's what your $129 goes for. If you can handle config files or finding control panels and webmin tools online, then OS X Client is still a BSD variant and can compile and run pretty much anything. Heck, kill the Dock and Finder processes and run in X11.

Of course, the only good reason to not be running Linux or BSD then is if you must have a G5 because that for exactly what you do, it's the best bang for the buck. Although running YellowDog or SuSE on a Mac and using MacOnLinux (or whatever it's called) to run iTunes and other QuickTime stuff.

Re:Innate Security of Windows vs Linux

[imr]

Where in the article are they talking about the users of the machine they hack being clueless?
They are talking about using unknown exploits months before patches exist or even before the flaws are known. In that regard which system is the more secure do matter.
Not that anything you said isn't true, but the kind of script kiddie the article is talking about wouldnt get any kind of fame from taking advantage of users who alread shot themselves in the foot.
Now coming back to your point, I believe the social network would make a difference. Those users you depict are completly fresh to linux but they will need help sooner or later (well, ...sooner), and they will go to some suSe -red hat - mandrake - linux forum. There, they will get educated.

Re:Innate Security of Windows vs Linux

[S.Lemmon]

"Windows spares people from many of these fatal mistakes, simply by not offering the functionality. (EG. Accidently enabling an anonymous ftp server with read and write access to all directories.)"

No in windows someone just shares their entire hard drive to the world!

Re:Innate Security of Windows vs Linux

[Ironica]

Where in the article are they talking about the users of the machine they hack being clueless?

Here:

Roblimo: One thing Microsoft spokespeople say is that if Linux were as popular as Windows, it would be attacked as much, and that as Linux starts getting used by more clueless people, those attacks will get easier.

Andy: With the sorry security history Microsoft has, and the low level of computing proficiency its customers have, not to mention the abundance of machines on cable and DSL IP ranges that aren't behind hardware routers, I agree to a good extent with Microsoft. People switching to Linux do not de facto get smarter.

Re:Innate Security of Windows vs Linux

[Felinoid]

In the first hours of a new Linux users experence with Linux they have set up network services, set passwords and started getting things going.

Thies are Windows users who are perfictly happy with the way Windows works so one could hardly blame them for replicating that behavure in Linux.

And yet:
The thing is, even after my lecure I still had people choosing root passwords like "poopoo" and "iforgotit".

You got them to use a password. That is unheard of on Windows.

As a former BBS Sysop I'd say most of my users used the password of "password".

Re:Innate Security of Windows vs Linux

[azaris]

I think that as linux sits right at this moment, it does make one smarting to be using it

Apparently this effect is not noticeable in writing.

Re:Innate Security of Windows vs Linux

[imr]

Right, but I maintain that this is a side track from roblimo, which is not directly related to the kind of attackers the article is talking about. Not being clueless doesnt help when the so called "kiddy" has an undisclosed exploit for month.
But you get the point :)

Re:Innate Security of Windows vs Linux

[Ironica]

Not being clueless doesnt help when the so called "kiddy" has an undisclosed exploit for month.
But you get the point :)

Sorry, maybe I should have extended the quote to include the part where Andy mentions that, on his Linux system, there was some nasty exploit that he was already immune to because he'd configured things more securely. It's right after the part I did quote.

So he definitely thinks that cluefulness plays a role in making one less vulnerable to this kind of hacking, whether or not they're 0-day exploits.

Re:Innate Security of Windows vs Linux

[imr]

I already said you were right and proved me wrong, so there is no reason to continue in this direction.
But no, this guy Andy is not an USER. If you need to be able to compile your kernel to be qualified as a "NOT clueless" USER, then there arent many such users out there.

Though my equipment is DoS and intrusion hardened, I can guarantee you no end user who's just installed Mandrake or Red Hat for the first time will be able or willing to read through the GRSecurity manual pages and implement policies and overflow protection in a recompiled kernel.
This is not the behavior of a user, wether clueless or not. As a matter of fact, if the above is really needed, it should be the job of the kernel maintener of each distro!

Hrump.

[Nicholas+Evans]

After reading ths, you do start to think what would happen if someone big like CNN or MSNBC ran a story on the FBI not bothering with a bunch of kids who seem to be more dangerous then Al Queda. Honestly, do you expect another 5 or 6 terrorist attacks tomorrow? What about 5 or 6 people cracking into servers, messing with corperations, DoSing government servers...

Re:Hrump.

[Ohreally_factor]

The main reason the FBI is ignoring problems like these is to help along "trusted" computing. They say now it's not worth their time to investigate. Later they will say the problem is too big to combat without the right tools, those tools being your loss of control of your computer and other civil liberties.

why dignify this sort of activity?

[bsDaemon]

Like "terrorists," "script kiddies" and other "h4x0r" types just do this sort of shit for the notority and publicity. Unlike terrorists, they have no real goal. Therefor, once the publicity, which creates a justification for the activity, disapears the activity will become unprofitable in the sense that fame is a comodity which is worth something.
It'd be better just to ignore the little fuckers until they grow up and go away. At least, that is how it seems from where I sit.

Re:Anyone have personal experience on this aprt?

[eht]

Obviously not what he is quoting.

Save your IQ!

[Jugalator]

Save your IQ from dropping a few points by not clicking the link in that article. :-O

Wise words

[Rick+Zeman]

Timothy said it best:

from the culture-is-a-strong-word dept.

Re:AOL H@x0rZ!

[cmacmanus]

No, it qualifies you for MENSA.

wasn't this...

[fermion]

the point of Dexter's laboratory. Some kid driven to demented acts of violence and creativity by the inane action of his older sister.

Society Problem

[rotty]

It's not a hobby, it's a social life. These kids don't have much outside of this. Most of them, if they were to go parties they would get beat up. This is their social life.

Well, the whole article just talks about how to prevent the "skript kiddie" behaviour, but no word about that the cause might be our society, not giving these kids a way to enjoy theirselves without involving in malicious actions. It's the same as with drugs: everybody is talking about how to stop drug dealing and consumption, but little is done to tackle the root of the problem; the reason why the kids are not welcome on parties, get bored and thus involve in DDoSing or start experimenting with drugs.

Re:Society Problem

[King_TJ]

I think it's mainly a result of the "generation gap".... You've got parents who know very little about their own computers, and their kids who are pretty comfortable getting around online with it.

I've known quite a few kids/teens who got into loads of mischief with their PC, despite having otherwise caring and pretty observant parents.

Their folks were just sucked into the idea that their kids spending a lot of time on the computer had to be a "good thing", since they were learning "useful skills" and "doing something more educational than sitting around, watching TV".

There are plenty of things to blame parents for, but this is probably not really one of them. If you're the parent of a kid who is of "above average intelligence" and generally seems to stay out of trouble (not doing drugs and partying all night long, etc. etc.), and you're not too computer literate yourself -- just how much are you supposed to do when he/she figures out how to DoS corporate networks with his/her newfound online buddies?

Re:Society Problem

[rotty]

I was not aiming my comment at the "unobserving parents", but rather my idea was that in a "better" society, those kids would have other ways to have fun, be it partying all night long (occasionally ;-)) or some other non-destructive activity (well, one might argue that partying tends to be self-destructive, but that's another thing).

*cue Steve Irwin aussie accent*

[enrico_suave]

Krikey... here we see the script kiddie in his native habitat, his parents spare room... look at how he asks for warez and 733t scriptz in AOL chatrooms...
We musn't approach too quickly or we'll startle the little feller...

Re:*cue Steve Irwin aussie accent*

[what+the+dumple+is]

G'day toiny script kiddie!

Re:*cue Steve Irwin aussie accent*

[maxbang]

Lemme just git a li'l closah so I can stick me thumb in his arse...there we go!

Configure your router/firewall correctly

[PacoTaco]

Everyone please take the time to configure your gateways to drop outgoing packets with spoofed source addresses. This doesn't take long and potentially saves everyone else a ton of grief. Logging these funny packets is also a good way to tell if a machine on your network has been compromised.

Re:Configure your router/firewall correctly

[LostCluster]

Those using Cisco products aren't the bigest problem. It's those using cheaper products that don't even offer this feature at all.

Re:Configure your router/firewall correctly

In the interface config for the uplink to your isp:

ip access-group access-list-N out

Back in general config:

ip access-list N allow 10.42.101.0 0.0.0.255
ip access-list N allow 192.168.1.0 0.0.0.255
ip access-list N deny 0.0.0.0 255.255.255.255

Where the first two statements allow outbound packets with source addresses of 10.42.101.0/24 and 192.168.1.0/24 and the final statement (match all) denies any packet for which the src address was not matched in the previous two statements.

I have not touched a router in a couple years, there is probably a more straight-forward way of doing it now. Also the cisco syntax for netmasks in ACLs is a bit wierd, you should consult the documentation to make sure I have it correct.

If you have dual-homed customers of your own this will not work without adding their foreign space to the networks that are allowed out. This only works for the simplest configurations, which is the reason that large ISPs do not do do this sort of thing.

Re:Configure your router/firewall correctly

[TCM]

ip access-list N allow 10.42.101.0 0.0.0.255
ip access-list N allow 192.168.1.0 0.0.0.255

The mask corresponding to a /24 is 255.255.255.0. And the address spaces you posted are RFC1918 ones which must be disallowed to leak outside.

The thing that gets me...

[Phil+John]

...is that some of these kiddies seem to strive to bring down the one thing that gives them any sense of purpose.

Like the attacks on the root servers, well done, bring the domain name system down, now update your hosts file by hand when you want to visit a website/chat on irc to your mates about how 31337 you are.

It doesn't sound right...

[bentonsmith]

...the interviewed party sounds like he's making things up as he goes along for greater exposure and interest. There is nothing there that jumps out to me and says "liar", but at the same time, I think that the interviewee might have been, er thinking about this topic too much and might be blowing things out of proportion just a little bit.

Do people on IRC attack conference line services? Oh yes, I've seen it being done several times, and FoF is something of a wheel in this scene. Are said hijacked conference lines used for neferious purposes? I'm sure once in a while, but really they are mostly used for the purposes of socialization... same as has been the case with phreaking the past.

What do people do the first time they phreak? They call a faraway place and talk to someone just because it is neat to talk to someone in England, or Fiji or somewhere far away without cost.

What is the primary use of these phreak'd conference lines? Socialization, a way for people who are geographically distant who have got to know each other on IRC to talk to each other without cost. Believe you me, the content of these conversations is far more likely to contain dreary e/n stuff rather than Plots To Take Over The World.

The intimation that this culture could somehow be for sale to nefarious people and powers is frankly outrageous and hysterical at the very same time.

Re:It doesn't sound right...

[anticypher]

you could get your FCC license...and talk to anyone else in the world with a HAM rig

That limits you to talking to another group of people with essentially no lives, HAM operators. ;-)

To be honest, most HAM operators these days tend to be older, highly technical people with a strong sense of community and civic responsiblity. They mostly also have a good sense of humour about themselves (please don't hurt my karma too much :-)

Most skript kiddies just don't have much technical abilities, certainly not enough to handle antenna design, RF propagation or analog electronics. They are restricted to very limited interaction with others of their kind, with only a cheap PC running windoze or linux, and a basic internet connection. Everything attached to their computers is easily purchased, off-the-shelf consumer electronics. They are incapable of showing technical competence, because they don't have any true mentors to guide them to bigger and more constructive pursuits.

many people who choose such illegal activities...don't do a cost/benefit analysis

Most of the skript kiddies / graffiti artists / vandals / arsonists tend to be acting out of anger, rage, helplessness, fear, and no sense of belonging. They're not intellectually developed enough to do CBA, they just want to destroy things to prove they can do something, anything. Its far easier to destroy using materials at hand than to create by collecting and using new materials.

the AC

Re:You don't know you're born.

