However, it can spell trouble when a script kiddie tries to use them for hacking. What is a Script Kiddie? A script kiddie, or “skiddie,” is someone who lacks programming knowledge and uses existing software to launch an attack. Often a script kiddie will use these programs. Download Hacking And Spy Tools For Script Kiddies free software. Attempting to study individuals involved in hacking. Individuals that use these tools (e.g., script kiddies). In this panel, tech experts Christopher Soghoian and Ashkan Soltani, alongside Catherine Crump, staff attorney with the ACLU's Project on Speech.
![]()
I’ve used some sort of computer since the 1970s, when Dad bought us kids a Commodore 64 (which I recently discovered sitting in the toy cupboard when I was home for the holidays). Over the years, I’ve experienced a wide range of feelings about these lumpy collections of circuits and plastic and intangibles. Plenty of frustration, of course, and anger and disgust, but far, far more appreciation, satisfaction, fascination and even joy. But the one constant, the thing that never leaves me, is fear.
My fear stems from the usual sources: ignorance and pain. I didn’t know much about the Commodore 64, which epitomized the high-maintenance PC, and so feared my own stupidity. Using the college minicomputer, I feared crashes and people throwing out my printouts, along with the occasional rogue student sys admin. Fear even drove my first personal computer purchase: I bought a PC because I feared the brand-new, cool Macs sweeping through my college dorm. I feared it because it had such comparatively great graphics, and I knew if I bought one I’d spend all my time playing games and would fail my classes.
So I bought an IBM PC clone, a state-of-the-art ITT XTRA, the hot clone of 1984. With that machine, I learned the hard way to fear system crashes, power outages, bad floppy disks and, above all, forgetting to save. I still remember the stark terror I experienced after watching a term paper simply disappear from my screen, gone, never printed out.
Advances in software have rendered most of these old fears moot – even power outages don’t faze me now, since I use a notebook and the battery acts as a power back-up. But there’s a new fear – and it can hit the level of paranoid delusion. I’m deathly afraid of being hacked.
While I do have broadband access and a Web site, there’s little on my home machine that would interest a malicious hacker, let alone a lowly script kiddie, those hacker wannabes who take other people’s code and data files, and post them online for everyone to see. It’s good to be boring.
I also have anti-virus software and a firewall, try to download all those Microsoft patches once a month, and shun Outlook. Even so, any time my PC starts behaving weirdly – for instance, letters don’t appear on screen the moment I type them, or my cursor starts zipping around the screen, I instantly think “I’ve been hacked!” This might have some basis in reality if I worked at a financial corporation or the State Department, or maybe if I made a habit of posting obnoxious comments in hacking-related IRC chat rooms. But I’m not really a target. My fears, as I said, sometimes approach the paranoid delusional state.
Hacker History: Hackers weren’t always bad. Back when I bought my first PC, they were a benevolent force in software development. They went in and hacked around systems – hardware as well as software — mostly out of curiosity. Think of early hackers as the digital equivalent of kids who take apart car engines to see how they work. Only when they put the system back together, those hackers often discovered, and implemented, improvements. Today’s PC business mostly grew out of people hacking together personal computers.
Many tech geeks still see themselves as hackers in the original, positive sense of the word. You can find a lot of them driving the open source movement today. Linux started out as a hack, really, with Linus Torvalds as hacker-in-chief, and it continues to build on the backs of hackers.
Emergence of the Evil Hacker: The earliest crackers – malicious hackers – were primarily “phone phreaks,” people who spent their time and energy figuring out ways to make free long-distance calls. That eventually gravitated into hacking AT&T’s computer systems directly. One famous 1980s hack involved switching the company’s rate clocks, so people who called during the day got the bargain-basement late night calling rates, and vice versa.
The phone system was a natural place for cracking to start. It was really the first widely used network – in the 1970s and 1980s there just weren’t a lot of computer systems connected to each other, and computer hacking was basically a local affair. For more, our sidebar features some of the more famous hacks and cracks of the last 30 years.
