Alarm Raised On Teenage Hackers

Arno Igne writes to tell us that the number of underage participants in "high-tech" crimes has risen steeply in recent history. Reporting children as young as 11 swapping credit card details and asking for hacks, many are largely unskilled and thus more likely to get caught and arrested. "Communities and forums spring up where people start to swap malicious programs, knowledge and sometimes stolen data. Some also look for exploits and virus code that can be run against the social networking sites popular with many young people. Some then try to peddle or use the details or accounts they net in this way. Mr Boyd said he spent a lot of time tracking down the creators of many of the nuisance programs written to exploit users of social networking sites and the culprit was often a teenager."

Gosh, underage hackers with no skill?

[by Anonymous Coward]

I wish we had a term to describe that... something that notes the fact they are younger, and simple in their skills... Maybe "script kiddies?"

Re:Gosh, underage hackers with no skill?

[moderatorrater (1095745)]

Yeah, but in this case they're doing it for lolz. I suggest lolkiddiez.

Re:Gosh, underage hackers with no skill?

[Jabbrwokk (1015725)]

I think you'll agree that hacking and phreaking is different than some n00b using scripts to commit electronic crimes. Hacking something just for the sake of doing it, to learn how it works and to poke around in forbidden space, is different than stealing credit card numbers so you can buy the latest ecksbawks game.

Hacking is still illegal, but but it's not necessarily malicious, like stealing and using someone's credit card number.

Re:Gosh, underage hackers with no skill?

[kdemetter (965669)]

Yeah , this is really worth a 'nothing to see here , move along'.

I mean , this is nothing new . It's been that way for over a century.

I don't like that they track down the 'creator's of those nuisance programs ' , though . Programming these things is a fun way of learning how it works.

They should be going after the people who USE it for malicious purpose instead.

I mean , maybe we should just lock up the creators of the Windows API , because you can really do some damage with that.

Re:Gosh, underage hackers with no skill?

[Rasperin (1034758)]

No reason to go after the guy who makes rifles, hand guns, etc. Go after the guy who used it to murder people.
No reason to go after the guy who makes vehicles. Go after the guy who used it to run someone off the road.
No reason to go after the guy who makes whiskey. Go after the guy who used it to beat someone with.
Your argument goes both ways sir.

Re:

[The Gaytriot (1254048)]

No reason to go after the guy who makes whiskey. Go after the guy who used it to beat someone with.

What? Beat him with the whiskey?

I just accidentally my friend with the whiskey.

Re:Gosh, underage hackers with no skill?

[jlarocco (851450)]

Oh... and no reason to go after the person who creates the virus. Only the person who uses it against others.
No reason to go after the guy who makes pipe bombs either. Just the guy who uses them.
No reason to go after the guy who makes the full-auto conversion kits. Just the guy who applies them to the off-the-shelf weapon.
No reason to go after the guy who makes the fake passports. Just the guy who uses one.

Makes sense to me. Most things are legal until you use them to do something stupid.

Re:

[Ortega-Starfire (930563)]

Move to one of the states in the link I provided and you can.

Step 1. Fill out ATF form 4 (which includes fingerprint card and $200 tax.)
Step 2. Wait 1 week to 6 months for approval and buy NFA item when the ATF grudgingly accepts that you aren't a felon, insane, or for some other reason not allowed to own Title 2 hardware.
Step 3. Don't profit (Full auto: nothing makes a paycheck disappear faster.)

Re:

[Mister Whirly (964219)]

There was a term for them long before "the internets" were flooded with them.

In the olden days of BBSs, we used to call them "ruggies" which was short for "rug rats". But "script kiddies" is even more accurate of a description, seeing they are basically just following along a "recipe" for cracking something.

Re:

[roguetrick (1147853)]

Yeah, I had a friend get caught for credit card fraud in middle school. The days of AOL were full of script kiddies. This stuff is old news.

"Underage"?

[Sockatume (732728)]

At what age does high-tech crime become legal then?

Re:"Underage"?

[OrangeTide (124937)]

Ha! good point.

I guess once you are 18 you are no longer too young to go to a federal prison.

This is new?

[MindlessAutomata (1282944)]

Script kiddies have been around since the AOL days. Hell, I myself got a juvenile laugh out of punters (remember those? God, the AIM clients were so terrible back then) and other "progs".

Mostly I imagine the vast majority of this stuff nowadays is myspace-related. Probably kids trying to break into someone else's myspace page because they're little drama whores like that.

Re:

[BigJClark (1226554)]

Script kiddies have been around since DOS days ;)

Re:

[by Anonymous Coward]

I survived the eighties one time already. The early days of the Ma Bell breakup coincided with dialup BBSs. Now, there were any number of long-distance companies (MCI, Sprint, whatever) that had dialup portals (since they could be hard-switched for some reason), and they gave their clients six-digit identifier pins. So basically any kid with a modem and half a brain (yes, half a brain, since a full one would realize the trouble) could commit wire fraud, and some of us did. Once you got on those BBSs, what w

Was AOL invented in the 1960s?

[davidwr (791652)]

Script kiddies have been around since the AOL days.

I didn't know AOL predated the moon landing.

Re:This is new?

[oatesy (1394967)]

I agree...in fact I'm almost ashamed (no I am) to say that my first major experience with "hacking" was on my friends myspace pages. But it doesn't help that great movies like Hackers make young kids think that they can get with Angelina Jolie if they are just good at hacking. I blame society and the movie industry.

Script Kiddies have been around longer than that

[yttrstein (891553)]

I used to be one, way back in about 1986 or so on my trusty little Commodore 128. Back in those days there were a few pretty incredible bulletin boards that had vast (dozens!) libraries of little tools and wrappers mostly written in bourne...(I think, this was 22 years and 7,000 joints ago, so pardon the fuzziness with some details)

I didn't really know a damn thing about shell scripts or programming (remember when they were different things?) in those days, but I knew how to change permissions on a file an

Re:

[lysergic.acid (845423)]

yea, what bunch of sensationalized garbage. i'd expect this from FOX news, but not from the BBC.

teenagers have always been mischievous, and all hackers start as teenagers. most hackers grow out of malicious/immature behavior by adulthood, so naturally most phishers/crackers/virus writers/script kiddies/etc. are going to be teenagers.

heck, it's our teenage rebelliousness that motivates us to try new things. even though teenagers can be mischievous, it's usually pretty harmless stuff. when i was a in elementa

Re:

[skeeto (1138903)]

Oh, man. Mentioning AIM punters brings back the old memories of being a script kiddie myself. I had a nice collection of those things as a kid.

I remember finding out about an exploit where IMing someone a certain 5 digits followed by a semicolon instantly crashed their client. I would go into one of the chat rooms, make grandiose false claims (such claiming to be a "super genius"), and then use it on anyone who disagreed with me. A moment or so after I would do it, everyone would see my target silently wink

Using kids

[Ethanol-fueled (1125189)]

There are cases of Immigrant smuggling where the drivers were juveniles because juveniles are much more difficult to prosecute.

That's how I'd operate if I were a fraudster - have the kids to the dirty work and give them a cut. There are hordes of bored shithead suburban kids who would love to be "elite haxxors" and they would most likely avoid prosecution the first time.

I forget the term...

[MyLongNickName (822545)]

I forget the term, but there are laws on the books that state that if you are a landlord, and you continually have tenants who engage in criminal activity that the authorities can confiscate the house. It is a slow process, but the point is that if you own the property that you have some responsibility in insuring that it isn't being used for purposes that are harmful to society.

Apply that to social networking sites and...

Re:

[cdrguru (88047)]

Apply to ISPs also. Problem is today that most ISPs actively shield users on their system which engage in malicious activity.

The answer is always they will not cooperate without a court order. Of course, if the police ask nicely they cooperate without a court order. But after a system is broken into unless there is at least $25,000 in provable damages you aren't going to get anyone in law enforcement interested. And that is just the beginning.

So if someone is downloading child porn, the police are right

Re:

[bloodninja (1291306)]

Apply to ISPs also. Problem is today that most ISPs actively shield users on their system which engage in malicious activity.

This is the real answer. Nobody is going to go for MS Windows being too easy to compromise, and nobody is going to go for Myspace (websites generally are not held to real-company laws). However, ISPs that host computers doing phishing, spaming, DDoSing, botnet herding, or other malicious activity should be shut down. I don't care if the computer doing the malicious activity is a compromised Windows machine or not, if the owner is aware or not, or if the owner approved of the ativity or not. Hit the ISPs, le

Re:

[internerdj (1319281)]

Apply that to the internet and... We get exactly what we need right? You may not enjoy social networking sites but what if someone used slashdot in a crime? Or wikileaks? Seriously is that the presendent you want set?

Re:I forget the term...

[Alarindris (1253418)]

I highly doubt that. I used to be a landlord in a rough area of town. We'd see cops there at least once a day. There's no way in hell they can expect a landlord to police. A landlord collects money (only sometimes) and maintains the ground and is in charge of repairs, not law enforcement.

Re:

[conteXXt (249905)]

Think "Grow Houses" Up here in Canada. If a landlord knowing keeps renting to a grower the house can and will be forcibly cleaned up at considerable expense to the owner and the owner may also be held criminally responsible. Different laws/country though.

Ummm...

[Corpuscavernosa (996139)]

many are largely unskilled and thus more likely to get caught and arrested.

Problem solved?

Hackles raised over teenaged alarmists

[mcgrew (92797)]

Mr Boyd said he spent a lot of time tracking down the creators of many of the nuisance programs written to exploit users of social networking sites and the culprit was often a teenager."

Get off my law... HEY GIMME MY PANTS BACK!

Re:

[dontmakemethink (1186169)]

many are largely unskilled and thus more likely to get caught and arrested.

Problem solved?

More like problem created. When 16-year-old criminals discover exactly how much less severe the punishment is for them than 18-year-olds, they all have the same thought: "Crap! I've got less than 2 years to get good at this!"

Jobs for Kids

[colganc (581174)]

I wonder if kids had some kind of job if they would be less likely to steal or break the law.

Re:Jobs for Kids

[Legion_SB (1300215)]

I wonder if kids had some kind of job if they would be less likely to steal or break the law.

I totally agree, but prostitution is illegal!

Oh no, 11 years old trying to hack social sites!

[Viol8 (599362)]

The whole of western civilisation is DOOMED!!

Or at least until the kid stumbles across some p0rn links or pictures of drunk 18 year old girls and quickly forgets all about his l337 hacking attempts.

Re:Oh no, 11 years old trying to hack social sites

[Rorschach1 (174480)]

Back when I was a kid, it was those skills that we had to develop to GET the pr0n! When the biggest source was a local BBS with a reasonably vigilant sysop, we had to get creative. It taught me a little about social engineering... like if you registered with a totally unpronounceable foreign name, the sysop would just validate you without a phone call because he didn't want to mispronounce it.

25

[PlusFiveTroll (754249)]

Never trust anybody over 25!

The school of hard examples.

[Ostracus (1354233)]

"Arno Igne writes to tell us that the number of underage participants in "high-tech" crimes has risen steeply in recent history. Reporting children as young as 11 swapping credit card details and asking for hacks, many are largely unskilled and thus more likely to get caught and arrested."

Well gosh darn it. We need to send them to some kind of school so they will not get caught.

if you can't or won't

[circletimessquare (444983)]

find a flaw in the system, the flaw will be found by someone else

the nice thing about kids being the perps is that there is no more nefarious purpose than "i did for the lulz". do you really think if these teenagers weren't loudly and clumsily exploiting security holes that someone else with much more nefarious purposes is not expoliting the same security holes quietly and discreetly?

consider kids hacking websites to be that website's security research division. the flaws are found, the flaws are fixed, everyone makes out better. thank god for loud dumb scrit kiddies

seriously, script kiddies are a blessing. they provide incentive to harden your website, incentive that some websites don't have and apparently need

Re:

[Sockatume (732728)]

A good analogy might be immunisation. The script kiddies present the network with a weakened form of potentially dangerous attacks, so that it can learn to defend itself. I'm not sure where Jenny McCarthy comes in, but I'm sure I'll figure out a way to make that happen.

Re:if you can't or won't

[moderatorrater (1095745)]

Yes, trading stolen credit card information is "doing it for the lulz" and has no nefarious purpose.

been around for a long time

[systematical (1394991)]

I got my first computer when I was 10 around 95-96, within a year I discovered that I could pretend to be someone else by setting up a somewhat legitimate email account and sounding official. My friend and I would email tripod users, geocities users etc... posing as someone who offered free web services. Eventually we would get passwords to their accounts, change the password, and vandalize the web page (eventually we got tired of doing of this, i think we discovered girls around age 12). I didn't learn that this was called phishing until I was in high school. On the plus side it forced me to learn HTML (I wanted my vandalizing to look good), which eventually lead to a career in web development. Hopefully these delinquents can be saved too.

Re:been around for a long time

[by Anonymous Coward]

you son of a bitch! i have been looking for you for a long time!

Fraud was common when I was a kid

[TheMiddleRoad (1153113)]

I grew up in Socal. Many people I knew would beige box 900 numbers to get time on a local BBS. Several got all sorts of gear, mostly paintball crap, through credit card numbers gained through dumpster diving. These were mostly 16-17 year olds doing the deed, with some doing it younger, but it's harder when you can't drive.

The temptation was huge but I managed to not give in. Heck, the temptation still is huge. Why work hard when you can make a few thousand in a few minutes? Oh yeah, because it's wrong. Sigh.

Parents?

[rrohbeck (944847)]

This probably boils down to parents that are clueless. "But he was only playing on his computer!"
So parents need to be educated that there's more you can do with a PC and an Internet connection than browse and play WoW.

Wargames anybody?

[Todd Knarr (15451)]

Seriously, this has been how it is since the early 80s. 25 years ago it was the teenagers who were war-dialing and breaking into time-sharing systems. They're the ones who've got free time for it. As you get older you get into college or into a job and you've got a lot less free time for messing around like that. It only makes sense, then, that school kids would be one of the two major groups doing this (the other being those adults for whom this kind of crime is their job).

Kids swapping KNOWLEDGE!

[droopycom (470921)]

Wow!! This is indeed dangerous:

"people start to swap malicious programs, knowledge and sometimes stolen data."

Where did they find the KNOWLEDGE in the first place ?

We need to fight at the source, find the KNOWLEDGE dealers and arrest them!

We need to make the fight against KNOWLEDGE a national priority, nominate a KNOWLEDGE tsar or something!

Will somebody think of the children!!

Re:

[thepotoo (829391)]

The education system is waaaaay ahead of you, buddy.

Re:

[Hillgiant (916436)]

If you don't talk to your children about KNOWLEDGE, who will?

Way overdue for another Operation Sundevil?

[Phizzle (1109923)]

I remember back in late 80s, things were getting out of hand with newbie kiddies just getting into hacking and phreaking and playing with credit card numbers and phone codes. They were creating too much noise that made investigations of bigger fish more difficult. So law enforcement folks got credit companies to bankroll Operation Sundevil, put up a sting BBS (Phoenix Fortress) and captured a tonn of minors, most of who had files with phone codes and credit card numbers because they shotgun downloaded everything that seemed "cool". There are a bunch of honeypot sites and rooms popping up now getting ready to reel in the next crop.

Wonderful!

[MrNougat (927651)]

This means that law enforcement will spend all their time going after this low-hanging fruit, and the public's fear will be assuaged because of all the "hackers" that are getting put in juvie - while the real troublemakers are left completely alone.

Re:Targetting them, due to their own idiocy.

[Mesa MIke (1193721)]

That's why they're called /b/tards.