Crackers or script kiddies are almost the same. Their existence depends on the existence of the Internet. They represent certain persons who are logged to the Internet and performing some actions that are considered malicious. A cracker tends to launch denial of service (DOS) attacks and crash computer systems.

A script kiddie tends to use ready-made programs and techniques to accomplish the dirty work. These two virtual life forms overlap. This means that the same person could very often be described as a script kiddie and a cracker at the same time. Some crackers look forward to become hackers but due to their lake of knowledge they become crackers or script kiddies. According to Capello (2000b), a person could go into a set of stages before he becomes a hacker. These stages sometimes include the cracker stage. Verton (2001) wrote that script kiddies are very dangerous because they release huge amounts of electronic attacks on a large area of connected computers. If a system administrator is not taking good security measures then they could crash his system very easily causing his organization a great damage and wasting a lot of time and effort. Tanaka (2001) also wrote that Alan Paller of the SANS Institute said that crackers consider cracking a kind of video games. He said also that they do not want the data on the machines they just want a person’s personal computer to connect to other computers and gain access on it and attack it. This way it will seem that the victim’s whose computer was compromised is the cracker. In other words crackers use other peoples computers to hide and attack other computers.

Benton (2000) says that crackers are the persons who do not follow the hackers’ code of ethics. In other words, they perform acts of theft, vandalism, and confidentiality breaching. Real hackers try to distinguish themselves from crackers by showing the difference in attitudes between the two teams and by comparing the knowledge they have to the non-expert crackers. Benton wrote that Jeff Schiller the head of network security of the M.I.T stated that most of the crackers are not computer professionals and though they lack knowledge and expertise compared to hackers they are more dangerous because they use free programs without knowing exactly what they are doing.

Raven (2000) says that the last thing a person would want to become is the script kiddie because they are at the lowest levels of the cyber community cultural pyramid, and the rest of the community treats them with disrespect. Though crackers are the real performers of Cyber crimes the mainstream media seems to have a different opinion. Most of the malicious acts that crackers or script kiddies commit are falsely presented by the mainstream media as the doings of hackers. Many journalists have been fooled into using the word ‘hacker’ when they refer to the malicious crackers or script kiddies (Benton, 2000).

Benton referred to Eric Raymond, the author of “The New Hacker’s Dictionary” and the maintainer of the Hacker’s online jargon file, in his argument. Benton says that the basic difference between hackers and crackers is that while crackers destroy and sabotage the Internet, hackers build things and maintain its infrastructure. Raven (2000) agrees and adds that hackers share information and believe in the freedom of speech and the free flow of information.

This is not the case with crackers who tend to nuke anyone that he does not like of the Internet (Nexsys & ArHamstuh, n.d.). Williams (2000) says that while the black-hat or crackers seek personal or political gain, a hacker seeks knowledge through reverse engineering and understanding software. However, there are some malicious crackers who are experts in computers. This group goes by the name Black-Hats. Black-hats are described by the hackers as the bad hackers (Williams, 2000). Black-hates are experts and sophisticated, Capello (2000b) says that malicious hackers and Dark-side hackers are experts but dangerous to the Internet community. Spitzner (2000) says that they also develop their own tools but the most common is that crackers and script kiddies use downloaded tools with minimum knowledge to commit malicious acts that negatively affects the Internet community. To sum up, crackers or script kiddies are not computer experts. They do not believe in the certain ethics that the computer experts believe in, and they carry on the acts of crashing and stealing on computer systems. They also do not share knowledge because they do not have much to share and they do not contribute to the cyber community. These reasons make them belong to the lowest levels of the cyber community’s cultural pyramid. Another important point is that the media falsely refers to crackers as hackers, which is totally wrong because of the huge difference between the two categories. Spending days in front of the PC monitor surfing the Internet, chatting, making up fights, spamming mails, and abusing other’s freedom to use the Internet is a typical cracker/script kiddie’s attitude. Crackers impose many threats to the cyber community; these threats vary from annoyance to acts of vandalism and espionage. The malicious acts that the crackers perform have many technical aspects, but it does not require experience in the field of programming. All the cracker needs is some tools to do the job and a random or a predetermined target. There are three main malicious acts that the crackers or script kiddies get involved in. The first one is vandalism and crashing computer systems. Vandalism the cyber space could be divided into three main activities.

