Script Kiddies 2002 - A continued threat to online business
A bit of a break from writing about web marketing and ecommerce this week - on to the subject of Internet security and protecting your online business.
About 18 months ago, I released a series of articles in relation to the Script Kiddie problem (see below). I thought I'd carry out some follow up research to see what the situation was in 2002 and I'm sorry to say it's no better - it's gotten a whole lot worse.
To summarize; a Script Kiddie is typically a young male, usually not by any means a computer expert, who exploits weaknesses in security systems discovered by someone else.
A script kiddie is a wannabe hacker who scans the Internet for compromised systems using freely available tools - in other words, an absolute pain in the ass and at the bottom of the pile in the hacking world. Unfortunately, they don't see it this way.
As an example of their often lacking knowledge, I recently read of a case where Script Kiddies used a sophisticated piece of hacking software to break into an operating system and then proceeded to attempt to run commands that weren't even compatible with that system!
They are of particular annoyance to online businesses such as ourselves as we spend many hours each day connected to the Internet. Script Kiddies constantly probe away at our systems, looking for a point of entry. This mosquito like method of attack has made it necessary for us to move most of our records to another PC that is not connected to the Internet or even to our network while we are online. We now use and monitor firewall services, anti-virus and kiddie tracking software as part of our day to day business - a great deal of time, money and energy is expended on these things, but it's become a necessary evil.
While the prevalence of Script Kiddies has been widely covered in articles and tutorials such as this, it hasn't stemmed the flow of attacks or the "breeding" of these packet monkeys. It seems that as fast as these socially challenged individuals are apprehended, another crop of graduates emerges from Moron University.
Script Kiddie attacks have more than doubled over the past two years according to figures sourced from Cert.org. CERT is a center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.
Some of the increased activity seen below is due to rapid growth in the numbers of online destinations, some of it also attributable to the availability and simple operation of tools for carrying out attacks.
Year - Incidents reported
1988 6
1989 132
1990 252
1991 406
1992 773
1993 1334
1994 2340
1995 2412
1996 2573
1997 2134
1998 3734
1999 9859
2000 21,576
2001 52,658
2002 (Q1-Q2) 43,136
Note: a single incident may refer to one or thousands of web sites in one attack.
Source: http://www.cert.org
While these figures also include "real" hacker activity, the vast majority is script kiddie related, and it looks as though 2002 is going to be a bumper year.
Script Kiddies cost the ecommerce community many millions of dollars each year, not so much through them "stealing" money from our accounts (most of them aren't that skilled), but in the expenses associated with the purchase of security software and the downtime incurred when they deface our web sites, delete files from our drives or infect our computer systems with viruses.
Thankfully, there's a wide range of security software available to help protect your systems against script kiddie attack, including attacks originating from within your business. It's not uncommon for these people to compromise their own employers systems. If you have a home based business and other members of your family use your business computing equipment to access the Internet, this also poses a serious risk as family members can inadvertently leave your systems wide open to attack. To review a range of Internet and computer security software, view:
http://www.tamingthebeast.net/tools/security-software.htm
For further information about the Script Kiddie problem, and what you can do to minimize risk, the following articles are also available:
Script Kiddies - Vermin of the Internet
People with no lives, and how they can adversely affect yours. An overview of the Script Kiddie problem and the security threats to your online and offline business systems.
http://www.tamingthebeast.net/articles/scriptkiddies.htm
Script Kiddies II - An advice to parents
Script Kiddies tend to be teenagers - Parents, do you know what your kids are up to on your computer and while surfing the Internet?
http://www.tamingthebeast.net/articles/scriptkiddies2.htm
Script Kiddies 3 - Grill a Kiddie
Slowly, slowly catchee kiddee - how to report a wannabe hacker and other security breaches. Protect your online business by grilling a kiddie!
http://www.tamingthebeast.net/articles/kiddies3.htm
It's in your clients' interests and ultimately that of your online business to be aware of the hazards posed by Script Kiddies. While the figures from authorities such as CERT.org don't look encouraging, with education and following up on web based attacks, we can make a difference and not become a statistic. I feel that it's also important that schools and parents begin educating children a great deal more in responsible computer usage - a bit like the "Just Say No" anti-drug campaigns.
Being a script kiddie is not a cool Internet hobby - it wrecks peoples lives - both online and offline. Their immature activity also endangers the continued viability of many ecommerce based ventures - and I'll be damned if I'm going to let some socially maladjusted teenager who has no sense of consequence or conscience threaten my livelihood - how about you?
Michael Bloch
Taming the Beast.net
http://www.tamingthebeast.net
Tutorials, web content software and tools.