[gnu-sucks]

Back in my day, we had to walk our packets to and from the server, uphill, BOTH ways.

Now if only these kids had some direction....

[newdamage]

I know this is just asking to get flamed, but if these kids had some proper motivation and direction, they could probably do some pretty impressive stuff.

I know script kiddies are the bottom feeders of the hacker/cracker world, but most are still very young. But they obviously have enough technical knowledge to cause alot of trouble, and channeled in the right direction they could probably grow up to be fairly proficient developers and really become an asset to the tech community.

But then maybe I'm just being naive and optimistic.

Re:Now if only these kids had some direction....

and if we were listening; what would you say?

Re:Now if only these kids had some direction....

[Ironica]

I know this is just asking to get flamed, but if these kids had some proper motivation and direction, they could probably do some pretty impressive stuff.

You're not asking to get flamed; you're asking to get volunteered to start a mentoring program. ;-)

Re:Now if only these kids had some direction....

[KingJoshi]

In line with what I responded to a post above, that your understanding of "fun" is restrictive.

There is a world of "fun" that you don't know about nor understand and are not willing to see if you enjoy that have nothing to do with destruction or causing annoyance to others. That helping people can, in itself, generate a good feeling in and about yourself (though you have to be careful who you help, cuz sometimes those people can pester you more). As a bonus, it can feel good to be appreciated and those people may reward you later. If you have skills with computers or desire to learn more, than there are many ways to expand that knowledge and fulfill curiosities without harming others.

People are differently so I can't know what will click for you. Hell, I don't much like reading, even less when it is out loud, but I started volunteering reading to little kids (and having them read to me) and I like it. As a bonus, I'm the only male volunteer (all college students) :D

Who know what you will find for yourself, but there are so many things that to follow a path that's not only illegal, but not one you can sustain a life doing doesn't make much sense. Especially when there are so many good options on what you can do, and you'll learn and enjoy things you couldn't have imagined.

Re:Anyone have personal experience on this aprt?

[Burpmaster]

Um, he specifically said that you can't take control of somebody else's compromised machine even if you just use that control to remove the trojan that allows people to take the machine over. That is legally considered the same thing as hacking their machine in the first place.

Being a script kiddie...

[KalvinB]

...isn't so bad if you're learning by example with the intent to escape being a follower. A script kiddie in the best sense is analogous to being an apprentice. In the worst sense it's a term for annoying no talent hacks with nothing better to do.

I don't think there are many programmers who weren't at one time or another "script kiddies" who simply cut and pasted code and then tweaked it a bit to see what happens.

There isn't really any problem with this as it's a good way to learn how to code quickly depending on your learning style.

The problem comes in when you cut and paste code and mistake yourself for having some kind of talent. Those are the annoying ASL types.

Anybody can cut and paste code. It takes talent to take the code and make it your own or even just apply it to something it hasn't been applied to before. I took a pretty standard and quite buggy A* implementation and turned it into a blazingly fast scalable path finding class suitable for doing real time path finding over massive (miles of 10m data) distances by land or air.

And I still only have a vague idea of how A* works.

Ben

Re:Being a script kiddie...

[Unregistered]

who simply cut and pasted code and then tweaked it a bit to see what happens.

Bah, back in my day, i had to copy it by hand from a book into qbasic on windows 3.11. None of this fancy copy and paste bs. An i liked it.

Re:Being a script kiddie...

You kids. We poked hex codes to memory addresses on c64. Pages of them. And we liked it!

ps: Watch out for old fart following up with even more obscure shit.

Re:Being a script kiddie...

[dirgotronix]

Young whippersnappers! In my day we didn't even have existence! We had to sit around in a void and WAIT for existence so we could ponder walking uphill in the snow! BOTH WAYS! (beat that?)

Re:I....

[StuWho]

In Blair's UK, the scripts kid you

Re:/me

[vegetablespork]

That ad struck me like a satanic poster hanging over the crucifix in church.

Re:Ah the Kiddies, joy

[StuWho]

Get out more, learn to spell "elite" properly, and pay damages to the RIAA.

Kiddie sure fits

[77Punker]

Wow...these people exchange nude photos of each other, exchange phone numbers and other important data, get fucked over by all their "friends" they've never met, and then try it again. I'll stick with video games, thanks.

The part I found most interesting

[scubacuda]

DoSnets have three components. A binary, either a trojan or worm (if it's self-spreading) infects machines which are called drones. These drones then connect to a DDoS server, which is generally an IRC server which has been stripped down to make detecting and cleaning the drones more difficult.

There are operators on [major IRC network] who dedicate a large part of their time to finding and deleting these drones and drone servers, along with contacting providers whose machines are putting out the binaries. It should be noted however that this activity is ILLEGAL and viewed by the authorities as a violation of computer crimes laws. As a rule of thumb, unless you have paperwork from a judge saying you can touch a compromised machine, or you own the machine in question, don't touch it.

Picking up and putting your fingerprints on a gun found in the street is unwise. So vigilantism or "policing your network" or server is illegal. If you touch those compromised boxes, you go to jail; if you don't, the kiddie, seeing you, might very well turn around and packet you. It's not a good situation.

Anyone have an example of someone doing this and getting busted?

Oil just jam me thumb right up is arse

[StuWho]

E won't like that.

Crikey!

Re:Oil just jam me thumb right up is arse

[Spazzz]

Actually, he might get a thrill out of it! ;)

Script Kiddie Culture?

Here is a much better site portraying script kiddie culture on a daily basis

thanks

[Jafafa+Hots]

interesting article. :sigh: you know, if I knew how to use a computer, I could RULE THE WORLD!! :(

TOTAL misnomer

[Ironclad2]

And here I thought the article was about youth Shakespeare groups!

The sad thing is...

[oldosadmin]

These kids could be doing something useful. Like writing linux code or something. When I was a kid (read: preteen), I was learning how to code websites and work on computers. Now, it's a career.

Well, at least they are murdering the preppie kids in school. I'd rather be DDoS'd than Uzi'd.

Re:I....

[dotgod]

Has it really been long enough that an "In Soviet Russia" post is not funny again and no longer a troll?

Nice question!

[955301]

I'm betting that the kiddies play a role, in much the same way the messenger does for the author of the letter.

And like the messenger, they are more likely to get shot by the good guys when the let a hack loose into the wild.

Could it be that a few black (and possibly white) hatters find that they serve a purpose?

Re:Nice question!

[KlausBreuer]

>Could it be that a few black (and possibly white) hatters find that they serve a purpose?

Script Kiddies serving a purpose?
Well, yes. Lenin called such people "useful idiots".

Especially useful for "security consultants" who know very little about it except how to set up a software firewall. Afterwards they'll write long articles on how good they are ;)

Translation

[$0+31337]

didnt = didn't
reckognized = recognized
mne = me
Im = I'm
andd = and
gfod = god

Damn... I sure as hell hope you're not a programmer at your job. If so, I'd love to see some of your code

#!/usr/been/purl

opin(INFILE,"/etc/paswd") || die("Fil naught fownd");

Sorry about making fun of you, please don't bring your dad to my house.

Re:Translation

[MajorDick]

No problem, I was watching TV , actually I am a programmer :), I also type 120 wpm (less error corrections) by the time I correct all my mistakes Im at about 70 wpm :) I am undoubtedly one of the fastest and worst typists on slashdot.

Re:Translation

[telstar]

"I am undoubtedly one of the fastest and worst typists on slashdot."

• Don't forget to add that to your resume.

Re:Translation

[trick-knee]

duno about the poster's speed, but check out felinoid's comments, some in this thread. you don't hold a candle.

felinoid usually has something of value to say, but I think the moderators (and myself) have a hard time getting past the spelling. seems to have an affinity for cats.

Re:Translation

[LC+Gundo]

I also type 120 wpm (less error corrections)

less error corrections and replies to nitpickers

[time to draft and post this reply: 6 minutes]

Re:Translation

[MajorDick]

I was a plumber, had to quit because of my son, he was born needing a liver transplant (he got one at 9 months old) that was 8 years or so ago, the doctors didnt want me bringing home any of the niceties that went with plumbing, Hep A, B or C, or CMV, CMV is really bad news for people who are iummunosuppresed.

Since it ti almost slashdotted - The Article -

[Unleashd]

A peek at script kiddie culture
Friday March 05, 2004 - [ 08:00 AM GMT ]
By: Robin 'Roblimo' Miller

The more things change, the more they stay the same. Andrew D. Kirch, security administrator for AHBL, infiltrated several script kiddie groups and shared some of his findings with us via IRC. From the (edited) interview transcript, you'll learn that one of the "new waves" in DDoS coordination is hijacking corporate conference call facilities, which is really an update of good old '60s-style phone phreaking, plus some insight into why some DDoSers do what they do -- and some tips on how they might be stopped.

Roblimo:

How and why did you get started tracing DDoS perpetrators?

Andy: Part of it landed in my lap, and part of it was the attacks on the blacklists last summer. I met a [foreign] hacker a few years back on [major IRC network], and we founded an IRC network. Last March he contacted me, as I have some influence on [major IRC network]. An administrator was running illegal (against network policy) code, and they wanted someone from the outside that could independently log and prove it.

Roblimo: So this started on IRC?

Andy: Correct. Most things that these kiddies are doing are coordinated on IRC, or hijacked conference lines through carriers like AT&T or XO.

Roblimo: When you say "hijacked conference lines" do you mean phone conference lines?

Andy: Correct, business conference lines.

Roblimo: I've seen nothing in the press about this problem.

Andy: There is still an element of phone phreaking, it's simply upscaled in technology. Want to talk on one right now? :)

Roblimo: How does one go about hijacking a phone conference line?

Andy: That's one I haven't figured out yet. I'd have to assume it'd involve wardialing extensions into the system. Occasionally they're also liberated from work.

The policies on [major IRC network] allow quite a bit of freedom and privacy and make an excellent place to coordinate actions if they're to be taken off the network, or start "wars" with each other. Largely these actions have been ignored up to now. These kiddies band together into groups that have something between a street gang and Mafia personality. Friends of friends type stuff. When there's a major war, as there was a month or so ago, alliances get changed. The same occurred when the RPC.DCOM exploit came out last May. (And no, May isn't a typo.)

Editor's note: per the link above, the RPC.DOM exploit wasn't known to most of the world until September 2003.

The [hacker] group I've been monitoring just picked up a few people who are into that sort of thing, but I haven't seen them work much yet. A common theme is everyone switches sides about once every 6-7 months.

Roblimo: Switches sides?

Andy: Consider the people and the medium. You've got a lot of adolescents, and young adults with minimal if any social life. The interaction is not going to be on the same level as people with broader social experience. Considering that, and the ability to cripple a medium-sized ISP, there's going to be relationship issues, especially when you throw the sparse quantity of girls into the mix.

