Idiots in the News: Script Kiddies

SAN FRANCISCO (04/21/2000) - Detective Michael Brausam of the LAPD described Coolio as a genius "who told authorities he'd been using computers since he was three years old and had taken to using the Internet 16 hours a day since dropping out of school last year":

"'Coolio' Arrested, Denies Bringing Down Major Sites," Bob Sullivan (MSNBC, March 8, 2000): It really bothers me when script kiddies are referred to as geniuses when they do so many stupid things. For one thing, it doesn't require great mental powers to download and modify a script. I do it all the time and believe me, I'm no genius. Even if one were to consider them smart, why do they do dumb things, like draw attention to crimes and leave a trail of evidence that even relatively clueless law enforcement folks can follow?

The recent distributed denial of service (DDoS) attacks, which garnered so much media attention, were rumored to have been conducted by an in-duh-vidual with the handle of Coolio. It turns out that lots of people use that handle, but Denis Moran enjoyed the attention he was getting so much that he gave the impression to his friends that he was the same guy. Well, he wasn't, and the attention he got from the Feds was a lot more than he bargained for. "I was only kidding" doesn't help if you are actually guilty of other crimes -- like defacing government Websites.

Nevertheless, it is important to give the devil his or her due -- no one's caught the perpetrators even though a lot of law enforcement and non-law enforcement types have been trying. One thing is clear, however -- the perpetrators are no mere script kiddies; they planned this attack, and well.

Curador, another not very bright cracker, thought it was cute to post credit card numbers on his nomadic Website. Convinced of his invincibility, he taunted law enforcement, basically challenging the cops to catch him.

"Curador Worked as E-Commerce Consultant," Brian McWilliams (, March 2000):,2171,4_328071,00.html They accepted the challenge and arrested 18-year-old Raphael Gray for the crime. Curador has been curiously silent since then. No one is too surprised, given that his initial challenges were so childish.

"Curador Busted in Wales," (Hacker News Network, March 2000): Patrick Gregory, evidently not much of a brain trust hacker himself, missed his court appearance for defacing such high-profile sites as the White House, Army, and Senate computers. It seems that he was in jail at the time, having been picked up for burglary and car theft.

"Computer Hacker, 19, Held on Charges of Burglary and Car Theft," (Houston Chronicle, March 2000): Pig Farmer, sporting one of the more tacky handles, wasted law enforcement time when he thought it would be fun to contact the press and take credit for the DDoS attacks. Much to his surprise, he discovered that there are journalists who actually check out their stories and don't just take the word of some kid on IRC. While idiocy is no crime, not too many companies will want to hire someone who has demonstrated his stupidity so blatantly.

Every year, I look forward to reading the Darwin Awards. These are a tongue-in-cheek tribute to those people who have proven Darwin's theory of evolution by weeding themselves out the gene pool in a creative manner (anyone who wants an example, send me e-mail). I think we need to have the computer industry version of the Darwin awards for the people who have strengthened the computer industry by removing themselves from it.

Carole Fennelly is a partner in Wizard's Keys Corporation, a company specializing in computer security consulting. She has been a Unix system administrator for almost 20 years on various platforms and of late has focused on sendmail configurations. Carole provides security consultation to several financial institutions in the New York City area.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Financial InstitutionsSendMailWizard's Keys

Show Comments