Lesson 3: Script

kiddies
Year 9 – Cybersecurity
 Objectives

Lesson 3: Script kiddies

In this lesson, you will
● Define hacking in the context of cybersecurity
● Explain how a DDoS attack can impact users of online services
● Identify strategies to reduce the chance of a brute force attack
being successful
● Explain the need for the Computer Misuse Act

2
 Starter activity

Hack George’s account

George’s phone has run out of

battery and his family are worried
about where he is.

They’ve asked you to hack his

FakeBook account to see if you ncce.io/fakebook
can find out where he is tonight.

Use the login page link on the

right-hand side.

3
Starter activity

4
 Starter activity

Clues

Hint: ‘Colour TV’

5
 Starter activity

George was at the cinema

6
 Starter activity

Are you a hacker?

If you hacked into a friend’s

account, does that make you a
hacker?

Was hacking into George’s

account ethical?

Think/pair/share.

7
 Activity 1

Hacking

Hacking in the context of cyber ● To steal data

security is: ● To disrupt services
● For financial gain
Gaining unauthorised access ● For political reasons
to or control of a computer (espionage and
system activism)
Why might people want to hack? ● For fun (planting the
flag)
● For ethical reasons

8
 Activity 1

Unethical versus ethical hacking

A company is harming animals by

testing their cosmetic products
on them.

Is it ethical to hack into their

systems to find the data that will
expose their practice to the
whole world?

9
 Activity 1

Unethical versus ethical hacking

A company wants to employ Penetration testers (pen testers)

hackers to see if they can find are people who are paid to legally
any weaknesses in their system. hack into computer systems with
the sole purpose of helping a
Is it ethical for a hacker to do company identify weaknesses in
this, to help the company so that their system.
they can improve their security?

1
0
 Activity 2

Case study: Hacktivism

Hacktivists are rarely motivated “It was initially thought that the
by theft, but are more interested 2016 Dyn cyberattack was the
in creating disruption to cause work of New World Hackers, but it
public embarrassment or to later emerged that it was
promote a cause. Motives might probably done by script
be: kiddies.”
● Political https://en.wikipedia.org/wiki/hacktivism
● Protesting, for example for civil
liberties or against climate change
● Targeting major corporations that they
feel are doing something wrong

1
1
 Activity 2

Script kiddies

Script kiddies are hackers (not

necessarily kids) who use tools
downloaded from the internet
that allow them to hack with little
technical knowledge.

Is it thought that the 2016 Dyn

cyberattack was done by script
kiddies using a DDoS attack. Image showing areas affected by the Dyn cyberattack

1
2
 Activity 2

Denial of service attack (DoS)

This is a cyberattack in which the

criminal makes a network
resource unavailable to its
intended users.

This is done by flooding the

targeted machine or website with
lots of requests in an attempt to
overload the system.

1
3
 Activity 2

Distributed denial of service attack (DDoS)

This uses the same concept as a

DoS attack, but this time it is
multiple computers making the
attacks at the same time.

It is a lot harder to:

● Stop the attack by simply

blocking a single source
● Identify who is responsible, as
lots of machines are making
requests, many of them
because they are infected by 1
4
 Activity 2

DoS and DDoS

activity

1
5
 Activity 3

Brute force attack

This is a form of attack that

makes multiple attempts to
discover something (such as a
password).

Open the Activity 3 worksheet.

1
6
 Activity 3

Brute force attack

What rules do you think a

company might place on their
login system to reduce the
chance of a brute force attack
being successful?

Thinking about the exercise that

you have completed. What
simple password rules would you
set yourself to reduce the chance
of a brute force attack being
successful?
1
7
 Activity 4

Script kiddies

Watch
this video

1
8
 Activity 4

The Computer Misuse Act (1990)

This was passed by Parliament

and established three new
offences: ​

● Section 1: Unauthorised
access to computer material

1
9
 Activity 4

The Computer Misuse Act (1990)

This was passed by Parliament

and made three new offences: ​

● Section 2: Unauthorised
access with intent to commit
or facilitate the commission
of further offences

2
0
 Activity 4

The Computer Misuse Act (1990)

This was passed by Parliament

and made three new offences: ​

● Section 3: Unauthorised acts

with intent to impair, or with
recklessness as to impairing,
the operation of a computer

2
1
 Plenary

2016 Dyn cyberattack

The Dyn cyberattack was a DDoS

attack.

Answer the following three

questions:

1. Which of the three sections of

the Computer Misuse Act
(1990) does a DDoS attack
violate?
2. Why do you think this?
3. What is the maximum
punishment for this crime 2
2
 Homework

Homework: Online tips leaflet

Use the Computer Misuse Act fact

sheet to help you determine
whether or not each of the
scenarios breaks the law.

Justify each answer.

Due: Next lesson

2
3
 Summary

Next lesson

In this lesson, you… Next lesson, you will…

Investigated common strategies List the common malware

used by hackers security threats for devices

Identified strategies to reduce the Explain how devices can be

chance of a brute force attack protected from common security
being successful threats

Explained the need for the

Computer Misuse Act

2
4