There was a girl in the channel, went by the nick ricki [name changed to maintain confidentiality]. Along with the phone conference aspect, there's also the prank calls. Friends even prank each other. Well, one of the guys pranked ricki. She took offense, and convinced two members of the channel to take it over. Both sides started firing packets, and my line was down for about 2 hours until the channel was sorted.

The war isn't really won on IRC. A win looks something like this: (if it's still up) http://www.geocities.com/kylegotpwnt/. This guy hung up on a conf when it was decided to prank him. So the general course of a war is that words get exchanged over whatever the current "drama" is. Packets are fired, and shellhosts or IPv6 tunnels go down. Then there's a mad rush to "pull dox

Re:Since it ti almost slashdotted - The Article -

This is a Newsforge article. It's part of OSDN, just like Slashdot. In other words, the chance of Newsforge getting slashdotted is only slightly better than the chance of Slashdot being slashdotted.

hmm

[Jexx+Dragon]

Hmm... I never was a script kiddie, I could very well be, I'm of the right age, heh. Maybe because the fact that I know several ways to screw up routers and computers I have always thought that creating something is much better then distroying something.

Though from I see in the article most of these so-called Script Kiddies probably have more skills then I do, or at least more will to find remote holes and such.

The key to stoping these people is to teach them that creating a program, or using their knowledge to fix the security problems they find will pay a lot better then simply attacking remote systems and downloading/writing damageing scripts and worms. Maybe not a perfect solution, but I think such reconditioning would certianly stop the majority of them.

Re:hmm

[Ironica]

The key to stoping these people is to teach them that creating a program, or using their knowledge to fix the security problems they find will pay a lot better then simply attacking remote systems and downloading/writing damageing scripts and worms. Maybe not a perfect solution, but I think such reconditioning would certianly stop the majority of them.

Not until our child labor laws are tweaked to allow 15-year-olds to do contract development work. Until then, they'll still be doing what they're doing, because they can't do anything else for an eternity (i.e. at least three more years).

Re:Ah the Kiddies, joy

[DataPath]

I think what they need is a nice User Friendly abacus.

Yeah - try coordinating a DDoS from that!

Script kiddie "Culture???"

[swordgeek]

Wonderful. Now the vandals have a culture. Charming. Let's next do an article on the graffiti "artists" who spraypainted my brother's garage. How about the spamming "free speech activists?" Or the good souls at NAMBLA?

Vandalism is vandalism, and crime is crime, no matter how you dress it up. Criminals have a long history of pretending to walk to the beat of a different drummer, being misunderstood, put-down, trod on, etc.; but at the end of the day, they're just fucking criminals looking for a scapegoat instead of taking responsibility for their crimes.

Re:Script kiddie "Culture???"

[Jerf]

Calling it a "culture" is simply descriptive, not a value claim. There are illegal drug cultures, too. In fact, there are several quite distinct drug cultures; casual weed smokers are different from the hard drugs are different from the ecstasy group. There are quite a few other criminal cultures too.

They meet every criteria for a looser definition of "culture", such as one might describe a hacker "culture" or a sports fan "culture". Of course, they aren't a seperate culture like "US culture" or "French culture", but from context, most people won't mistake the two.

You seem to be seeing an implicit claim that "all cultures are equally valuable", which is a post-modern conception. While there are some academics who would take it down to the finer-grained culture definition (e.g., "hacker" and "ecstasy"), most people apply that only to the coarser-grained one ("French", "Chinese", etc.). Most people would agree that there definately are some cases where one [fine-grained] culture is clearly inferior to another, so by calling the script kiddies a "culture" doesn't logically imply that there is a claim that their actions are OK because all cultures are equal. (There are even some atavists like myself who reject post-modernism entirely; makes it easier to ID implicit post-modernism it when I see it then those who are steeped in it.) Given a choice between a person joining script kiddie culture or joining a sports culture, I know which is more likely to turn out well for both the person and culture at large.

Thus, there are also graffiti cultures. I'm unsure about NAMBLA, I have no idea whether they qualify as a culture, but I doubt it. Similarly for "free speech activists"... other then similar beliefs on free speech issues, that doesn't otherwise imply an outlook, a unique jargon, dress patterns, frequent organized or semi-organized social encounters, etc. that one would normally associate with a "culture". (Script kiddies are odd in that their associations are strictly online, but their demographic similarity, speech patterns, thought patterns, and online meetings are enough, I'd say. Note I'm not trying to carefully define "culture" in this sense since it would be very difficult to match what me mean by the term.)

Re:Script kiddie "Culture???"

[Daltorak]

I'm sure the "good souls at NAMBLA" will appreciate us calling attention to a society of 'kiddies' who have no social life, know how to chat about 'body parts', and exchange nude pictures over the Internet.

Re:Script kiddie "Culture???"

[Saint+Aardvark]

Thanks for beating me to the punch; you said it better and more coherently than I could.

I am now blessing your keyboard...

Re:Script kiddie "Culture???"

shut up you ignorant fuck. i hope your brother's garage is back to an acceptable flat white already! omg! what narrow minded bullshit.. insightful, BAH. you might want to paint things black and white but the world lives in color.

also you obviously know fuckall about the meaning of the word "culture." i hope you read the other replies which have discussed this.

Re:Script kiddie "Culture???"

[swordgeek]

Your post is, so far, the only coherent reply I've seen (with the exception of a rather funny comment about NAMBLA).

I don't have a problem per se with the distinction between a formal and/or macro culture, vs. an informal microculture. The problem I see, though, boils down to this: You say,

"Most people would agree that there definately are some cases where one [fine-grained] culture is clearly inferior to another, so by calling the script kiddies a "culture" doesn't logically imply that there is a claim that their actions are OK because all cultures are equal."

This makes perfect sense for rational people. However, the existence of a culture implies some sort of internal structure and value system. Script kiddies, for instance, may have an unwritten code of how to behave towards each other. Any value system like this, unfortunately starts to look rational from a certain perspective; we can easily start to question if their values ARE legitimate, and if we should embrace them as different-but-equal.

It sounds ludicrous, but it happens not infrequently. And of course, once that door has been opened even slightly, there's a whole world of "unfair persecution" for the members to hide behind.

I would say that there comes a point where instead of trying to understand a 'culture,' we start arresting the criminals for their crimes, instead. We can't let society's mores go unquestioned, but it should be pretty easy to see that one person (or group) violating the property of someone else for fun and entertainment (and knowledge too!) is a very straightforward crime.

Re:Script kiddie "Culture???"

[Ironica]

Wonderful. Now the vandals have a culture. Charming. Let's next do an article on the graffiti "artists" who spraypainted my brother's garage.

Actually, a fellow student of mine is doing his thesis in Urban Planning on that very topic. Mostly he's looking at how graffitti and tagging are an attempt to claim public space in an increasingly privatized world.

Vandalism is usually a reaction to something. Instead of bitching, if you find out what it's a reaction to and then see what you can do to address the issue, you'll have a lot more success and peace in your life. It may not always be something under your control, but the gut reactions we tend to have to these types of acts often simply make the root causes worse, and perpetuate the situation.

Re:Script kiddie "Culture???"

[Second_Derivative]

Vandalism is usually a reaction to something.

*deletes strong opposition post he just wrote out* Actually it is but not in the sense you probably mean. Vandalism is usually just an attempt to exert some sort of power over you. They can hit you and you can't hit them back, therefore they are stronger than you. The mechanism is spray cans or bricks through the window and not fists but the principle is the same.

Having said that, there are an increasing amount of louts and instead of showing them contempt, it helps to think of them as social aberrations and figure out what is producing them. Irresponsible parenting and the present school system would, I imagine, feature highly on the list. Being a script kiddie is not so much about having no ingenuity of your own, that's just a common factor. A script kiddie is differentiated by a hacker by the fact that a hacker breaks into a system for the challenge, whereas a script kiddie breaks into a system to exact damage and humiliation; basically to "beat you up", because they can't be the big tough school yard bully in real life.

Re:Script kiddie "Culture???"

[Oligonicella]

"Instead of bitching, if you find out what it's a reaction to and then see what you can do to address the issue"

Ah, yes. The "it's not really the fault of the criminal" ploy.

He really didn't vandalize because he enjoys destroying property, he's just misunderstood.

Right.

Re:Script kiddie "Culture???"

[Ohreally_factor]

Ah, yes. The "knee jerk reaction" ploy.

No where did the poster suggest that the behavior was excusable. He suggested that it might be explainable. It takes a certain amount of sophistication and intelligence to see that if you understand a problem behavior that you might be able to prevent it. Prevention is usually cheaper than reacting to the problem after the fact.

Re:Script kiddie "Culture???"

[swordgeek]

Interesting. I might disagree entirely with it, but I'd like to see some of the arguments.

For instance: Does he differentiate between graffiti on public structures (bridges) and private ones (peoples' houses)? Or between vandalism of manmade vs. natural items?

Ultimately though, I still say that studying the causes is counterproductive. By trying to differentiate between little shits who like destroying and "souls in anguish, trying to establish themselves," we are giving credence to one form of vandalism, whatever the medium used is. Studying and trying to ascribe causal connections to abberant behaviour does implicitly validate their actions to some extent.

Let's swing back to the example of script kiddies and (black hat) hackers here. We can study them in an attempt to understand their motivation, but all we're doing at the end of the day is suggesting that their motivation might be legitimate, which is (as I said) counterproductive. What leads to script kiddies? The same old things: Bad parenting, bullying, a sick mind, overactive hormones, etc., etc.. The same things that have lead to criminal behaviour for centuries. There's nothing new here! There's no great insight to discover! Bad behaviour should be punished, and if there's a valid need to study it, then study it by visiting a jail, like they do with serial killers.

Neil Gaiman's Sandman comics actually had an EXCELLENT example of this, now that I think of it. (I'm not a comic fan generally, but Gaiman is a brilliant writer) The series called, "The Doll's House," was about the self-glorification of serial killer culture. Damned scary, and thoughtful.

Re:Script kiddie "Culture???"

[BadDreamer]

The culture of organized crime exhibits the traits you fear; internal structure, value systems, unwritten code of behaviour. It definitely qualifies as a culture in the same sense. Yet there's no risk of the same thing happening - unless society changes abnormally much, noone will argue that placing two bullets to the back of the head of someone is a legitimate response for delayed payment of a loan. It doesn't matter if this is considered perfectly acceptable in a widespread criminal culture.

The same goes for the behaviour in the h4Xx0r scenes. Political correctness has been taken to absurd extremes in the US today, but not *that* extreme.

Re:Script kiddie "Culture???"

[Ironica]

Ultimately though, I still say that studying the causes is counterproductive. By trying to differentiate between little shits who like destroying and "souls in anguish, trying to establish themselves," we are giving credence to one form of vandalism, whatever the medium used is. Studying and trying to ascribe causal connections to abberant behaviour does implicitly validate their actions to some extent.

It seems that for you, to analyze the causes for an action is to validate the action; in other words, to simply suggest there's a reason is to remove blame from the perpetrator. I don't agree. For example, I've spent a whole heck of a lot of time and money in therapy, because my parents screwed up big-time in a couple areas. They are the *reason* I have all this crap to deal with. But, rather than absolving me of dealing with it, it's a starting point for working it out. It's actually *impossible* for me to take responsibility for and solve my problems if I don't understand where they came from.

