The Rise of Script Kiddies: Where Inexperience Meets Opportunity

For the generation of children growing up today, advanced technology has been integrated into their lives since they were born. With 2020 YouGov statistics showing that 85% of six-year-olds have access to a tablet at home and, by age 17, only 4% of teenagers said that they don’t have access to a computer, it is no wonder young people have such advanced computer skills. But with these skills comes equally great responsibility: Will they be used for good?

Worrying new statistics suggest they might not.

What are Script Kiddies and How do They Differ From Traditional Hackers?

It is important to make the distinction that not all script kiddies are children, despite what the name suggests. Rather, ‘script kiddies’ is the (derogatory) term given to relatively unskilled amateur hackers who exploit internet security weaknesses often for fun/personal gain. Owing to their ‘unskilled’ nature, they are particularly dangerous.

But what makes them different from ‘regular’ hackers? Of course, ‘hacker’ is a broad and complex term, further categorized by intent. While ethical hackers legally seek vulnerabilities and perform exploits for good, there are skilled cybercriminals who work as hackers to illegally obtain data from outside networks. Whilst script kiddies align more with the illegal activity of cybercriminal hackers, three things separate them: Intent, experience and skills.

As previously mentioned, script kiddies are often inexperienced, hence why they exploit existing programs written by others and found on the internet. Their lack of experience, paired with their lack of knowledge, means they may not be able to write their own scripts or exploits. Traditional hackers are often highly skilled and take pride in the quality of an attack carried out. They often understand a system inside out, as well as how to get the most out of it. Moreover, there’s an assumption around script kiddies that they are more likely to exploit systems for personal acclaim/fun. But why has hacking suddenly become appealing to the masses?

Whilst these inexperienced hackers are not necessarily children, statistics from the National Crime Agency do suggest that 61% of hackers begin hacking before the age of 15 and that the average age of suspects arrested in NCCU investigations is 17 years old. For example, in recent months, the leader of the Lapsus$ gang, one of the most prolific and high-profile cybergangs of the moment (with recently reported involvement in the Uber and Rockstar breaches), has allegedly been revealed as a 16-year-old from Oxford. The rest of the gang was detailed to have been made up of seven individuals aged between 16 and 21. Despite clearly being skilled enough to carry out such attacks, cybersecurity researchers seem to indicate that the hackers of these attacks are more motivated by fame than money, in the same way script kiddies are often motivated.

As mentioned earlier, young people are becoming intrinsically more computer literate which, paired with the cost-of-living crisis, is a perfect storm for young people to turn to cybercrime. Worryingly, hacking tools have become increasingly affordable and accessible online too, adding to the appealing conditions of a quick pay-out.

Why Young People Turn to Hacking

One reason might be because of the cost-of-living crisis. A recent survey conducted by the International Cyber Expo has found that 40% of parents believe children will turn to cybercrime during the cost-of-living crisis and 62% of parents said that they believe people generally will be more vulnerable to hacking with the crisis, due to ‘desperation’. Aside from fame, hacking illegally can sometimes reap financial rewards. Interestingly, the National Crime Agency has also suggested that teenagers who would not otherwise be involved in “traditional” crime are becoming involved in cybercrime. Perhaps the fact that it can be done from home, with only moderate skill and equipment that most already have access to, could make cybercrime appealing to young people.

There are other more dangerous but less financially motivated reasons why people become script kiddies, including to create chaos, take revenge or seek attention. For some, there’s a worrying perception that hacking is a victimless crime and that, by being a script kiddie, skills that are otherwise taunted and criticized for being ‘nerdy’ can be celebrated online. However, this could lead to something far more sinister. In 2017, there were reports that free hacking tools were being given to young people to help them break into cybercrime.

Preventing Computer Users From Turning to Cybercrime

If script kiddies are not found wholly to be financially motivated, intervention might be the key to stopping script kiddies from slipping into cybercrime. Equally, with a more focused honing of skills, these forces could be used for good, perhaps helping to close the cybersecurity skills gap.

Broadly, law enforcement is working hard to take down websites and forums that promote hacking, especially appealing to young people, but what’s really needed is for parents, guardians, and educational institutions to take an active interest in what children are doing online to help prevent them from falling on the wrong side of the law.

Image: child–caleb-woods–unsplash