On Tools

While hackers are a relatively well known group of people, the term “script kiddie” has only just begun making its rounds in the media. Roughly speaking, a script kiddie is an individual who exploits system vulnerabilities through the use of tools developed by others, without necessarily possessing the technical skills to carry out such attacks on his own. The capabilities of the script kiddie arise through the development and distribution of hacking tools over the internet. A cursory search of the internet is enough to show just how easily available such tools are and how easy they are to use if you try them out.

Back in college, there was a graph that kept appearing in lectures on computer security. It's a simple straight line with a positive gradient. The x-axis was marked "time" and the y-axis was marked "sophistication of attacks". Not a huge surprise really - as defenses improve over time, so will the attacks that try to counter the defenses. However, there was another accompanying label along the y-axis that ran in the opposite direction which said "technical skills of attackers".

It appeared then the availability of hacking tools has brought hacking to the general masses - or did it? A hacker is one who possesses superb technical skills and a healthy dose of ingenuity to able to bend the computer to carry out his commands. While hacking tools made it easier for one to carry out attacks, they do not substitute for a strong foundation in technical skills. However, they do make it easier for one to pick up the art of hacking.

And although it is true that the technical skills of the average attacker have now fallen due to the growth of script kiddies, it would be incorrect to think that the real hacker community is on a decline. While most script kiddies operate for personal gains and mischief, there is growing concern for an increasing number of hackers who lend their services to organized crime.

It is important to note that although hacking tools are an aid to the attackers, they serve equally well to the defenders. Otherwise known as security auditing tools, they help administrators to sniff out loopholes and weaknesses in their own systems before they are exploited by others.