This is a similar case. It will do NO GOOD to try to prevent vandalism with enforcement and laws, so long as the things that make people think it's a good idea persist. They'll simply find new ways to do it. In my city, it's illegal to buy spray paint or paint markers if you're under 18. Great, so now the kids are asking the guy who buys their cigarettes to pick them up some cans of spray paint at the same time. That helps a bundle. *rolls eyes*

One does not have to give "credence" to any form of vandalism in order to examine its causes and determine if there is a cheaper, healthier, more effective way of preventing it. What you may be afraid of is discovering that certain types of vandalism serve an important purpose for some elements of society, and that removing the mechanism entirely would cause even greater problems. Unfortunately, if that turns out to be the case and we only find out *after* we've had some success at removing vandalism (without addressing the more pertinent issues), we have a bigger problem.

Of course, the other thing that frightens people is the idea that we might all share in the responsibility for and the solution to such problems. No one wants to give up any small part of what they consider theirs, even if the overall reasons seem very laudable. This is something that we may just have to outgrow as a culture before we can coherently address very many "societal ills," such as petty crimes like vandalism.

Personally, I don't think there's any difference between little shits who like destroying things and souls in anguish. I want to know what makes the little shits enjoy destroying things, and resolve that, because I believe they *are* souls in anguish. Maybe they need more, or less, discipline at home. Maybe they need more, or less, structure to their education. Maybe they need some serious therapy and a bit of medication to sort out chemical imbalances in their brain. *I* don't pretend to know. But I also don't pretend that it's some mysterious force, like the weather, over which we can exert no control except to lock it out of our lives.

Appropriately timed article

[Texas+Rose+on+Lava+L]

A Peek At Script Kiddie Culture

Posted by timothy on Saturday March 06, @06:03PM

We all know "5cr1p7 k1dd13z" don't have much of a social life, so there should be plenty of them around to comment on this article on a Saturday night. The Slashdot editors are smarter than a lot of people want to give them credit for.

Re:Appropriately timed article

So the solution to all our problems is again this: girls need to put out more, especially to geeks.

Charging for bandwidth

[LostCluster]

I think the biggest problem with DDoS attacks is that users who are outwardly sending a DoS might just not care to realize that they're doing so. Afterall, it doesn't harm them. It drives somebody else out there insane, but there's no harm to them in losing the upbound bandwidth cycles they weren't going to use.

Maybe at this point capping a cable modem's upbound bandwidth, or at least charging more for the overage would make the user who uploads DoS packets that contribute to a DDoS have to pay for doing so...

Yeah, I know this is the RIAA's dream because it'd also cripple P2P uploaders, but they weren't up to any good anyway either. If you've really got something to share, get yourself a web server at some server farm somewhere...

Re:Charging for bandwidth

[KenFury]

Kow know I feel pretty strong as I am giving up mod point to reply but.... NO.

Think of all the good things that upstream useage is for. Just running a small game server/hosting Multiplayer for a weekend will pretty kill a 512k line. To say nothing of SSH to the box at home, VNC/Xterm/Terminal Services, (legit or grey) file sharing. The real challeng is making your border routers work for you. Not cheap but it will pay off in the end.

The only reason I can see ISP's wanting to cut upload is control or power. I get the felling that as far as comcast/verizon/other big telecom are concerned we are consumers and the only reason we need more bandwith is to consume more not produce content on our own.
Having said that I think that in the next 3-5 years we will have a real two-teir system 256up/768down NAT'ed lite connection for consumers, and a 3meg up/down for techies.

What we really need to figure out is how to combine QoS, packet filtering, transparent proxies, and local mirrors and good ISP hosting solutions to really cut down on traffic. Imagine Joe User. He runs kazza, plays some online games, a fair amount of web browsing, and downloads game patches, and has a pretty good pr0n habit. He also has a server that he uses to show a love of cats and host games. He also has 3meg up/5 meg down line, however the traffic is limmited to 512/1.5 meg at the border router.
The QoS caps his P2P at 128/384, more that enough to get what he want without killing the network. His web browsing goes through a transparent proxy using Policy based routing, cutting the traffic in half. Any traffic coming off the proxy as well as mail and news comes in at 5meg. Same thing with game patches/legit ISO's. Since all of this traffic is coming off a "local" server it has no cost. He also has a colocated box along with 1500 of his friends and neighbors. He has local root.administrator and can host games/web pages off it.
Lower bandwith costs, better response as far a the user is concerned. everyone wins. Of course you do have to have trained Sr. Techs/Jr. Sysadmins but not too many.

This "Insider" is a packet kiddie.

Andrew D. Kirch aka "trelane" is a known "packet kiddie" amongst most EFnet IRC operators and administrators. He's very much an active member of "sigdie" run by OseK (http://geocities.com/osek_owned) which does indeed (D)DoS other IRC servers amongst other people/businesses. trelane has also been seen bragging about "taking down" servers such as irc.qeast.net and irc.vrfx.com. I've also been told that the provider of a current efnet server almost sued him civilly for his involvments in attacks said provider received. Long story short, this "kiddie" is by no means a white hat who managed to work his way behind enemy lines to fight the good fight of ridding the world of packet kiddies as he'd like to portray. Mr. Kirch is very much a "kiddie" himself, and should be treated / dealt as one.

Paul Vixie quoted in the article (via a link)

[BrookHarty]

Paul Vixie quoted in the article (via a link)

'Recommendation: upgrade your peering requirements to include language like:

Each peer agrees to emit only IP packets with accurate
source addresses, to require their customers to do likewise,
and to extend this requirement to all other peers by $DATE.

Where DATE = (now() + '6 months') or some other negotiated value.



Peering agreements are so thick with political BS, they can't even stop ISP's like UUNet who are the biggest spam friendly ISP's around.

Basically everyone is trying to use standards for protocols to correct this, engineers trying to correct political problems.

Re:Paul Vixie quoted in the article (via a link)

[humankind]

Absolutely correct sir.

Spam is NOT a technological problem. It is a political/law-enforcement problem.

The tech community needs a good lobbyist group who will make it their sole purpose to get law enforcement authorities to get off their lazy butts and enforce the laws.

Re:Paul Vixie quoted in the article (via a link)

[Tokerat]

That is a half truth.

The fact that you can so easily send an e-mail with a fake address and untracable return path is a problem as well. Now, it can be argued that the snail mail system is the same way, what guarentees the letter I'm dropping in the mailbox on the street (the open relay) has the actual return address to myself, and not someone I'd like blamed for the contents?

Well, nothing.

The point is, technology can fix this. That won't stop spam, but we can always then choose to ignore who ever is responsible for it.

Re:Paul Vixie quoted in the article (via a link)

[anticypher]

You are confusing two completely separate issues, egress filtering of IP addresses, and MAIL FROM: addresses in email.

Vixie is talking about configuring the big border routers used by ISPs at the edge of the ASes to also filter packets based on source address. There is a big problem with this, in that none of the big iron routers (Foundry, Cisco, Juniper, etc) has the circuitry in place to filter on source address. Certainly you can do this for feeble traffic levels. But the moment you switch in an ACL, the packets stop being routed by efficient ASIC packet handlers, and touch the CPU in the router. Even a small percentage of the traffic can bring a large router to its knees. All modern ASIC switching/routing circuitry looks at destination address, as well as MPLS labels and VLAN tags, but not much more.

If it ever became a market necessity to move source address filtering into the ASICs, you would see products on the market within weeks. But this will require hardware upgrades on every box, not just a simple firmware patch. Until there is a major reason to offer such technology, such as poorly thought out legislation, it will be impossible to perform egress filtering.

I have seen some responsible ISPs filter at the luser access router (ingress), where the flow of traffic is miniscule and can be CPU filtered by each box. But a Cisco AS5300 with 60 installed modems becomes unstable if you put a complex ACL in its config. There are a number of ISPs I know who are now filtering on 127.0.0.1 as a source address, to prevent damages from the blaster worm, but in doing so they are uncovering all kinds of other problems. Adding an ACL which limits traffic from each PPP session to the assigned address would bog down all the access server CPUs, and result in a huge increase of customer complaints. So most ISPs just can't do source address filtering until there is kit which can do it as efficiently as needed.

Vixie's rant mentions only peering agreements, which tend to be only minimal amounts of traffic from one AS to another. Typically, traffic crossing a peer arrangement is not going to be routed to another AS. What he really meant to say is that Transit connections need to be filtered. Transit connections are what UUNet and other big carriers provide to many hundreds of other ASes. Its this high volume traffic which needs to be filtered.

the AC

Exactamundo

[benjamindees]

Kids do all sorts of anti-social stuff, but, even when they're mostly minding their own business, they get pissed on. I love it how everyone expects *teenagers* to spend their free time caring for puppies and the homeless.

Here in a decent-sized city in the (yay) midwest, the evening activities available to those under eighteen are: bowling, cruising, wandering the streets aimlessly, and, ummm, well that's pretty much it.

Everything in town closes at 9:00. *Public* parks close. There's a constant crackdown on 'cruising' for some reason. There's an 11:00 curfew for everyone under-18.

So, the choices for a kid growing up around here are: 'sit in your room all evening with your computer' or 'break some sort of law'. Apparently, now our fearless leaders have found a way to make 'sitting in your room' against the law as if they would rather these kids be roaming the streets vandalizing cars and buildings. Great.

At least, this way, they are actually learning some things about computers and causing *very* little damage in the process. I think we all need to be a little more realistic: kids cost money and destroy things. The fact that *the internet* isn't a little more kid-proof should be of more concern to everyone than the slightly-less-than-moral decisions made by a bunch of teenagers.

Re:Exactamundo

[Deekin_Scalesinger]

Maybe you could wardrive and try to crack the park's LAN, before 11:00 of course...

Re:Exactamundo

[KingJoshi]

SOME kids destroy things. I had friends that did and friends that didn't (I fell into the latter group).

I think one of the issues is what you and the grandparent is touching on. What is promoted as "fun". Why the hell do I need to go to, much less be accepted at, a party to have fun? Just having a couple of guys over and playing ball or video games worked for me as a kid. I understand the reasoning for beer companies (and others) constant advertising in associating their products with fun, but why the heck is what they advertise the main ways people think of as 'fun'? Can't hiking or cycling (whether alone or in a group) be fun? How about reading a book, playing music, building stuff (legos, woodshop, metal, electrical, ...) or just plain hanging out and talking about whatever and cracking some jokes?

I know so many people enjoy many various things, but it seems the masses and "society" constantly sell this notion to kids that drinking, smoking and sex is bad for your age but that's where the fun is at. While smoking is slowly losing favor in most of the country, the "culture" in the US (granted, a huge generalization) still can't think beyond the drinking and sex as selling points for fun and entertainment. Like school can't be fun or learning, in and of itself can't be enjoyable. It's like people had negative associations with some experiences and can't grasp that "fun" can be different for various people, but more importantly, teens can learn to like new things that have nothing to do with drinking, sex or destruction.

And it's not a phase kids have to go through, nor should it be tolerated. Expect immaturity and guess what you'll find? People keep lowering the standards and expectations from kids and that just adds to the problem.

Re:Exactamundo

[DerekLyons]

I love it how everyone expects *teenagers* to spend their free time caring for puppies and the homeless.

Actually until fairly recently (within the last forty years) kids were expected to participate in the family and community, behave properly and responsibly, etc... Then Dr. Spock came along and permissiveness became all the rage.