So if some hackers are good, then why are they all considered so notorious? Blame Hollywood, really. It took some of the early crackers and called them hackers in films like “Sneakers” (based on the AT&T billing swap) and “War Games.” Thus was born the image of the hacker as evil. Traditional, benevolent hackers have tried to reclaim their good name – by differentiating the cracker, or black-hat hacker from what they do. But it hasn’t really caught on.
Script Kiddies: This is the worst insult you can give a cracker. A script kiddie is so brain dead, they don’t know enough about technology to find and exploit security holes or flaws, but instead take advantage of the works of others. Typically they use and modify code scripts written by someone who does understand the technology issues. Script kiddies typically hack to impress their friends, who are similarly challenged technically.
Crackers, black hat hackers, script kiddies or what have you, they’re worth some paranoia. While Average Digital Joes aren’t likely to be targeted deliberately, today’s hacking tools mean anyone’s system is game, if they don’t take precautions, like using anti-virus software and firewalls. Our sidebar helps you protect your PC and keep it safe.
Some hacks are more annoying than devastating. For instance, Web site defacements are the Internet equivalent of graffiti. More damaging, potentially, are when hackers take over your PC — “own,” in hacker jargon – and turn it into a zombie.
Zombie Attacks: Then your system can be used as part of a denial-of-service (DoS) attack, where hackers use your bandwidth to automatically send messages to a specific IP address. It was DoS attacks that made it impossible to get to Yahoo!, Amazon.com and other major Internet sites recently.
A DoS attack replicates what happens when more people come to a site than its servers can handle. Remember the Victoria’s Secret online fashion show that was advertised on the Super Bowl in 2000?. So many people attempted to connect that in fact very few could.
Crackers can also put a keylogger on your PC, hoping to pick up things like credit card numbers when you type it into sites. This summer, a hacker used about a thousand zombie PCs to distribute porn, though usually they use them as virtual hard drives, putting stolen software and the like on it.
![]()
So how do you know if you’ve been zombied? Some signs include your modem or hard drive working overtime when you aren’t, or that sluggish system performance I get so worried about. For more details, see Don’t Let Your PC Become a Porn Zombie at PCMag.com.
Spoof Hack: A clever recent type of hack involves a hacker building a Web site that mimics a well-known business, such as Target or Best Buy, to name two recent examples. They then send e-mail purporting to be from customer service, telling you there’s a problem with your account and asking you to go to their Web site and fill in a variety of information. It seems legit, but what they really want is your credit card information. Do not, under any circumstances, ever give your credit card or other account-oriented personal information online, except when you are actually buying something online.
Never open attachments, either, unless you know for sure what they are. The most damaging hacks of today come from writers of “mal-ware” — computer viruses, worms and Trojan Horses. Those present an ongoing and ever-shifting challenge for all computer users. At the moment, file attachments in e-mail represent the most dangerous way to spread these cyber afflictions, though music and video files downloaded from file-sharing networks can also contain mal-ware. Instant messaging is also being used more often to spread mal-ware.
As in the real world, it’s very difficult to stop a break-in by someone who’s determined to do it. But it’s also true that so many online users fail to take even basic security measures, like using firewalls, changing passwords or turning on basic security features in software programs like Outlook, that those of us with a little bit of paranoia stand a good chance of being ignored.
Three cheers, then, for fear.
Michael Fitzgerald is an award-winning technology writer and editor. His writing on technology appears in The Economist, Inc., MIT Technology Review, Business 2.0 and a number of other publications. He’s spoken at numerous industry events and frequently appeared on CNN and other major television networks. Mike’s favorite early encounter with technology was playing Pong with his brother on the family TV.
and Script Kiddies! History
Over time, technology has crept closer and closer to the street. By 2005,many countries were talking about 'a browser on every corner and email inevery home;' in 2006-7, IBM made that a reality in Ethiopia, striking fearinto the super powers' hearts that they'd lost the 'Net Race.' By 2010,every corp-nation and nation-corp had begun such efforts. The cities ofNorth America, and at least most of the cities of Europe, are completelywired, and virtually all of South America and Africa are as well. Outsidethe cities, most small towns and villages have at least a few computers,with wireless networks for the company bigwigs on vacation. Asia is moreconflicted, with Japan garnering 'Most Wired Nation' status several years ina row, China all but forbidding access, while Indochina and the Phillipinesare inconsistent, fighting off computers and the social homogeneity thatcomes with them to the last man, or else throwing all of their money intotraining their best and brightest to hack the people who would own them.
