top of page

“Script Kiddies” as young as nine conduct DDoS attacks

Young children dubbed ‘Script Kiddies’ have the potential to develop into skilled threat actors, a recent report uncovered.

The cyber prevent initiative launched by UK Policing aims to divert young people away from cybercrime, with research showing that children as young as nine actively launch Distributed Denial of Service (DDoS) attacks.

The National Cyber Crime Unit (NCCU) have reported a 107% increase in reports of young people becoming involved in DDoS attacks, with kids starting out as low skilled ‘Script Kiddies’ able to become skilled threat actors relatively easily.

The prevent initiative aims to redirect young people away from committing such attacks and put their burgeoning cyberskills to better use.

The threat of DDoS attacks continues to grow and research by CrowdStrike illustrates how malware leveraging Internet of Things (IoT) devices to form botnets and target Linux-based operating systems has significantly increased by 35% in 2021.

The main purpose of these malware families is to compromise vulnerable IoT devices, amassing them into botnets to perform large-scale DDoS attacks.

As the threat of DDoS grows, this new initiative, launched in partnership with Schools Broadband (Talk Straight Group) aiming to divert young people away from involvement in cybercrime activity, has been launched at an ideal time.

In a trial scheme, students searching online for specific terms such as ‘stresser’ or ‘booter’ (commonly associated with DDoS attacks) were shown a warning message which redirected them to the Cyber Choices website.

Cyber Choices breaks down the laws relating to the Computer Misuse Act 1990 and the associated consequences and penalties of committing cybercrime offences.

The average age of referrals to the NCCU is 15 years old, with some offenders being as young as 9 years of age.

Early intervention is essential to help deter participation in criminal activities and the development of skills for the wrong intentions. Highlighting the negative consequences of such activity; including direct contact by law enforcement and potentially gaining a criminal record are important preventative measures to help deter ‘Script Kiddies’ from engaging with the threat actor community.

Without intervention, today’s low-skilled ‘Script Kiddie” could become tomorrow's sophisticated threat actor. Have you checked what your kids are doing online?!



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page