It's not coincidental that the decay of society has matched the lowering expectation of what kids should be taught and how they should behave. Worse yet, parents *today* were raised in that enviroment of decreased expectations, and are utterly clueless when faced with the problems caused.

So, the choices for a kid growing up around here are: 'sit in your room all evening with your computer' or 'break some sort of law'.

Or read, or watch TV, or build a model, or sort your stamp collection, or work on a journal, or... Or to quote Shakespeare; "the fault lies not in our stars Horatio, but in ourselves".

Re:Exactamundo

[Oligonicella]

"Then Dr. Spock came along and permissiveness became all the rage."

No shit. And *that* from a man who basically ignored his family.

Wait a minute. permissiveness = permission to ignore.

Re:not many people fully understand, or get to see

[MMaestro]

The sad part is people SHOULD care. Everyone from Joe Average to Bob Businessman should take notice of this.

If Joe Average's cable modem bandwidth is getting sucked up by some kiddie script, he should care. Especially when his ISP sends him a warning letter saying hes using up too much bandwidth when the most graphic intense site he's visited that month is CNN.com.

Bob Businessman definately should care as well. That dedicated T3 line he uses at work is being used to get information to his consumers. If the site starts to get slow due to a worm causing him to download hundreds of gigs of pr0n, not only will his consumers get angry but his employees may suffer in effeciency...

forgot one thing

[Transcendent]

It provides insight into a culture that not many people fully understand, or get to see.

Or respect.

Re:not many people fully understand, or get to see

[caino59]

but his employees may suffer in effeciency...

because they are wanking off to said 'pr0n'

Re:Ah the Kiddies, joy

[blincoln]

Is there an equivalent to what I've been telling the Hot Topic [hottopic.com] goth kiddies...

"Go home, wash that sh*t off your face, and apologize to your mother" ... for the script kiddie set?

I'm sure you think you're very clever, too. What do you want, a pat on the head for your efforts?

The world would be a much nicer place if some people didn't feel the need to tell everyone they meet what they think of them.

Insight?

[fullofangst]

The only insight here is a load of pre-pubescent kids will continue to act pre-pubescent online. They can be just as obxnoxious in the cyberscape as they are in real life, the only difference being you can't reach out and slap them in the face.

Re:not many people fully understand, or get to see

[SurgeonGeneral]

The sad part is people SHOULD care. Everyone from Joe Average to Bob Businessman should take notice of this.

Are you kidding me?
I mean, I know we're all techies here, but lets break out of our shells for a second. This matters to people who make over 40k a year. Joe Average works in a factory and lets his kids use the internet for schooling. Do you think Joe Average, who was raised on libraries and encyclopedias, cares even for a second about whether his ISP goes down for 6 hours? Joe Average has to deal with bills, healthcare, school, drugs, gangs, crime, etc. etc. Joe Average needs tax dollars spent ensuring the welfare of our society, not the welfare of Bob Businessman's T3 lines so profit margins remain high.

Putting feds on the case of script kiddies is taking away from money and manpower that our society desperately needs. We need more concern over corporate accountability and less for corporate profits.

Social Life?

[psykl0n3]

the only thing I did find sad about the article is that no one cared about them much... just like "oh let's just throw them all in jail, they are dumbfucks anyways!"... it's a kinda sad state of affairs, instead of thinking on how to divert their attention to something more useful and perhaps trying to help them with getting a social life... my posts are useless... hehe

Re:Social Life?

[fullofangst]

nah your post isn't useless. just leave them be and hope they mature at some point. otherwise then they really are lost causes.

Re:not many people fully understand, or get to see

[Ironica]

Joe Average needs tax dollars spent ensuring the welfare of our society, not the welfare of Bob Businessman's T3 lines so profit margins remain high.

Generally I agree, except...

Bob Businessman is Joe Average's boss's boss's boss. When his T-3 line for the site that sells whatever widgets Joe Average is putting together gets sucked dry, it costs the company money. Six months later, when they have a shareholder meeting coming up, that expensive worm might cost Joe Average his job in a layoff.

It's important to recognize that the resources needed by some people aren't the resources needed by everyone. But by the same token, it's also useful to recognize when the resources sucked up by one abuse end up costing others important resources down the line.

Re:I....

[Hard_Code]

In Soviet Russia, "In Soviet Russia" jokes are sick of YOU!

Re:Ah the Kiddies, joy

[st0rmshad0w]

Yes, yes I am.

"The world would be a much nicer place if some people didn't feel the need to tell everyone they meet what they think of them."

Sure would be. But then you'd never have anyone going out of their way to tell idiots that maybe they should rethink what they're doing.

Seriously, which deserves someone to tell them to knock it off more, the 17 year old with the porcelain fangs, or the (probably talented) computer geek kid who decides he wants to screw around with YOUR network or servers.

I can't believe this hasn't been said yet...

[Hawkxor]

I for one welcome our new script kiddie overlords..

Re:You don't know you're born.

[stuffduff]

...in the rain, and we lived in a shoebox in the middle of the road and ate a handfull of gravel for breakfast and we had to get up to go to work three hours before we got to sleep, every day of the week!

Re:Ah the Kiddies, joy

[st0rmshad0w]

Oh believe me, I have nothing against goths, or visigoths or what have you. Its the person that they are that troubles me, not the packaging they choose to show the world.

Worthwhile people will always be identifiable as worthwhile people.

It still creeps me out a little tho to hear someone tell his friend about "this great new song from the Cure called 'A Forest'".

Creepy. Good that they like it, bad that they assume that no one has walked that path before.

Re:Ah the Kiddies, joy

[st0rmshad0w]

Hahaha, that actually made me laugh.

"If I ever meet you, I'm going to smash your face open with my fist."

How very AC of you.

And I'm not any more arrogant than a linux zeolot or mac evangelist or what have you. :P

And if you ever tried what you said two things would happen, it would convince me that you have ZERO ability to argue a point without resorting to violence, and you'd be hospitalized/arrested with various injuries.

Let us bandy words, shall we?

[Squarepusher]

I won't pretend to be a real techie guy, you can go ahead and stick me in the "Joe Average" category. Although as a Mr. Average I do hang around /. a bit and so am aware of these kind of topics and concerns, which is more than (can I say most?) could say.

Anywho...with that said here's my $.02:

I think that everyone posting above me has their own valid points which I shall paraphrase here.

1. We don't want money being thrown away to fight a battle that may or may not be won, if winning is even a real possibility.

2. We can agree that the actions of these "script kiddies" is to some degree detrimental to business. Seeing as how s#it rolls down hill, it can also have an impact on us blue collar folks. I think it's accurate to say that the negative impact will grow and become more noticeable as time passes.

So, what kind of happy medium can be found amidst the viewpoints which say either "It's a waste of resources to fight." or "Something must be done."?

Should officials not try to trim the fat from current programs and then allocate the new resources to fight this growing problem? I'm responding here off the cuff so I sheepishly admit I don't have a prepared list of potential candidates for severence. But, therein lies my question; Where is the government and general law enforcement concentrating that is perhaps irrelevant.

I know plenty of people here can come up with a long list of things our government wastes money on. Furthermore I'll bet'cha we can get over half those involved in the discussion to agree to the slashing of this or that. What say ye pantheon of knowledge?

---

Re:Let us bandy words, shall we?

[wmspringer]

I know plenty of people here can come up with a long list of things our government wastes money on. Furthermore I'll bet'cha we can get over half those involved in the discussion to agree to the slashing of this or that. What say ye pantheon of knowledge?

Unfortunately...

The liberal voters here will say that the tax cuts for millionaires are what we should get rid of.

The conservative voters will say that services for the poor (welfare, etc) are what we should get rid of.

Neither side will agree with the other.

Re:Let us bandy words, shall we?

[sirsnork]

My biggest concern is nothing will be done until it gets to the level we currently see for spam, and then it will be too late because as soon as half the taffic on the internet is false and can't be routed properly (due to spoofed addresses) we are all SCREWED

Re:Let us bandy words, shall we?

[Fwonkas]

Hah. Saying "here" is pretty funny.

I think, as in all things, the answer (or at least, the most probable solution to be agreed upon) will be somewhere in the middle.

Did anyone stop to think that those in power want to polarize the population, even though if the populace really stopped and looked at things, it would realize that they don't disagree on all that much? That's my conspiracy idea of the day.

Re:Let us bandy words, shall we?

[gargan]

end the 'war on drugs' and other such ideological wars.

Re:Let us bandy words, shall we?

[Squarepusher]

Ok, so I didn't want to be the first to say it but yeah I agree here. At the very least the anti-drug programs could be streamlined. Educate the kiddies and sweep the crack heads off the streets, but stop wasting time and energy fighting drugs like marijuana.

Nobody has ever overdosed on it and people don't kill for it. We have a new theater to fight in which, unchecked could have a much wider area of devestation were it to collapse or even stumble.

While I'm at it I'll also add that we need to stop throwing people in jail and considering the individual problem solved. Increase the amount of contribution prisoners must make to society. Decrease the amount of creature comforts in prisons. Hey, look more money!

---

Re:Let us bandy words, shall we?

[wmspringer]

True enough. When you think about it, Bush and Kerry have pretty similar positions on gay marriage, for example; they're both against it. The only difference is that Kerry feels it's a state issue, while Bush wants to make a national issue of it.

On the bright side, at least by making things divisive, we have a clearly defined choice this year. Whatever your views, this is an election where the outcome will definitely make a difference.

Re:Let us bandy words, shall we?

[ultracosm]

The conservative voters will say that services for the poor (welfare, etc) are what we should get rid of.

Naw. For symmetry: "The conservative voters will say that the way to solve the script kiddie problem is to cut taxes."

Re:Let us bandy words, shall we?

[wmspringer]

Well, I was trying to avoid a flame war...but I can't deny that you are unquestionably correct :-)

nothing new

[Cheeze]

I remember being in a friend's dorm room about 8 years ago and watching him show me how he floods people off of irc with a CTCP flood. This was the beginning of the DoSnets. His bot was linked up to about 400 others that would all send commands to a specific user at once. I can only imagine the technology change in the last 8 years. From the sounds of it though, it's the same old crap, just using different protocols.

I also remember when winnuke came out. It was nearly impossible to use the internet for about 6 weeks, until microsoft got a patch out. I put a linux machine up as a firewall and logged all of the attempts. It was like people were just winnuking all of the available ip space. After winnuke, it was teardrop, then smurf. I'd never seen a windows machine crash so fast.

ahh...the good old days. I'm suprised this is just now getting attention. It was no big deal when single computers would crash all over the internet, but when CNN.com or AOL.com gets attacked, it's a big deal all of the sudden.

Joe Average vs. Joe-SixPack

[BrianMarshall]

So, compared to Joe SixPack, is Joe average in the direction of Joe FourPack or more in the direction of Joe EightPack?

Re:not many people fully understand, or get to see

[Magic5Ball]

Everyone from Joe Average to Bob Businessman should take notice of this.

Add to that list the front-line TSRs and CSRs who are often the first to hear of new discoveries and ignore them.