The first activity is intruding to systems and destroying these systems. Crashing computer systems is not very hard an intruder will have to observe the system using and advanced tool looking for an exploit which is, as defined in (www.whatis.com), a method that take advantage of a vulnerability in the system to attack it. When he finds an exploit the cracker attempts to use it to access the computer. The game is so simple, the cracker or script kiddie will delete some files that he or she thinks they are important. If these files are really important the users of the computer will lose many hours of hard work at the minimum. Sometimes unrecoverable data could be lost which will negatively affect the owners of the computer. The worst thing that could happen when files are erased is when those files are critical in the sense of time. Even though some data is recoverable the process of recovering could take enough time to put a company out of business. Crackers who are less knowledgeable could very easily erase the whole system. This does not require any intelligence or analytical skills, on the contrary it requires the cracker to type one command once he or she gains a privileged access “rm –r *“. This example works on Unix based operating systems. In this case, the system will totally collapse and all the work on this system is unrecoverable unless a good procedure for backup was running, and even then the process of recovery will take a lot of time. Another act of vandalism is the denial of service attack (DOS).

In this attack, the attacker uses a certain property of a program to make it hang or stop. For example, there is a technique called Syn-flooding that uses a property in the TCP/IP, which is the protocol used in the Internet, to stop a certain server from responding to any requests. Sending the programs responsible for implementing the TCP/IP protocol too many requests so that these programs will not have time to do anything except processing fake requests does this. There are many denial of service attacks techniques and the common thing between them is that they stop the targeted system from providing its services to other systems. Another technique is distributed denial of service attack (DDOS).

This technique requires the cracker or the script kiddie to take control of many machines- maybe hundreds or thousands- and set them to launch a unified attack on a certain target machine, eventually to stop this machine from responding and crashing its system (Stephen, 2001). A good example of DDOS is the code red worm. This worm is a program that automatically does what the cracker does by infecting thousands of machines on the Internet and setting them to attack the White House website on the 20th of every month. The responsible authorities had to change the Internet address of the website (Dolak, 2001). In addition to the previous two acts of vandalism, a famous trick that crackers enjoy is the defacement of websites. A typical cracker would randomly look for any website that has a certain exploit and compromise the system in order to replace the main page on the website with another page that could contain anything. Most crackers prefer to upload a page that has pornography in it or at least offensive words or pictures. Defacing websites can also take political or ethnical aspects, which is another malicious act that the crackers do and goes under the term hacktivism. Benton (2000) says that a cracker could deface a certain website that belongs to a certain party or organization. If a cracker’s action is directed to crash a specific system for political reason then it is called “hacktivism”. Hacktivism is carrying out actions against specific countries or organizations or religions through the Internet web sites. For example, there is a cyber war going on between Arab and Israeli crackers to deface and crash websites that belong to both parties. Another example is that the Serbian crackers who defaced the website of the US ministry of defense at the time when the NATO was bombing Belgrade (“School for Hackers”, 2000). It is important to know that regular defacement is not considered an act of hacktivism because hacktivism must be linked with a specific cause or targeted enemy. Hacktivism could also include crashing websites that deliver some religious ideas or that publish material that is considered offensive to the cracker.

Some crackers also spread rumors about certain organizations or parties that discourage people to cooperate with the attacked organizations. An example of these kinds of roamers is a typical e-mail that any user could receive and read to find that a certain restaurant is using a genetically engineered food in its dishes. At the end of the e-mail there is a note requesting the e-mail reader to forward this message to everyone he or she knows. Internet users usually believe what is in these messages and also forward it.

This leads to economic damage to the mentioned organization and to the increase of the traffic on the Internet and using up its resources. Williams (2000) says that The Evansville (Ind.) Courier & Press’ paper’s online automotive section was defaced with disparaging comments about a specific car. The site administrators were forced to shutdown the website for a whole hour. Williams adds that the Marquette University website was defaced also, the crackers tried to make it seem like Vice President Al Gore have said offensive words at a previous speech in the same university. This attack took place on March 28th and it was discovered quickly but it could have caused much trouble because the defaced web page was similar to the university’s real web page so there was a chance that many people believe that Al Gore actually said these offensive comments. Benton (2000) says that the Internet will be battlefield of the future. Different people with different opinions will unleash Cyber wars. Hacktivism is known as electronic civil disobedience. This was clear in the when a group called “hacking for girliez” defaced the NY Times web site on September the 11th. The act targeted a reporter who worked for the NY Times named John Markoff. This reporter was one of the authors of the book “Take Down” which led to the arrest of Kevin Mitnick.Williams (2000) adds that many other websites were also defaced to support the case of Mitnick. This case attracted a lot of attention because it was the first massive attack on mainstream media websites. In addition to acts of vandalism and hacktivism, crackers get involved in espionage attempts. When a cracker obtains a privileged access to a machine, he or she is able to read any files on the machine. The cracker could use the information in these files simply to blackmail the owner of the file. Harrison (2000) wrote that a group of organized crackers cracked the Visa International Inc. computers. Those crackers copied important information and used it to black mail the company. The company received a phone call and e-mail demanding money in exchange for the data. Other crackers have the ability to interrupt network sessions between two computers or users and copy the contents of the conversation. Freedman and Mann (1997) say that Phantomd, who is a very famous cracker, was able to compromise many systems, maybe thousands, before he got arrested. Some of these websites were for critical military sites, nuclear-weapons labs, banking systems and dam control systems. Freedman and Mann add that two other crackers named Singer and Jsz tapped the backbone of the Internet looking for passwords to open new doors while they could have gained access to very classified marketing and scientific data. Crackers or script kiddies penetrate the privacy of the Internet’s users by spying on them. Crackers also do more than spying on individuals, they spy on organizations. Industrial espionage is a very dangerous yet profitable game. When a cracker gains access to the machine he could copy all the information he thinks critical. New designs, classified research and marketing information like customers’ list or price lists are very valuable to opponent organizations (Kipp, 2001). Kipp adds that companies are reluctant to take security measures because they think that no one will want to spy on them. Crackers make money by spying on organizations and selling the important information to others. This is one of the main differences between crackers and hackers. Industrial espionage is unethical in both the real and the cyber world. Espionage requires more knowledge and analytical skills than the average cracker would have so some writers call those advanced crackers dark-side or malicious hackers (Capello, 2000b). To sum up there are three main methods by which a cracker or a script kiddie becomes a real threat to the cyber community. The first is performing acts of vandalism and crashing computer systems Secondly, they attack other websites of certain organizations to show their opposition to those organizations in what is called hacktivism. Lastly, crackers or script kiddies perform spying operations on the Internet’s users and penetrate their privacy. The crackers or script kiddies are considered the real threat to the Internet because of their malicious attitude and sheer numbers. Crackers and script kiddies crash computer systems and carry on acts of espionage that compromise the privacy of many Internet users. This is why they are placed in the lowest levels of the cyber community cultural pyramid. There are many technical solutions for the problem of securing the Internet like firewalls, network-based and host-based intrusion detection systems, vulnerability scanners, fall recovery procedures and many other techniques, but non-of them is sufficient. A security solution should integrate all of these techniques within a security policy.

Tanaka (2001) wrote that firewalls let people think they are secure and so they stop worrying about security issues and their systems become more vulnerable. Moreover, these techniques lack intelligence and could turn their alarms on when a very legal request is in processing. Experts call these false positive alarms. These alarms drive the security administrators to stop believing it. Security techniques also do not analyze the real motives or psychology of the attacks. There are things that make a cracker do what he or she does. Roger’s research (as cited in Benton, 2000) shows a profile of a typical cracker or script kiddie in-which he claims that the cracker is a lonely person who has minimum social skills and who has trouble in school. The cracker’s parents could also have abused him. This abuse could take the form of sexual abuse.

