Script Kiddies and Skiddies: Identifying Unskilled Hackers

Learn how Adaptive Multi-Factor Authentication combats data breaches, weak passwords, and phishing attacks.

Script kiddies, also known as skiddies, are novice hackers. Rather than building sophisticated tools from scratch, they use premade scripts to launch attacks.

Calling someone a “script kiddie” is an insult. But make no mistake. A skiddie can do a great deal of damage in a short amount of time. 

Script kiddie definition and history

Every hacker must start somewhere. Think of script kiddies as immature hackers who want to cause problems, but they don't have the skills to write and launch one from scratch.

A script kiddie attack is characterized by:

  • Repeatability. A script kiddie uses a pre-made attack that’s probably been used on other companies at different times. 
  • Openness. Script kiddies don’t know how to mask attacks, so you probably notice the problem right away. 
  • Unsophisticated. Script kiddies often can’t cover their tracks, so you may be able to identify who they are and where they come from very quickly. 
  • Impulsivity. These novice hackers rarely understand what their scripts will do and how they work. They’re willing to try the code anyway. 

The term “script kiddie” has been around since at least the mid-1990s. But it could be much older.

How script kiddies work

An experienced hacker will write a script from scratch. That code is tailor-made for the target, and it will allow the hacker to get inside and do one specific thing. A script kiddie doesn't operate this way.

A script kiddie either buys or finds scripts online. There are thousands of exploits available for this purpose (which we won't link to here for ethical reasons). The novice hacker deploys code that seems workable, and then walks away from it. In most cases, kiddies are simply trying to cause mayhem rather than attempting a specific objective. 

Script kiddie attacks don't always work. A researcher tested more than 1,200 exploits like this, and only eight of them worked. Even so, if you were a victim of one of those eight workable solutions, you'd be very upset.

Every code is different, but stopping many of them could mean making one key change. Find out how multi-factor authentication could help stop identity hacks.  


The Origin of 'Script Kiddie.' (May 2019). Ycombinator. 

So Long and Thanks for Only Using Readily Available Scripts. (March 2017). Emerald.