Imagine this: a young marginal power-user stumbles upon an unintentional feature that is repeatable. She can either seek approval from the software publisher, whose *SRs who aren't allowed to break from the script to actually respond to the problem properly (or they don't have the time to understand potential exploits/bugs explained in non-technical terms by a kid), or she can tell a slightly more/less skilled user and brag about it. This gathers approval and self-esteem for everyone involved in sharing but keeping the secret, which encourages the finding of more secrets, and the development of skills related to doing so.

This slow and informal spread of the bug itself, and the skills required to see/use/expolit it can go on for *months* before it reaches someone with the correct skillset to recognise the security problem, and is able to communicate that problem to someone who can actually fix it (see: malformed C strings, DOS device names, a number of Hotmail... issues, which were in the wild and reported multiple times before vendors took notice).

So yes, being aware that there are people out there who are seeking popularity, approval, etc by _finding flaws in others' work_ (not an unfamiliar concept in meatspace) is useful to the bottom line.

Better term: Cyber Punk

[BrianMarshall]

Isn't 'cyber punk' pretty much what we are talking about here? Someone with some actual power and 'street smarts', but still, essentially, a punk?

(Not to be confused with 'punk rock', the style of music that embraces the point of view: "This is shit, everything is shit, life is shit, you are shit, I am shit".)

Re:Better term: Cyber Punk

[BrianMarshall]

By 'street smarts' I refer to a certain level of understanding about how the real world works. We are drawing a distinction between 'kiddies' and people who know enough to have considerably more power in their ability to cause harm.

Re:Better term: Cyber Punk

[alangmead]

The term cyberpunk was invented to describe a scifi subgenre that started to bloom in the late seventies to early eighties (around the same time that punk did) that intended to shake scifi out of the tame complacent mode that scifi had gotten itself into. (similar to the rock around the time period punk came along.) The cyperpunk authors were new, and their work had some obvious weaknesses, but if you put aside the analytical criticisms and read it for pure enjoyment, you would get a better story than you would from the authors with decades of work under their belt, or reading their decades old, but really good work yet again(Do I have to keep putting these cyberpunk <-> punk rock comparisons in parenthesis? When I'm talking about the old and out of touch, think Asimov, Baen, Pournelle, Jagger, Townshend, etc. When I'm talking about new and explosive for the day, think of Gibson, Sterling, the Sex Pistols, the clash and the Ramones ) If you think that the term cyberpunk has nothing to do with punk rock, you are the one that is confused.

Both punk movements did their job of shaking up the status quo, and relegated themselves to part of the establishment. What we have for big budget scifi movies are things like The Matrix, not Capt. Kirk Saves Whales From Extinction With Transparent Aluminum. Punk music is now being used for television commercials and television theme songs.

Of course, you could co-opt the word for your own meaning (to some extent, the cyberpunk movement that grew out of the cyberpunk scifi movement already has) then why don't you just steal "hacker". Its already been misused by a large part of the general public for just this purpose.

Re:Better term: Cyber Punk

[thadeusg]

Hey hey!

Styles of music _do not_ embrace points of view!!

It's simply a style of music, period.

For every nihilist punk rock band, there's equal numbers of positive punk bands.

Just defending my culture here. Please refrain from lumping us all into your generalisations. :)

Re:Better term: Cyber Punk

[BrianMarshall]

I guess today is my day for admitting ignorance. I was always under the impression that punk music embraced a negative, nothing-is-worth-it view of the world. If I am wrong, or at least violently over-generalizing, I apologize to anyone I have offended.

Re:Better term: Cyber Punk

[thadeusg]

It's cool, we forgive you; it's in our nature ya know. ;)

Re:Ah the Kiddies, joy

[st0rmshad0w]

Wow, I just gave that a quick going over and thats some messed up stuff.

Further evidence that today's children have more or less been abandoned by their elders. And frankly very upsetting.

Pantera tho?

I may rail on some of these folks from time to time, but only when they deserve it. Believe it or not, I like the younger crowd. Hell, most of my closest friends are 5-10 years younger than me.I have lost a few people to suicide, all of them deeply troubled with family issues. Its a shame that no matter what you do, you can't always help

Re:Ah the Kiddies, joy

[st0rmshad0w]

yeah, that's "E-Light", or maybe "iLight" if you're a mac person :P

Minor Citation Nazi Comment

Generally, I've been taught that cf is used to cite to a source which is supportive of a comment made, but not exactly the same. Stating that script kiddies are technically wonderful but citing to an article which says they are just competent would thus be a case to use cf.

From an online search, cf is an abbreviation for confer (Latin for compare).

As I understand it, the citation form "see" would have been a better choice for the parent as it is used to cite to a source out of which a comment made directly follows. For example, the parent's comment that script kiddies seem quite technical (which follows from the article's discussion of kiddies having exploits before anyone else).

As authority, I used the much-maligned "Bluebook", infamous with law students.

Hmm. In good /. tradition, I had not read the article. After reading the parent post, I had to read the article to satisfy my curiosity as to what citation form was best. Good job!

a subscriber of what?

[autopr0n]

I'm sorry, could you please finish that last sentance? I'm feeling unfufilled.

Re:a subscriber of what?

[Art+Tatum]

I'm sorry, could you please finish that last sentance? I'm feeling unfufilled.

Considering that you run a pr0n site, I hardly think that's a problem...

ahhh, brings back a memory...

[Jubedgy]

...of watching my friend playing winquake on kitty1.stanford.edu. He ran into a guy playing with an aimbot, so we decided to exact revenge.

We got his IP (really simple in that game!), and I cobbled together a little batch file to start 50 or so instances of ping (continuous, max byte size). We then "ping flooded" (both connections were dial-up, so it wasn't a big flood, but big enough) him and gave him a 5000 ping (while my friend, meanwhile had about a 20000-25000 ping). The guy caught on that something was up after a few minutes then got pissed, yelled at the obvious culprit and logged off. My one and only venture into the "land of the l33t h>x0r".

On a side note, that story impressed some friends and several weeks after it happened, once they finished setting up their LAN, they tried to see how hard it would be to slow down their network (100 mbps, really awesome back then) using that method. They did it eventually, but started running low on memory in the machine they were using (two many instances of ping!)

Re:ahhh, brings back a memory...

[AzBats]

Back in '96 and '97 on EFNET I was running an IRC channel basically using AmIRC and a modified AREXX script (for auto-ops and quizes etc).
One week my channel was in the target sights of a script kiddie group who thought they would have some fun.
My AREXX bot didn't reply to any pings so no system resources were used there, winnuke doesn't work on A1200 Amiga's and I could spawn as many bots as I needed.
EFNET was also very prone to Spliting into different server groups (Europe/UK) at the time so when that happened I could have a bot in each server group and I would find a group where no Ops existed for their channel and when it re-joined my Oped bot would automatically Op my other bots (or myself). The bots could flood the chan with random text if required.
After a night of not having control of their own channel they called a truce.

Just another example of the power of AREXX :)

#80sMusic rocks! (or it did back in '96)

Law and Order Episode

[Latent+Heat]

The baseball bat story sounds like an urban legend. But then Dick Wolf's "Law and Order" had a good yarn about cybercrime.

This young white dude, computer programmer family man is found shot dead. In his house. With an exotic WW-II German pistol.

The crack team of Briscoe and Green do their leg work, and they come across an old black dude who is somehow connected to the young white dude in a financial scam. The cops think "salt and pepper" team and one crime guy turning on his partner.

The D.A.'s office goes to work on this and what finally emerges is 1) the black dude is an upstanding citizen and a war hero (hence the WW-II war trophy gun), 2) the white dude lost his job and turned to cybercrime to support his family, 3) the black dude had no connection to the white dude apart from that the white dude picked a random victim to scam for identity theft, 4) the black dude, finding all of his net worth was scammed, used his charm and his war hero "street smarts" to get the ISP to give up the address of the guy who ripped him off.

Like many Law and Order episodes, the whole thing is Hollywood and little connection to real cops, victims, and criminals. On the other hand, the writers are not that creative and probably use some news stories as a jumping off point.

Like the better of the Law and Order episodes, it makes you think. What right did the white dude have to pick a random victim and take all his money? What right did the black dude have to get his revenge as murder? What right does society have to put an 80 year old man (the black dude) away for seeking his own justice?

But to me the moral of this episode along with the baseball bat incident is what goes around comes around. No, I don't think threatening a 15 year old with a baseball bat is a good idea, and the 15 year old and parents can get in a lather about their "rights." But a 15 year old with access to a computer (and the parents of said 14 year old) could appreciate that if one could hack into someone's server, owner of such server could hack back to track you down, and such owner could be meaner, tougher, better connected, or in a much worse mood than you. And somehow going after people who threaten 15 year olds with bats under those circumstances doesn't seem like the highest priority for the courts.

Re:Law and Order Episode

[Monkelectric]

I agree with you 100%. I think something thats really missing from our society is the idea of consequences which I think is what you're hitting on. Most places in the world, if you messed with someones business there would be consequences that wouldn't necessarily be legal in nature. Your community might look down on you or you might get the crap beat out of you. Those things serve REAL purposes, police can't be everywhere all the time, but people can...

Now police are the only ones authorized to provide consequences or even make judgements which means anything that doesn't have critical mass slips under the radar.

Script kiddie culture?

[ncc74656]

Isn't that an oxymoron?

When asked what he thought of script-kiddie culture, the real hacker replied, "I think it would be a good idea."

A poison culture is still a culture.

[Felinoid]

Are people looking for some Gibson-esque secret cabal of script kiddies, who are building operating systems at age 8, can speak in hex, and have secret h4X0r access to everywhere?

It's an annoying habbit of people to add an artifical quality control to socital consepts.

Religions are dismissed as "Not a religion" becouse the religion is diffrent from the one they believe.

This being a bit far from (but related too) the querk of establishing a quality standard on products most people don't agree to.
For example whimpy hot sause will be called "Catsup" by most people who enjoy spicy foods.

Same thing with culture. Junk culture is still a culture. We are familure with the rich indepth cultures of the world. By those standards the United States has no culture at all.
However cultures of the anchent past will set the bar much higer.

Just becouse the culture is nothing but teens trying to impress each other dosen't change the fact that it is a culture. Just not as enlightend or functional as the cultures your familure with.

Re:A poison culture is still a culture.

[Ohreally_factor]

It's true. And it's too bad, because he's pretty good thinker once you "translate" him. Maybe we should all chip in and buy him a spellchecker. Would you like that? Just meow once for yes, twice for no. ;n)

Drop the boji woji.

[eniu!uine]

"Script Kiddies is as much a Culture as 1337 5p34k is a Language"

1337 5p34k aint no language,dig? Jive be a language.

Re:Drop the boji woji.

[Lord_Dweomer]

"1337 5p34k aint no language,dig? Jive be a language.

That was my point.

I wouldn't put it past kids with hurt egos

[rynthetyn]

My brother had some trouble with a script kiddie who got mad because my brother didn't give him the respect he thought he deserved (my brother isn't a geek, but at least I've taught him well in the disdain for script kiddies department), so the kid started trying to mess with my brother's e-mail and instant messenger accounts. This particular kid wasn't knowledable enough do any real harm, but if he did know more, I don't doubt that he would try to pull stuff like the kiddies in the article, and that he'd do it for similar reasons.

Hm. Kinda like school yard bullies, but. . .

[Fantastic+Lad]

their asinine activities can affect huge corporations and the world at large.

Interesting!