The result of this, of course, has been an explosion in the script kiddypopulation, because not only can any two-bit hack with something to proveget software to do the dirty work of finding weaknesses automatically, butany two-bit hack in any of dozens of countries can getthat software. As in all things, the more two-bit hacks there are, the moreartists, fortunately.
For every two hundred script kiddies, there's one guy who wrote thoseautomated programs back when he was script kiddie, and has since moved on towork for a corporation. Such white hats are viewed with derision, even bythe non-hacker community -- going from writing kiddie scripts to corporate'Net muscle is a step up economically, but a step down socially. For everyhundred white hats, there's a black hat that hasn't sold out yet, and forevery 50 black hats, there's a hacker that was never in it for the easymoney.
Many of the best hackers grew up on the street -- too small to live offmugging, too smart to sell their bodies, but who managed to get on the webenough to learn more. Some of them stole credit card numbers to buygroceries online, some of them faked (or stole from someone else) an onlineID to get an online job. They are the urchins that hang around theterminals, but don't ask for change, or the gangers that try to get turfwith terminals on it. For most of them, their only acquaintance withAuthority is the local cop's stungun. They typically have very littleformal education, and they rarely bother 'expanding their minds.' Butthey're better with computers than all the white hats with fancy collegedegrees, and they might even know it.
Being one of the elite, and having access to hackerly skills, equipment, andfriends, is an Unusual Background (Elite) for 25 points. Being as'kiddie is the not-so Unusual Background (S'kiddie) for 10 points.You like to play with the computer when your parents are asleep.
The ComputersInterfaces
Immersive environments are restricted to people willing to go through thesurgery and training that datajacks require, or else deal with the responsepenalties of external input devices (such as wired gloves). For games, thedatajack is widely regarded as essential; for other people, simplyinterested in enjoying online environments, private voice chats, and threedimensional images, the delay is more than acceptable. They are generallynot well regarded as more productive than voice control and two-dimensionaldisplays (unless there is some legitimate relevance to three-dimensionaldata).
As such, computers able to follow relatively complex commands as verbalsentences are in use in more and more offices, and Ethiopia/IBM haspioneered 'industrial' applications, such as 'do what I mean' voice commandprocessing on street corners, bars, and other loud places. Voice-controlledcomputers vary in use from being the future PDA, to letting executiveslounge back in their comfy leather chairs while evaluating business plans,and records, to scientists verbally describing the tests they want to runsamples through.
Most people have always used only a fraction of the power their computershave; by 2025, the tide of Network Computers is once again rising. Mostpeople are quite content using touch screens and keyboards with microphonesto send/receive voicEmail, follow their favorite hobbies online indiscussion groups, chat rooms, and libraries. There are even timelessly fungames available on these systems, although all the Real Gamers(tm) play inimmersive environments.
Some people still use more archaic interfaces, such as keyboards andmonitors (without the ability to function as a touch screen). However, given the growing popularity of three dimensional sites, and theentrenched popularity of two dimensional interfaces, it's a wonder nobodyhas put them out of their misery.
The Computers Themselves
There is dizzying variety in computers; red ones, blue ones, smart ones,dumb ones, new ones, old ones. They typically talk to each other throughIPv6/IPSEC, with all kinds of other protocols built on top. Every system'sinterface is a little different, and almost every computer manufacturerdiddles around with the systems software. The ISP market has, in mostplaces, become government regulated, in large part as a response to the newcorp-nations' clear superiority in the 'Net Race and their use of in-houseproviders for their adopted nations; in the US, each state has developed itsown laws for regulating the industry (or not).
