Definition of Script Kiddies and the threat they pose
Script kiddies is a term mostly used when describing someone who uses software or programs that have been created by others to break into computer systems. These “kiddies” are mostly young people who do not have anything to do but try to gain credit from their friends as being intelligent. The script kiddies are able to access malicious software that can be found easily from the internet thus they can even hack on the highly developed systems and networks. Their work is just to access programs that are readily available in order to use them in hacking and they do not bother to learn how these programs work. Hackers do not like the work of kiddies as they do not do anything to improve the “skill” of hacking. The script kiddies are very patient because though security threats are found, they get repaired easily and also many systems resist these attacks. When a script kiddie is targeting a single system one needs to try many scripts to attack the system before landing on one that will work. (Kayne 2003)
The script kiddies get into administration databases and are able to cause destruction on the websites which is commonly referred to as “web cracking”. They use hacking tools to gain access to the remote computer systems. This is done by use of programmed software that can scan a computer that is connected to the internet, while trying to locate a potential target. When a vulnerable object is located, other tools are used to break into the identified target. In the case where the target is computer that exists in a private system, then the whole system is under threat. These script kiddies also set up what is commonly refereed to as root kits on the system they intend to attack so that they can access the computers without the owners being aware. Once they have gained access into the system, they will do anything they want in the computers. In this way, they can damage the computers, take personal data such as credit card numbers or even passwords, delete the hard disks information or even analyze the information they find. (Kremen n.d)
The script kiddies then go ahead and apply Trojans and backdoors when they get into a system. The backdoors help the script kiddies to enter into the system without any problems and at any particular time they choose. The Trojans help the script kiddies not to be detected at all thus he will not appear in any records of the system. The script kiddie manages to be safe and comfortable to perform all the tasks that he wants to do in the system. In most cases, the system administrators search the records for any entries in the late hours of the night thinking that is when they will probably attack the system. The script kiddies do not strike at any particular time or day they can attack at any given time. They scan throughout the world all the time and one cannot be able to know when an attack will happen. (Csonka 2000)
The script kiddies method of attacking is done quietly thus it will be hard to detect them. They attack a computer that is vulnerable and once inside, they use it to search all over the world for vulnerable computers. These leads to what is referred to as botnet, a large network of computers which can thus develop thousands of targeted computers. They issue instructions to botnets to carry out definite tasks while many people are not aware of what is happening. In this way, these script kiddies can crash huge commercial websites while initiating Distributed Denial of Service commands. A website is flooded with recurring requirements from compromised systems in a botnet thus the server is congested and breaks down. (Kremen n.d)
Why hacking is not taken seriously in some countries
Russia is known world wide because of generating viruses that face the IT industry with famous viruses such as Bagel, MyDoom and Netsky being developed from there. Hacking is no longer done by school teenagers but has become the work of professionals working together with criminals. They are using computers for creating and developing massive projects systems for fraud and financial scams. Hacking is not taken seriously in many countries including Russia since it is a way of generating income owing to the scarcity of jobs. Many citizens of Russia who have got the skills search the internet on a daily basis in order to locate computer systems from various companies or corporations that are vulnerable and hack them to steal financial data and other information. (Kremen n.d)
The other problem in Russia, while dealing with hacking issues is the fact that hacking materials like articles and software are readily available in the market without any problems. This is not done in secret but a booming business while in Moscow they even have a hacking school. The majority of people in Russia though highly educated, have no job opportunities thus many of these seek refuge in hacking as a professional. This problem began in 1998 when a financial crisis led many computer programmers to be left without jobs. The country is still facing problems when it comes to job opportunities for bright young science and mathematics students. (Csonka 2000)
The other problem that makes countries not take hacking seriously is the fact that many people today throughout the world have easy access to the Internet. In Russia, over 11 million have access to the Internet while another 9 million people have their own personal computers. Cyber crimes have increased over the years with most common practices being unauthorised access of computer information, circulation of reproduced programs and gaining access on financial information for companies. Owing to the fact that owning a computer and Internet access is legal in many countries, the governments from respective countries have not set well defined rules on cyber crimes. (Kremen n.d)
Problems associated with prosecuting hackers
In many countries, hacking is not allowed but the penalties that are placed when one is found to have broken into a system are not sufficient. These laws are just written on paper but their application has not been made practical. The ideology is that, as opposed to serious criminal violent crimes, the issue of breaking into a computer is not something to alarm the society especially the law enforcement agencies since they feel that hackers are not attacking people in the streets. The local investigators thus are not taken serious because the government does not take this issue as a priority. This gives the hackers an opportunity to do their work comfortably without any fear thus posing a threat to many institutions and individual computer systems. In Russia, the law enforcement agencies do not take hacking as a big problem mostly because the hackers target institutions outside the country. (Csonka 2000)