Until now, the idiocy of the school yard jerk was something you had to put up with when you were a kid, but thankfully left behind when you graduated. But now juvenile crap overflows into the 'real' world, and can affect even the most insulated ivory tower type. Is this the first time?

I remember bullies and morons in school. The 'play'ground held a unique undercurrent of threat and horror for me as a kid. Going to school included genuinely believing that every day there was the possibility that you might be tortured and murdered by some half-wit big kid with a cruel streak, and that the safe world of adult supervision was unaware of most of the hells being perpetrated. Being a kid was a horror in many ways.

So what can be done about the skript-kiddie 'threat'?

Zip. Let the adult world suffer, I say. Think of it as payment for forcing kids through such a horrific 'education' system. There are only two other institutions which are so similar in structure and ideology, and they are the military and the penal system. School sucks, and aside from the handful of friends I made there, I hated nearly every aspect of it. The most valuable lessons I learned were how to survive it. Little else was of much use except shop class, typing class, art class and any time where there happened to be one of those very rare adults who inspired. You know the ones I mean. The good teachers who somehow defied the system and taught you valuable lessons in the face of all the state-ordained mind control. (Learn how to Obey and be Bored out of your mind doing repetetive tasks. A robot factory cranking out Perfect Workers.)

I also think it's neat that the Skript Kiddies are the geek version of 'Moe' type bullies. There's an ironic balancing in effect there somehow. . .

-FL

Wait a minute...

[essdodson]

Andy: Consider the people and the medium. You've got a lot of adolescents, and young adults with minimal if any social life. The interaction is not going to be on the same level as people with broader social experience. Considering that, and the ability to cripple a medium-sized ISP, there's going to be relationship issues, especially when you throw the sparse quantity of girls into the mix.

So what's the difference between script kiddie culture and slashdot culture?

And is this a report on script kiddie culture or a blatant jab at MS? This roblimo guy is about as subtle as FoxNews.

Re:Wait a minute...

[Mr.+Darl+McBride]

So what's the difference between script kiddie culture and slashdot culture?

Hey, essdodson! Heeeeeeeey, essdodson! Want to see a monkey? Do you want to see a funny funny monkey? Want to see the funnnnnnny funny monkey monkey?

*holds up a mirror*

essdodson: *delighted squeal*

Re:Wait a minute...

[shish]

God knows how you got modded up... A failed attempt at funny maybe, but "underrated"?

Skript Kiddiez:
Lots of idiots
Children
Can't spell
Do damage

Slashdot:
Some idiots, mostly sensible
Mostly adults
Can spell, aside from typos
Don't do damage

On a similar note...

[Cyno01]

Mt dew is a great agar for growing script kiddies...

Yes

[Felinoid]

It's easier to sell companys, government agentcys and cable modem users on using reasonable security precautions with half a million children running around with viruses and such looking to screw with anyone who gives them half a chance than it is to sell them on the notion that the 6 big bad nasty terrorist black hatters will crush them like a grape if they make the sligtest mistake.

People will assume they are safe from the big time terrorist dude becouse "I'm not a sereous target".
DDoS attacks against major targets use hacked cable modem users desktops.
Spammers use Worms to establish a spamming network.
ID theft resulting from the simplist of mistakes.

That stuff happening today.

When telling people how important security is:
With out script kiddies
"Why would anyone attack me?"
"Your system can be used as a launching point for all sorts of attacks"
"Yeah right."
It's hard for a person to picture how "they alone" could be be a target and they'd be right becouse they aren't alone. But the details sound like SiFi to most people and they tune you out.

With script kiddies.
"Why would anyone want to attack me?"
"Becouse your an easy target. Script kiddies need no other reason"

Re:Yes

[Spoing]

Yep. The analogy I use is there are two types of bad guys;

Professional crooks

'Neighborhood kids egging cars, rolling houses, and stealing bikes'

Both do not know or care who they harm or even if they do cause problems. You might just have a hill that they can use to scope out the next target.

While on your property, why not raid the fridge, drink your beer, look through your rooms, take stuff, break stuff, or even kill the dog? Why would you care -- you don't even notice them most of the time.

Re:Yes

[Eunuchswear]

While on your property, why not [...] or even kill the dog? Why would you care -- you don't even notice them most of the time.

So that's what happened to the dog!

I'm going to elaborate on this logged in.

[Ayanami+Rei]

The article is essentially a sham. I've seen more than enough AC comments in response that claim that Andrew Kirch is nothing more than a lowly script kiddie (trelane of sigdie). While there is some truth to what he's saying, he's putting it in a light which makes it seem all more impressive (because he was a part of it).

Is he distancing himself from it, or just trying to get more attention? I don't know.

But take it all with a large grain of salt. Your own experiences with kiddi3s (if they differ, and according to some other comments they do) - are probably more accurate.

Not an exact match but...

[OneInEveryCrowd]

The Adrian Lamo case supports the point the article was trying to make.

What Mr. Lamo thought he was doing was demonstrating to the NYT that they had a security problem.

Solution

[HarveyBirdman]

1. Announce a "secret" underground convention for the script kiddies.

2. Launch volley of Hellfire missiles at convention.

3. And everyone lived happily ever after.

No no no...

[Cyno01]

Its a saturday night, all the script kiddies are out on their rollerblades red boxing and playing wipeout on a wall screen at the club, or maybe thats only on weeknights...

Who knew?

[Code+Dark]

Script kiddies have their own CULTURE?! Wow, who knew! I always thought they just tried to rip of genuine hacker culture. Learn a new thing every day! Thanks Slashdot!

www.ahbl.org vanishes !!!!

"The operation timed out when attempting to contact www.ahbl.org" ... ahem .. i guess the kiddies got the better of him .....

LOL ROFL .....

Re:www.ahbl.org vanishes !!!!

[bruns]

Actually, its called a hardware failure. Around 11pm EST Sat. night, the machine stopped responding, and when we tried to kick it over, it refused to boot.

Its back now on a new system, but there was no DoS attack or anything of that nature - but rather a crappy WD hard drive that decided to roll over and die.

right....

[maxpublic]

'Script kiddie' and 'culture' are a contradiction in terms. It makes about as much sense putting together the words 'Microsoft' and 'security'.

Max

Well, I'm impressed

[pjt33]

I wouldn't be able to dance the Charleston on a dance floor for 12 hours.

Andrew Kirch, aka. trelane

It amazes me how stupid he thinks people are. I know him on EFNet (I'll make it clear now I stay well away from the "culture" or whatever the hell it is). I often see the trouble he causes or stirs up, often in places that want nothing to do with him. I have absolutely nothing against Brian Bruns, as I've never seen him cause the slightest bit of trouble.

"Infiltrated several script kiddie groups and shared some of his findings with us via IRC" - Wow, that's nearly as rich as him calling anyone a social reject. "infiltrated" is somewhat deceptive.

He's a small time packet kiddie that loves to immerse himself in the shit, drop names (as he does in the interview), and whore himself at every opportunity.

Shortly after the article got posted...

[nick] did they pay you?
[trelane_] , nah
[trelane_] but the hits it brings the ahbl and the new subscriptions helps
[trelane_] shoulda plugged [some hosting company he has something to do with]

Yeah, they're logs an "Anonymous Coward" has posted to Slashdot. They shouldn't be trusted.

[trelane_] there's going to be more articles

God forbid...

You're killing your father!

[adamofgreyskull]

Shut the fuck up Donnie.

More information, if you are interested

[Groundwalker]

I'm sure most people on slashdot have already been here...in fact I'm quite confident it was posted on slashdot itself when it first went up, but for anyone who didn't read it then, here is the report that went up on Gibson Research Corporation after they got ddos'ed http://grc.com/dos/grcdos.htm enjoy

Re:More information, if you are interested

[ChopsMIDI]

What a great read! Without sarcasm, I was riveted. Very interesting.

I'm glad you brought that up, I have some reading material for the next few nights.

Better explanations available?

[iion_tichy]

Maybe it's still too early in the morning for me, but I didn't understand much of what that article said. OK, Kiddies organize in gangs and they hang out on IRC. What else is going on?? What does the 'war' consist of, who controls more machines on the internet? And it's being fought by copy & pasting the lastet Viri, Trojan Horses etc. and spreadng them around? Why can't IRC be secured, after all those years?

Some understandable explanations would be much appreciated...

The reality about script kiddie

Scipt kiddie is the name minor hackers gives to a cracker that succeeded in its attempt so he publicly doesn't look like he knows what he's doing.

Fact: most so-called hacker actually opperate the same way script kiddies do, it's easier to use an already written software to hack into something so as to understand it than to reinvent the wheel each and every time, geeks know that. Most would-be hacker get frustrated when a virus writter or cracker succeed in doing something (whatever it is) because they simply can't do what he did, downsizing their exploit by calling them script-kiddies or packet monkeys just show how frustrated they are not to be the one in the spotlight.

Worst than a script-kiddie is the would-be hacker calling crakers script-kiddies so he looks to be above "that juvenile attitude", at least the script-kiddie does something more than talking/bragging, he shows proof.

Who cares what tool you use, it's the result that's important, plus, finding a "hacker tool" that actually works is an exploit in and out of itself so...

That is...

[Kjella]

Large companies have multiple IP addresses and pipes. It then becomes possible to reconfigure so that only one pipe becomes stuffed and normal traffic is redirected. It is more of a problem when you don't have so much spare capacity.

...if you're able to separate "normal" from DDoS. What you describe works pretty well against DoS, or protecting a VPN over Internet or some such thing. But the entire point of a DDoS is to be so distributed, you can't tell them apart. If you could, why not just drop the packets instead of redirecting them to a single pipe?

Kjella

Re:That is...

[Slashamatic]

The attack against the whitehouse looked for a given IP address which seemed to have been set when the attack started. When the IP address associated with the DNS name is changed, the attack is sidestepped.

For attacks where the 'bots do a DNS lookup, then a redirect from a webserver may be sufficient. You just nee the customer to connect once and then the genuine connection is redirected to another server. The 'bot keeps hamering away at the dummy server.

Re:not many people fully understand, or get to see

[Eudial]

And Joe Poweruser? He should peek at the iptables-log, laugh, drink a cup of coffe and get back to his code.

Which is why...

[Kjella]

...you give them a dumbed down distro, and not something they can manage to screw up *that easily*. Except there hardly is such a distro today (to the degree it exists, it's for a Linux guy to be root, and normal people regular users.)

Linux as of today is made by powerusers for powerusers. A few distros try to dress it up otherwise, but it's only a thin layer of illusion. But to be honest, I don't think any of those boxes are much worse than windows.

I've seen people share their full C:\ drive with complete write access too, both on LAN parties, anon ftps and whatnot.

The difference is, I suspect that in the future a lot more PCs will be remotely administered. Like yesterday, my dad couldn't get on the Internet. I logged into the Linux router from 400kms away, checked the status, pinged his machine (did the fscking cable fall out due to vacuuming or something?), all was well there. So after some light troubleshooting on his Windows machine, all was well.

If that had been on Windows, I wouldn't know what the hell just went wrong. It could have been the DSL line, the router, the cable, or his machine. And troubleshooting by phone is soooo fun, particularly for a guy I had to specifically spell that "Your user is [abc], and your password is [def]" and he's asking me "It came out as [abcdef], should I have hit Enter?" #%#%. Anything more complex, I think you understand how that'd go...