Williams (2000) says that system managers or administrators and IT professionals should know their enemy before they can secure their networks. The cracker could be just a smart boy with nothing to do but surf the Internet looking for something exiting to do. Or he could be a malicious cracker who targets a certain company or person for a certain reason. The electronic society has its good and bad like any other structure that is strongly connected to mankind. This is why motives and psychology of this community must be studied. The cyber security issue is becoming more critical everyday, especially with the great investments in electronic commerce and money transactions over the Internet. The need for deeper research is becoming clearer in order to understand how the community of the Internet affects any investment or construction that takes the net as a backbone. So, in order to make real progress in the field of cyber security and other Cyber fields as well, there is a great need to add intelligence to the security techniques and knowledge to the security experts.

Only researching the cyber space looking for answers and implementing the results of the research efforts into software and policies can only do this.

List of the references:

Benton, D. (2000, November 28). What’s inside a cracker?. SANS Institute: Information Security Reading Room, pp 1-3. http://www.sans.org/infosecFAQ/hackers/cracker.htm (16 Nov. 2001). Capello, V. (2000a, January 23). Being a hacker. Security Writers, pp 2,6,8. http://www.securitywriters.org/texts/internet%20security/beinghacker.html (20 Oct. 2001). Capello, V. (2000b, March 26). Hacker stages. Security Writers, p1. www.elfqrin.com/docs/HackerStages.html (18 Nov. 2001). Dolak, J. (2001, August 28). The code red worm. SANS Institute: Information Security Reading Room, p 3. http://www.sans.org/infosecFAQ/malicious/code_red8.htm (24 Nov. 2001). Freedman, D., Mann, C. (1997, June 2). Cracker. U.S. News & World Report, 122, (21), 56-65. Academic Search Elite. Grondahl, B. (2001, August 13). The script kiddies are not alright. Telepolis, pp 1-2. http://???? (22 Nov. 2001). Harrison, A. (1999, August 16). Mitnik gets 46-month term. Computerworld, 33, (33), ?????. Academic Search Elite. Harrison, A. (2000, January 31). Visa reveals July break-ins. Computerworld, 34, (5), 6. Academic Search Elite. Kipp, S. (2001, July 16). Espionage and the insider. . SANS Institute: Information Security Reading Room, p 1. http://www.sans.org/infosecFAQ/securitybasics/espionage.htm (28 Nov. 2001). Nexsys, DrHamstuh (n.d.). False perspective. Security Writers, p 3. http://www.securitywriters.org/texts/internet%20security/falseperspectives.html (20 Oct. 2001). Raven. (2000, December 21). Hacking for beginners !. Security Writers, p 2. http://www.securitywriters.org/texts/internet%20security/hackingforbeginners.html (20 Oct. 2001). Raymond, E. (2000, August 11). How to become a hacker. Security Writers, pp 2, 7-8. http://www.securitywriters.org/texts/internet%20security/become_hacker.html (20 Oct. 2001). School for hackers. (2000, May 22). Time, pp 1-2. Scientific American: Letters To the Editors. (1999, February). A Closer Look: Are You A Hacker Or A Cracker? Hackers Versus Crackers. Auther, p 1. http://www.sciam.com/1999/0299issue/0299letters.html (20 Oct. 2001). Spitzner, L. (2000, June 21). Know your enemy. Security Writers, P 1. http://www.securitywriters.org/texts/internet%20security/enemy.html (20 Oct. 2001). Stephen, J. (2001, August 16). The changing face of distributed denial of service mitigation. SANS Institute: Information Security Reading Room, p 1. http://www.sans.org/infosecFAQ/threats/face.htm (28 Nov. 2001). Tanaka, J. (2001, August 20). Don’t get burned. Newsweek, 138, (8), 52-53. Academic Search Elite Taschek, J. (2000, October 9). Script kiddies must stop or be grounded. EWeek, 17, (41), 104. Academic Search Elite. Verton, D. (2001, July 23). Black hat highlights real danger of script kiddies. Computerworld, 35, (30), 17. Academic Search Elite. Williams, J. (2000, April 17). Hack work. Editor & Publisher, 133, (16), 116-120. Academic Search Elite. Wilson, Z. (2001, April 4). Hacking: the basics . SANS Institute: Information Security Reading Room, pp 1,3. www. sans. org (20 Nov. 2001). http://www.sans.org/infosecFAQ/securitybasics/deface.htm