The other issue is brought about by the fact that declaring that virus writing is criminal by the government does not translate to the fact that they do not investigate where the viruses came from. This is hampered by the fact that tracing these viruses would require them to follow the traffic information through the service providers in the internet world wide. This creates a problem when trying to locate a virus that is found in one country but originated from another country, since countries may not allow others to access traffic information in their own country. This problem becomes much more difficult since the virus creators are using more advanced method to write their programs making it difficult to track them. This occurs in a situation where the developers of a virus in a certain country may launch a virus in another country in order to attack computers from that country. This is a complex process for law agencies to follow in tracking these hackers. (Kremen n.d)
It also becomes difficult to charge these hackers since in many countries there are no laws that are in place dealing with the issue of cyber crimes. The international law is not well defined when it comes to issues of hacking and computer crimes. This is because there are many conflicting issues when it comes to dealing with matters on how cyber crimes should be handled, whether the offenders should be prosecuted as well as the issue of borders since the internet has no limits in terms of boundaries. (McQuade 2006)
The main problem when it comes to prosecuting hackers is that government agents or those investigating the crime do not survey well to differentiate a hacker who is just trying out his skills on advanced system from one who is spying to break into the system. The law only states that an individual developing such software in order to steal from companies are criminals. The hacker caught with these programs may therefore claim that he is using it to learn how security systems work. In this way, many of these hackers are not answerable to any laws and thus hacking becomes a problem to stop. (Csonka 2000)
Many countries do not have well defined laws for punishing those caught practicing cyber crimes like hacking. In other countries where these laws are written down, they are very vague and in most cases these hackers go free because the laws have no clear cyber crimes. There are other countries that have a law that forbids use of “hacking tools” thus this law is perceived as general and does not quite define what “hacker tools” means. In this kind of law, institutions or companies would be considered to be committing crimes in case they hire hackers to check for security breaches in their systems. In other situations hackers can be able to create viruses in other countries while they are in another part of the world. In this case to prosecute a hacker in such a situation will be very hard and a complex process. These kinds of crimes will require that law enforcements request other states to send out suspects so that they can go for trial thus such a case would drag on for so many years. In most cases, these people are not prosecuted because there is no evidence to pin them down since investigations that are performed are not thorough. (McQuade 2006)
Measures to deal with cyber crime
The measures to curb computer crime include the service providers proposing that laws be put in place that allow for disabling the computers that breach the rights of other computers. Laws are proposed to allow the checking into the problems that occur at international level because the Internet has no boundaries. The government should involve itself in respective countries in checking and monitoring the Internet. The web server in a company should be secured from any unauthorized access. The best way to do this is to secure access from the internet leading to the internal systems of the organization. Once this is done, all content trying to get to the system goes through checks before it is allowed in. (Kremen n.d)
A firewall is the best mechanism to use when trying to avoid invalid data into the network. It helps control hackers entering the network and distributing the confidential information. The work of antivirus is to scan the system but the firewall will keep guard from the outside of the computer system to prevent any exchange of data that may be contaminated from getting inside. The firewall will sort out information and only allow that which is not contaminated into the system. The data is verified and coordinated with specific defining characteristics. In the situation where the characteristics does not coordinate with the data, the firewall will not let that information go through the system. Individuals who are that fast in internet connections have the same security concern that large organization go through. (McQuade 2006)
In many cases, data that is valid may be holding invalid content in form of computer viruses or programs. This can make it easy for a hacker to enter the system through such software thus attacking the system from inside. Hackers are able to detect internet traffic thus accessing personal information such as passwords without the owners knowing about it. This kind of problem can be solved by encrypting information that is confidential with difficult algorithms so that the hacker will not be able to access the information. (Kremen n.d)
The use of antivirus also helps to keep malicious files and programs at bay. The antivirus program should be kept up to date and should also be the current version. Trojans are used by hackers to get into the system and manage the files as well as infect the computer by sending spasm and other malicious software. In this case, a good antivirus can be used to detect and delete these viruses before they manage to damage the computer system. The other method to deal with cyber crimes is to ensure that the system logs are always up to date. The system logs should be verified all the time in order to know what the system is doing. Alert massages of programs you did not install into the system may be seen from time to time and therefore it is important to delete such programs because they could be dangerous viruses. (Csonka 2000)
The operating system should also be kept up to date in order to ensure the computer is secure. When the operating system is secure, it will be hard for any hacker to detect any vulnerability in the system. It is also important to install patches into the system because the hackers access the system through common programs like acrobat reader that have not been updated. Some of these patches are important because they are developed to prevent security breach. Companies should always ensure that they back up important information in case an attack occurs. Companies should always check the computer systems through the internet to access on how it is being utilized. They should avoid the used of unnecessary modems that may compromise the company information. (Kremen n.d)
References List
Csonka P 2000, Internet Crime; the Draft council of Europe convention on cyber-crime: A response to the challenge of crime in the age of the internet? Computer Law & Security Report Vol.16 no.5.
Kayne, R 2003, What are Script Kiddies?
Kremen, H.S (n.d), Apprehending the Computer Hacker: The Collection and Use of Evidence.
McQuade, S 2006, Understanding and Managing Cybercrime, Boston: Allyn & Bacon.