Home > Publications > Non-Technical > Hackers, Crackers, & Script Kiddies

Hackers, Crackers, & Script Kiddies

Hackers, crackers, and script kiddies are the leading causes of security breaches in companies and schools.  They are the biggest threat to security professionals because they have the time, knowledge, and patience to write attack programs that can steal information from a computer. This group has a couple of items in common: they steal information for profit or intellectual property, disrupt business functions, or break into a program just out of boredom.  But their experience is what makes each group different.  Experience plays a major role in the hacker community.  The more experience one has the more sophisticated the attacks become; less experience results in more frequent attacks but not as damaging.  The most common method of attack is through malicious code embedded in an e-mail/attachment, downloads of free programs, or opening a pop-up. Using preventive measures allows users to protect themselves from unknowingly providing information through new programs being installed, pop-ups, or things that cause the computer to act strange.  

The term hacker can apply to a security expert or programmer that looks for security vulnerabilities in applications and programs for the purpose of correcting errors in code, or it can apply to criminals that try to circumvent computer security systems with malicious programs.  Hackers can be either good or bad.  The good ones help discover vulnerabilities in programs and write code to correct it.  The bad ones look for the same vulnerability to steal information they want and post it on the internet.  The media commonly uses the negative tone because they associate hacking with criminal activity.  Whether good or bad, people must monitor hackers because these users have the knowledge (and sometimes the access) to break into a computer system. 

A cracker is someone who intentionally breaches computer security mechanisms (firewall, anti-virus, etc) targeting weak points in computer systems or networks for the purpose of making money, gaining recognition with a certain group, or because the challenge is present. Their goal is to find and exploit these weak points and share the information with others via the internet. The weak points can give crackers the ability to steal information, disrupt business functions, and create malicious programs to capture information (user ids, passwords, names, social security #’s, bank account #’s, etc.).

 A Script kiddie is a who uses scripts or programs created by others, to attack computer systems. They may have some programming skills, but they require more experience and knowledge that only a more sophisticated hacker has. Their goal is to impress others, receive recognition, and take credit for crashing or gaining access to other systems.  The internet provides script kiddies with websites that teach them to hack into other computers. These websites allow the user to download malicious programs, show what needs to be corrected in their code, provide examples of hacked code and additional features to have their code run faster/more efficient.

How do you know you are being attacked?  Signs that you are being hacked are: new programs installed on your computer without your knowledge, a computer that constantly reboots, a computer that exhibits strange behavior, etc.  Some basic security prevention tips are: turn on the firewall, set your operating system and anti-virus to automatically update, set your pop-up setting to med-high/high, don’t click on any pop-up ads (when on the internet), don’t open any e-mails from anyone you do not know, delete your browsing history. Users that have limited knowledge about computers may be unaware if they were hacked.
Most hackers use common tricks or methods to unwittingly entice a person into opening malicious programs such as pop-ups, e-mails (including attachments) from an unknown sender, downloads for free programs (icons, gadgets, widgets, toolbars, etc), free cds/dvds (trailer to a movie, additional extras to already owned programs, etc.).  Hacking allows the perpetrator to insert specific code into the computer system by hiding it in places a user would not normally look (the root, hidden files, files not commonly used by the user, etc.). Once activated, the malicious program has the ability to change any information in the computer that suits the hacker’s needs. Once the hacker has control over the computer they can steal any information they want and possibly hold it for ransom or sell it to the highest bidder. Users must realize that the type of information hackers look for are: passwords, account and credit card numbers, information about you (name, address, phone number), what programs you have access to (work/ classified programs, etc), and any information they can use to blackmail you (e-mail, Instant messages, etc).

The ultimate goal is to successfully break in to a system (without being noticed /caught), steal information and hold it for ransom/sell to the highest bidder, or disrupt business functions to cost a company/school millions of dollars. Hackers enjoy pointing out security flaws in operating systems or programs because they want to be the first person to post it on the internet for the world to see. They think if security flaws are identified in a popular operating system, program, or website, it will give them their fifteen minutes of fame. But in reality the effects can cause damage to others by weakening those security systems (firewall, programs, anti-virus, etc), making them a more frequent target of hacks, and resulting in countless hours of trying to recover what information was taken.  

Besides the problems to the user, the company that makes the operating system, program, or website is forced to release a patch correcting the vulnerability. Releasing a patch immediately can cause additional problems: additional bugs could have been created within the patch, different areas of the operating system, program, or website could become vulnerable, the original issues could only be partially resolved, etc.

 Hackers, crackers, and script kiddies can cause chaos if they succeed in breaking into a system. Using preventive measures can prevent the chaos from occurring, and it can also educate the user in how to secure their stored information.  Remember to protect your passwords, account information, or any additional identifiable information (name, address, and phone numbers) by not storing this information in a file on the computer. If the computer is hacked then all that information can be found and used against you.