Kjella

Re:A better article on the same subject

[DeanFox]

A better article? This is a joke, right? From number 8 that your son is a hacker.

I didn't make this up... This is a quote for this "better" article:

Quote

8. Is your son obsessed with "Lunix"?

BSD, Lunix, Debian and Mandrake are all versions of an illegal hacker operation system, invented by a Soviet computer hacker named Linyos Torovoltos, before the Russians lost the Cold War. It is based on a program called "xenix", which was written by Microsoft for the US government. These programs are used by hackers to break into other people's computer systems to steal credit card numbers. They may also be used to break into people's stereos to steal their music, using the "mp3" program. Torovoltos is a notorious hacker, responsible for writing many hacker programs, such as "telnet", which is used by hackers to connect to machines on the internet without using a telephone.

Your son may try to install "lunix" on your hard drive. If he is careful, you may not notice its presence, however, lunix is a capricious beast, and if handled incorrectly, your son may damage your computer, and even break it completely by deleting Windows, at which point you will have to have your computer repaired by a professional.

If you see the word "LILO" during your windows startup (just after you turn the machine on), your son has installed lunix. In order to get rid of it, you will have to send your computer back to the manufacturer, and have them fit a new hard drive. Lunix is extremely dangerous software, and cannot be removed without destroying part of your hard disk surface.

End Quote

This was waaaay too good not to post, ROTFL. You just keep reading your "better" articles. Go on now...

Re:Ah the Kiddies, joy

[timmarhy]

yeah thats some fucked up shit right there. what the hell are these kids parents doing?

Interesting stuff

[koan]

I'll be impressed when they can send out the "anti re-elect Bush" spam via the white house's mail server =)

Google Cache of "Kyle is Pwnt"

[fire-eyes]

http://216.239.41.104/search?q=cache:RiinoRQI_lMJ: www.geocities.com/kylegotpwnt/+&hl=en&ie=UTF-8

Re:Hm. Kinda like school yard bullies, but. . .

[bani]

wow. sorry to hear your school was a big pile of shit. but just because yours sucked doesn't mean everyone else's did.

hell, _i_ went through school at the 'bottom' of the social ladder, and it was still a valuable experience for me. if the 'play'ground held such terror for you, there was always the library...

yes, there were always the elements of boredom and ininspiring teachers. but how exactly is that different from the real world?

what exactly do you suggest, anyway? pamper kids through school completely insulated from real life with blinders and elevator muzak?

Re:not many people fully understand, or get to see

[Zeinfeld]

And Joe Poweruser? He should peek at the iptables-log, laugh, drink a cup of coffe and get back to his code.

The point of DDoS is that it hits everyone. Sure we get huge numbers of DDoS attacks at work, sure none has ever taken us down. But the check that we have to write to ensure that is huge, millions a month.

Here is a take on this issue from Phill Hallam-Baker:

OK so a second bite at the same article, lets take a look at those DDoS schemes.

According to the article the ISPs are unresponsive to take down requests, the FBI do not take notice. I know that people keep making this complaint but there are high tech crimes units in the major cities and they are looking to takedown these guys. And at the moment the demand is such that DDoS is being treated as if it was a littering offense.

I think we need a better primer on how to prepare a case for law enforcement. I guess it is possible if you read the article carefully that the desk guy thought this particular person had been getting evidence by hacking.

We can't expect to do this with law enforcement in the loop every time. Lets change the model, law enforcement only get involved if the ISPs fail to act, and instead of just going after the hacker there is a liability for the ISP.

This is consistent with fire department model of government security regulations. You can do pretty much anything to your house decoration wise. Government only gets involved when safety is the issue. In particular the fire dept won't let you build a house that is a fire-trap, in part because it might set fire to buildings arround it.

Here we have ISPs that are forwarding bogons. It seems to me that this should not be that difficulty to prevent. A $500 box performing passive listening at the cable head end could sound an alert when there is a bogon attack. You don't have to look at every packet, all you need to do is to look at a sample. If you see an ethernet MAC spewing bogons you shut it down.

Another approach would be to push the bogon prevention right to the cable modem. Why on earth would these let bogon injection take place in the first place? Sure there will be some hacked modems, but DDoS is comming from hijacked machines.

Cable modems, NAT boxes and the like should have limiters built in to prevent the creation of ridiculous numbers of SYN packets or outgoing UDP packets to reserved system ports like DNS. It is pretty easy to think of numbers that should be no inconvenience to any legitimate use, and there could be an option to turn them off in any case. But why give every home user the equivalent of a loaded machine gun when they don't need or want one?

Reduce the value of your machine to a hacker, reduce the probability of attack?

non lethal = no reaction

[hitmark]

as long as noone dies from this goverment and other groups will not care. sure its lost communications and so on for a while but noone got hurt.

its just like with roads, nothing happens to them unless someone ends up dead. its the sad truth but someone have to die these days before we get a reaction from anyone...

Re:non lethal = no reaction

[Vegeta99]

wait a second, Martha killed someone?

This is an outrage!

[Pan+T.+Hose]

Andy: It never ends. He posted nude pictures of one of the females after he found out she was playing a love triangle between her and another kiddie, jupes.

Roblimo: How wise do you think law enforcement is to any of this?

Andy: The general answer I've gotten is, "We don't have the time or resources to have our agents monitor IRC." They know, but they've adamantly got their fingers in their ears whistling loudly.

This is an outrage! We are talking about script kiddie porn here, for God's sake! I am very disappointed by the law enforcement here! Very disappointed!

Re:not many people fully understand, or get to see

[ThisIsFred]

The sad part is people SHOULD care. Everyone from Joe Average to Bob Businessman should take notice of this.

Joe and Bob should get advice from a competent computer tech. Script kiddies do what they do because there are so many unsecured boxes out there. You don't need a real pro to at least get some basic security. The one problem that's hardest to deal with is a ping flood. It's a problem because it's super easy to nail users on the Internet with ports wide open, users that click on malware e-mail attachments without even considering the source or the content.

If I chose to be a kiddie, I could go out and spread malware through via e-mail tomorrow, and rack up thousands of ping zombies over a couple of weeks. Jeez, I wouldn't have to lift a finger, I could just google some code and tweak a few things. I couldn't care less about script kiddie culture; It's the same as latchkey kid "culture" has been for the last 20 years (the slang may change, but behavior is the same). The real issue is the fact that technology allows an unattended latchkey kid drenched by material wealth (equipment and network service) act out his unchecked, hormone-influeced frustration and seriously disrupt any endpoint on the Internet.

Re:Hm. Kinda like school yard bullies, but. . .

[Danny+Rathjens]

Learning to deal with the bullies and morons is part of your education in dealing with society at large. The bullies simply use lawsuits or gossip instead of fists when they are older, 8^) The social education aspect of school(forced interaction with peers) is quite important.

Suggestions. . .

[Fantastic+Lad]

what exactly do you suggest, anyway? pamper kids through school completely insulated from real life with blinders and elevator muzak?

See, that's evidence of the program running right there.

Why have school at all?

There are many, many other models of education which could be employed.

Consider. . .

I didn't learn how to read or write at school; I learned that on my own. My father liked math, and tried to teach me, but I found it thoroughly confusing and dull. I did poorly in it in school, and only use the most rudimentary aspects of it in my daily life with no detriment. I can balance a bank statement and write a java script, but all of that I learned on my own because I wanted to.

In fact, very few of the valuable skills or knowledge I use on a daily basis were learned in a school 'program'. I learned some of it in school, but that's only because I spent so much time physically being there.

Technical colleges and such need not change. The kinds of kids who want to learn to become doctors and engineers aren't getting a free ride today anyhow, and the ones best suited to such studies are going to pick up the entry skills on their own.

In fact, I have had to un-learn much of the crap they forced into my head through grade school and highschool. 'History' and social studies. Feminism. --Ever notice that many of the books they made you read in school were boring as hell? --Almost as though they didn't want kids to enjoy reading for fear that they might go off and do more of it in their own time?

But anyway. . .

While I do value the unintended social lessons I learned by attending school, there are many other much healthier ways for large groups to mix and learn from one another.

The more I consider it, the more I think the educational system is a total croc.

-FL

Re:Suggestions. . .

[bedouin]

The more I consider it, the more I think the educational system is a total croc.

It's just 12 years of busy work to keep you out of the job market. I think I could've entered college at age 14 or 15 and been successful.

I can't think of one useful thing I learned in school past sixth grade. Once you can read proficiently there's no need for school; you should be able to A) follow your own interests, and B) research them on your own. Just about any worthwhile hobby or interest will require a historical, cultural, or scientific awareness to be successful at it. Independent research will give you an understanding of history, mathematics, language, or science as it relates to your own interests, and one will be MORE likely to appreciate it being able to see how it all fits in with their own pursuits. And if you're not willing to take the time to research something, your heart probably wasn't with it in the first place (This filters out more than half of CS majors, who think programming is an easy way to make money, or were forced into it by their family).

School serves no other purpose than class stratification, making sure certain groups remain 'in their place' through lunchroom segregation. Alma maters and pep rallies are early steps in preparation for blind patriotism and corporate loyalism. The best thing I ever did in life was totally blow off school.

These kids need to find a way to channel their energy into something positive.

BTW, one of the reasons public schools SUCK so much is because the education programs at universities do their best to filter out anyone slightly creative, interesting, or different. Anyone interested in breaking the whole mold of teacher as unquestionable authority, depositing information into empty minds gets thrown aside, or just flat out irritated after one year. They look for structure addicts, and throw out anyone else. If you didn't enter the program as a drone, you'll come out as one.

Re:not many people fully understand, or get to see

[MMaestro]

Three months later Joe Poweruser is out of a job because his company bandwidth was being used up by a hacker preventing him from submitting his project to his boss in time.

Even if you're a extremely careful and make sure your connection isn't compromised, that doesn't mean your company's, co-workers', family's, or friend's connection is safe as well. In the grand scheme of things, this sort of thing hurts EVERYONE. You just don't hear or realize the side effects.

Re:Better term: Cyber Punk - I guess not

[BrianMarshall]

Oops... My mistake. Not being interested in that style of fiction, I wasn't aware the word had that particular meaning. I thought it meant a cyber.. uh... punk.

Oddly enough I got this impression from one of ESR's essays about advice to hackers... He said something like "And don't call yourself a 'cyberpunk'". I wonder what he meant by that.

Re:Better term: Cyber Punk - I guess not

[alangmead]

Well, there are a lot of people who try to emulate an early 21st century version of the lifestyle they read in those books, and then people who couldn't be bothered to read but found the style and attitude cool. Eventually it spreads out to people who see The Matrix and decide to dress in black leather trenchcoats and sunglasses.

esr's jargon file entry for cyberpunk includes the cultural extension to the original literary definition.

Rubish

[rofthorax]

This stuff ain't reall..

And the guys who talk about it, usually this is
the only social life they have.

Yet Gibson was right

[bill_mcgonigle]

from the interview:

Since dcom was an NT exploit -- also for 2000 and XP -- all these machines can effectively spoof packets....I've found several .gov machines in kiddies' DoSnets, some even from DoE fusion research labs, happily packeting away for them. Since you can spoof packets with Windows XP, most kiddies won't packet through proxies anymore.

exactly as Gibson predicted. I still don't think this is an XP problem, ISP's should do egress filtering, but he nailed it.