Computer speed doesn't matter and isn't noticed; software developers havefinally given up on spurring next year's hardware sales with their newsoftware, because most things have been handled already. Except in 'hard'computing environments, such as weather forecasting, chemical and biologicalmodelling, etc., computers are just furniture. People who are not opposedto either the potential (and still largely unrecognized andunsubstantiated) risk of sticking a lot of radio emmissions next to theirhead, having computers 'do it for them,' or else who are too dirt-poor toafford it, have earcomps capable of handling voicEmail, standard schedulingtasks, and phone calls. In most places, as well, ISPs provide freebasically functional applications on their servers for customers to use; asan extension, since most users don't buy their own software anymore, thesoftware industry is unofficially regulated (as companies that piss offthe ISP lose the fat contracts off of which most of them live).
As for the network, well... there are a wide variety of networks,not just the Internet. Most of them are built upon the sameprotocols, with their own layers and software on top. Others use nothingspecial, but use strict encryption and routing policies to delineatethemselves. Virtually everything is wireless, and wireless bandwidth andlatency have dropped remarkably in relation to wired connectivity, sincewired connectivity reached a plateau 10 years ago. Only people terriblyconcerned about security still use wires, and fat shielded wires at that.At the same time, wireless 'jamming' technology has also developed quitestrongly, in order to restrict and monitor network access. For instance,the networks in many corporate offices end get killed at the borders oftheir buildings, to prevent snooping or free rides.
Hacking RulesHacking SkillsComputer Interface (variable)
This is the ability to get things done using a particular type of computerinterface. It includes figuring out program functions, getting programs torun, etc. This is the TRULY basic user skill. This skill must be taken foreach type of interface (see below).
Using any given interface still requires familiarity to use well, as thespecific commands will be different. You are automatically familiar with onesystem upon taking the skill, and you are also automatically familiar withany system for which you have the O/S skill.
This is the ability to fiddle with the system running your computer. Thisincludes things like setting up a network, tweaking/tuning for performance,installing and checking software, modifying your setup, etc. For operatingsystems which include administrative powers, this includes knowledge of howto use those administrative powers. This skill must be taken separately forevery sperating system.System Security (MH, IQ-6, prereq any O/S skill)
This is training in the mindset and logical approach to computer securityrequired to run a tight ship. This is used to secure a machine (byanticipating possible vectors of attack and putting preventative measures inplace), find signs of hackers (and trace them), find security breaches (andpatch them) and so on.
All operating systems come with a default security level (Windows is about a10, BSD is about a 14). You can roll System Security when firstsetting up the machine to improve this; each 2 points you make the roll bygives a +1, to a maximum final value equal to your own skill or theoperating system's security +1, whichever is higher, to the security levelof the system. If your O/S skill is lower than your SystemSecurity, subtract -1 per 2 points of difference. This takes an amountof time equal to the bonus to the system's security in hours. You mayreduce the bonus to speed things up.
You can also reduce the security. This requires no roll - just set the levelto whatever lower level you want.
As new holes in systems are discovered, the security of the systemeffectively decreases; every month that goes by without tightening down asystem, the security level of the system decreases by 1 (down to a minimumof half the system's base security). You can eliminate this loss byupdating the system; roll System Security every time you go throughthe security of the system, and for every two points by which you make yourroll negates 1 month's decline. This can be done at most once a week, andtakes 4 hours.
Say a system has been sitting in the machine room for a year withoutupdates, because the admin you replaced was lazy. If you immediatelystarting fixing it up, and were able to consistently make your roll by 6points, it would take 20 hours spread out over 5 weeks to bring the securityback up to its initial point (4 weeks of reducing the penalty by 3 eachweek, at which point a month has passed and the security is reduced by 1,requiring just a little more time...). It could take less time, but thenyou're not being very conscientious, are you?Hacking (MH, System Security-5, prereq appropriate O/S skill)
This is the ability to find loopholes, cracks and security holes in amachine, whether it is a software security issue or a hardware physicallimit. By exploiting these holes and limitations, you can crash the machine,compromise information stored on it, control it to do things for you, gainadministrative access, etc.
