Forget viruses, 419 email fraudsters and server meltdowns. The biggest potential threat to your online security could come from the growing menace of ‘click’ kiddies, a leading security firm warns…
A growing legion of semi-computer-literate teens short of something to do could be the biggest danger to security on the web.
Where traditional hackers go after specific targets, be it a bank’s database or a telecom company’s corporate infrastructure, gangs of youths who barely know what they’re doing are running programs causing inestimable damage to businesses and individuals alike.
These ‘ankle-biters’ or ‘script kiddies’ as they were previously known in online security parlance now have a new name: ‘click kiddies’.
Their evolution is thanks to the introduction of web-enabled applications, meaning canned exploits written by elite hacker groups are now more easily accessible to curious young surfers than ever before.
Previously, the would-be hackers had to download automated tools to attack vulnerable systems, but many hit a rock when they discovered at least a minimal knowledge of programming was needed to operate them.
This is because security researchers and elite hackers who write such tools – often introduce faults in their exploits which must be corrected before they are usable. The majority of errant adolescents who don’t possess basic scripting or coding skills are therefore stumped when these tools fail to work first time, and simply give up.
But new ‘webified’ versions of the hacking tools require only a browser, like Internet Explorer or Mozilla, and are therefore easy for people to use who don’t know how to solve the programming errors that are present in normal exploits.
Be they click or script kiddies, their tools and tactics remain the same. Their modus operandi is to not to target any specific company or seek any specific information but to gain root or administrative privileges of any system they can.
They obtain administrator privileges of systems using exploits: programs or methods that use the holes in vulnerable software programs of a system in order to gain access to it.
Regardless of their skill level, all script kiddies share a common strategy – they randomly scan the internet and if they find a vulnerable system, they start attacking it.
Hidayath Khan, security officer for the Dubai-based security consultancy Scanit Middle East
, says it’s this random selection of targets that makes the young hackers such a threat.
The threat is further compounded because the number of kids using these tools is growing at “an alarming rate,” he adds.
“Since the internet knows no geographical boundaries, this threat is quickly spreading globally. Suddenly, it is no longer a question of if but when will we be attacked”, Khan explains.
"Some companies believe they are safe from attack because their systems are hidden from public view, or because they do not contain any valuable information. In fact, it is these very systems that click kiddies are after… the easily exploited…" he says.
The Basic Attack Plan
Andreas van Leeuwen Flamino, another Security Engineer at ScanIT, says hacking is now being done using fully automated tools with minimal effort on the attackers’ side.
“After scanning IP ranges to compile a database of IP addresses and the services offered on those systems, it is a piece of cake to attack vulnerable systems with a new exploit has that has just come out,” he explains.
“When the database is up to date, and the exploit is just out, it may lead to huge numbers of automatically compromised systems in one run.”
Often such automated attacks install ‘bots’ on these vulnerable systems. A bot is basically a script that logs onto a specific IRC channel, and waits for commands issued by the ‘botmaster’ of those bots.
A ‘botmaster’ is another program that is controlled by someone that issues commands on those IRC cannels which the bots residing on the systems execute. A trend of the last few years is that huge ‘botnets’ are being built, and even being hired, in website affiliate programs that pay out money for each visitor or even in distortion schemes aimed at commercial companies.
If the websites are not paying money to stop the attacks, they get flooded with internet traffic, causing them to become unreachable for legitimate visitors. As websites pay for the bandwidth they use, this can lead to these sites being taken offline by their hosting companies, who need to ensure the rest of their paying customers’ sites remain reachable.
Not all abuses are on such a grand scale, however. In singular cases, after gaining access, attackers have two options: to lie low and monitor the traffic on the system and capture anything that might look interesting like passwords or credit card numbers; or use the breached system as a launching pad to attack other computers on the internet.
Either way, once the click kiddie has gained access, he installs backdoors and Trojans, allowing for easy and undetected access to the system whenever the attacker feels like returning. Kids or groups who have successfully compromised a system’s security can be seen on IRC chat services bragging about what they’ve done and how much power they’ve harnessed by building bot nets.
These are now extremely simple to use, fully-automated and require very little manual interaction. The basic goal is to gain the user root or admin privileges. They operate on the principle that sooner or later they will find a vulnerable system.
Examples of tools that can be used to develop a database of reachable systems are ‘fping’, ‘hping’ and ‘nmap’.
Tools used to determine OS or specific services are ‘queso’, ‘nmap’, ‘amap’.
Automated tools for cloaking the user after they are in are called ‘rootkits’.
A Click Kiddie’s step-by-step hack
• Next, the click kiddie surfs to an online information-gathering website like www.samspade.org
to find the IP-addresses and DNS names of the target machine.
• Armed with the IP-address and DNS names, the click kiddie will want to find out more pertinent information about the target itself, like the type of platform and operating system the target machine is running on. To get this, he uses websites such as news.netcraft.com or www.cotse.com/onlinetests.htm
• After he has identified all the open ports, the click kiddie then surfs to some online vulnerability scanner website such as www.adslscan.com
to find out the vulnerabilities of the target system.
• After identifying the vulnerabilities, the next step is to launch the attack. The click kiddie surfs to a trusted attack-portal website such as www.attackportal.net
or portal.cyberarmy.com, types in the target IP-address and clicks on the ‘Scan’ button to start the attack.