Web Marketing, eCommerce & Development solutions.
Copyright information.... This article is free for reproduction but must be reproduced in its entirety & this copyright statement must be included. Visit http://www.tamingthebeast.net to view great articles, tutorials and tools for site owners, web developers and Internet marketers! Subscribe for free to our popular ecommerce/web marketing ezine!
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More How To Articles
More By Developer Shed
 developerWorks - FREE Tools!
|
As businesses grow increasingly dependent upon Web applications to provide services to customers, employees and partners, these complex applications become more difficult to secure. Although traditional security solutions protect Internet infrastructure layers, they do not guard against HTTP and HTML attacks. Many organizations that conduct security testing still deploy applications that allow attackers to manipulate their logic and wreak havoc on their business. To mitigate this risk, development and delivery teams must address Web application security throughout the lifecycle, addressing the many layers detailed in this paper.
FREE! Go There Now!
|
|
|
|
Achieving true agility is a never-ending effort. We will showcase how you can become agile incrementally, a few practices at the time.Which practices should any agile team strive to adopt? What additional practices should you consider based on your needs to scale? Adopting practices are however made much easier with the right tool support. What about if your tools adapt to your practices? We will take a look at how the Jazz technology can be leveraged to make your process change the behavior of your tools.
FREE! Go There Now!
|
|
|
|
Effective governance for lean development isn’t about command and control. Instead, the focus is on enabling the right behaviors and practices through collaborative and supportive techniques. Hear from Scott Ambler on how it is far more effective to motivate people to do the right thing than it is to force them to do so. Learn how to form a lightweight, collaboration-based framework that reflects the realities of modern IT organizations.
FREE! Go There Now!
|
|
|
|
Download the Rational Application Developer (RAD) v7.5 open beta code and start developing applications for the JEE5 standard which features EJB3.0, JPA, JSF 1.2, JSP 2.1 and Servlet 2.5 standards. When you use this beta you will see how you can increase developer productivity for already existing applications with improved support for refactoring, as well as adding new features to existing applications. In addition, the beta provides tooling for JD Edwards, Oracle, SAP, Siebel and PeopleSoft to improve the developer productivity with these enterprise systems.
FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to download a free trial version of Lotus Quickr 8.0, which enables collaboration by transforming the way everyday business content such as documents, rich media, photos, and video can be shared. Lotus Quickr makes it faster and easier to share content of all types (not just documents) within virtual teams. It is designed to make it easier to collaborate across organizational boundaries, while continuing to work within the context of familiar desktop applications.
FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to download a free trial of the latest release of IBM Lotus Sametime Standard V8.0. Lotus Sametime Standard V8.0 is a platform for unified communications and collaboration that combines security features with an extensible, open solution including integrated Voice over IP, geographic location awareness, mobile clients, and a robust Business Partner community offering telephony and video integration.
FREE! Go There Now!
|
|
|
|
Join this webcast to see how IBM Data Studio Developer and pureQuery can take the pain out of Java data access. uApplications developed using both Java and SQL have become a common requirement. Database connectivity using Java Database Connectivity (JDBC) to create an application is a multi-step tedious process, and tooling that covers both SQL and Java has been unavailable, until now. IBM Data Studio introduces the pureQuery platform: a high-performance, Java data access platform focused on simplifying the tasks of developing, managing, and optimizing database applications and services.
FREE! Go There Now!
|
|
|
|
Asset Reuse is a key strategy for companies looking to create innovative solutions to solve complex software development problems. Searching for, identifying, updating, using and deploying software assets can be a difficult challenge. Listen to this webcast, to learn about strategies and tools that you can leverage for a successful project, including Rational Asset Manager, Rational Software Architect and WebSphere Service Registry and Repository.
FREE! Go There Now!
|
|
|
|
Try the latest version of IBM Rational Manual Tester V7.0.1 by downloading a free trial from IBM developerWorks. This manual test authoring and execution tool promotes test step reuse to reduce the impact of software change on testers and business analysts and addresses the needs of teams performing at least a portion of their testing manually.
FREE! Go There Now!
|
|
|
|
As businesses grow increasingly dependent upon Web applications, these complex entities grow more difficult to secure. Most companies equip their Web sites with firewalls, Secure Sockets Layer (SSL), and network and host security, but the majority of attacks are on applications themselves – and these technologies cannot prevent them. This paper explains what you can do to help protect your organization, and it discusses an approach for improving your organization’s Web application security.
FREE! Go There Now!
|
|
|
|
All FREE IBM® developerWorks Tools!
|