To use Hacking, roll an opposed contest with the target machine'sSecurity level. The default time this takes is 4 hours; each point you beatthe machine by halves this time (so if you beat it by five, it takes youabout 8 minutes). If you lose the roll, you can not try again for another 4hours. Also if you lose the roll, the admin for the system can make aSystem Security roll to detect your attempts (she can also make aroll any time she decides to check the system for attempts to hack in).
Once you have gotten in and done whatever it is you chose to do, you canmake a roll to cover your tracks. This is handled in exactly the same way,except that you only get to roll once, and the base time is 1 hour (insteadof 4 hours). The GM should mark down how much you made it by - the admin hasto beat this to detect your attempt later.
You can also cover your tracks as you go, although this is less efficient.Take a penalty to your roll to penetrate the system; the admin then takes anidentical penalty whenever she finally attempts to detect you. Note thatyou must still roll your Hacking to cover tracks as you leave, so that finaltraces are erased (and the GM has a number to beat later).
Once you have penetrated a system, you may enter it at will afterward untilthe hole you used gets patched. Holes can get patched in a number of ways:the admin may discover where you snuck in and fix the problem, the OScreators may issue a program-level patch, the hole may have been dependanton hardware limitations which are removed in the next upgrade cycle, etc.Reversing (ME, Programming-5, prereq appropriate programparadigm)
This is the ability to analyze machine code and/or translate the machinecode into its original programming language. A small program (<1000 lines)can take several hours of dedicated work, but for a dedicated reverser theend outcome is rarely in doubt. Assume 1 hour per 100 lines of code,although obfuscation techniques can double or triple the time required.
Prereq: Note that basic machine code is a programming language, and can beused in lieu of any other language, BUT takes four times as long.
Rolling: Mainly, this is to determine how well you do. If you fail, itsimply means that you misunderstood some parts of the code. The better yousucceed, the more you 'own' the code in terms of knowing its little quirksand whatnot.
![]() Using Scripts (for the K1dd13z in the audience)
A Hacker can encode a particular hack into a script which does the workautomatically. This requires programming, but creates an automated programwhich uses its own Hacking skill for a specific task ('Get rootaccess on a targetted Windows NT machine', for example). Once a Script iswritten, it can be used by anyone who gets their hands on it. Unfortunately, as scripts spread, occasionally admins find them. Wheneveran admin tightens down security on a system, he discovers and fixes theholes exploited by scripts (rendering them useless against that system) thatachieved widespread distribution on or before the time to which the adminupdated the system.
Going back to our admin in the previous example, in the first week hediscovered the holes exploited by scripts that were easily accessible 9months ago; in the second week, he closed the gap to half a year. Inanother two weeks, only relatively new and secret scripts had a chance.Hackers who keep a lid on their scripts get much more benefit out of them.
To create a script, you must first do what you want the script to do. Youmust then decide on the skill you want the script to have, relative to yourown skill. For every point above Hacking-4 you want the script tobe, you have a -2 penalty to your Programming roll; the script cannot have skill greater than your own. To modify a script, you must haveaccess to the source code, or suffer a -2 penalty to any rolls to modify it;many scripts take their name from the fact that their useful form *is* thesource, and so having the one means having the other, but this is not alwaystrue.
To simply update the script, you must be familiar with the techniques usedby the script, as well as the techniques used to defend against it. If yourHacking skill is less than the skill of the script, you suffer a -2penalty for each point of difference; if your Hacking skill isgreater, you enjoy a +2 bonus for each point of difference. RollProgramming with this modifier; if you make it, the script will onceagain work. However, if your Hacking skill is less than that of thescript, the script's Hacking skill is now equal to your own. If yourHacking skill is greater than that of the script, then for each 2points by which you make your roll the script's skill is improved by 1, upto a maximum of your skill.
Additional Skills Hackers Use or Need
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |