We are in the age of information and for the past 25 years the internet has been an awesome force for good. It has created an incredible information economy across networks and won our trust as a viable platform for the exchange of just about anything. However, underneath it all, there is a terrible tempest brewing. In a time when any motivated person can raise a few hundred thousand dollars in crowdfunding, so too can any motivated person find a way to steal it. The hacking economy is booming and the barriers to entry are low. Prerequisite knowledge of the trade is not mandatory, even discouraged, by those supplying exploit kits, malware, DDoS as a service, and botnets, to name just a few. Enter the nouveau script kiddie.
Back in the early days of the internet, the term "Script Kiddie" was an insult. Teenagers with a penchant for running scripts developed by the real hackers were put down with the term. The script kiddies of the early web got their kicks from defacing web pages and disrupting Internet Relay Chat (IRC). The internet today has higher stakes and launching high profile attacks is as simple as ever. All a motivated script kiddie needs is a few Bitcoin to achieve what once took incredible skill.
Here are some of the tools in the Nouveau Script Kiddie's arsenal:
Anonymous networking technology, such as that provided by the TOR browser bundle, gives script kiddies a powerful foundation. TOR, and similar P2P networks, tout the fact that their free services help users defend against traffic analysis, typically used as a form of network surveillance by your internet service provider or government. Not only do these services completely anonymize your web surfing, but they also offer a portal into hidden services such as darknet marketplaces. In these hidden markets, an aspiring script kiddie can simply load up a digital shopping cart with all manner of nefarious odds and ends, click the purchase button, and hack away.
The continued operation of these hidden markets hinges on another widely available technology, cryptocurrency. Digital currency such as Bitcoin is virtually untraceable and so the appeal is obvious. If you don't want anyone to know what you are buying, buy it with bitcoin. The expression, "Follow the money", has no place here. For good measure, many darknet markets require you to be invited in order to start buying your badware. Some open markets even sell these invites themselves. All it takes in the modern day internet is the intention to hack something. The basic tools are widely available and the hackers behind the sale of crimeware are always getting better. The Script Kiddies of today could steal thousands of credit cards, take down the websites of large Fortune 100 companies, and even topple infrastructure with no less than a pocket full of Bitcoin.
How to Fight Back
Realistically, the most effective way to secure a business today from crimeware is from the inside out. There is no central government agency in any country that can prevent the spread of crimeware. Organizations need to take protective steps to prevent the spread of crimeware among its users and customers. That means developing a comprehensive and layered security strategy that consists of a variety of elements, including intrusion prevention, botnet and application control, Web filtering, antispam, and antivirus. It is also incumbent upon an organization to educate its users about security best practices, while creating adequate enforceable mechanisms for security policy violations.