How can we distinguish between script kiddies vs elite hackers?
When I think of a script kiddie I think of someone who might barely research a tool then point it at a website - things like the recent question about LOIC come to mind when I think of that. A hacker (either black/white/grey), I imagine, is much more methodic and plans his route - they're running this system, with that IDS, and these security measures - so their attack is hopefully more pinpointed, less noisy, and more effective.
What I'm having trouble with is distinguishing between the two - a script kiddie might use metasploit, Cain & Abel, or Nessus, but a hacker or pentester would probably use them as well. What distinguishes these two? I know the script kiddie most likely won't know what's going on, but to what extent does the hacker need to know what's going on to not be considered a 'script kiddie'?
For example I like security and I am really interested in learning about it. I know about various tools such as metasploit, nessus, cain, hamster/ferret, wireshark, nmap, LOIC, etc. but I don't use them because I don't know how, or quite understand how exactly they work. I've been setting up a network of VMs to play with and do it responsibly. If that's considered being a script kiddie, what would be the defining line between a script kiddie and a hacker?
Script Kiddie vs Elite Hackers
Wikipedia on Script kiddies (emphasis mine): In hacker culture a script kiddie or skiddie, (also known as skid, script bunny, script kitty,) are unskilled individuals who use scripts or programs developed by others to attack computer systems and networks and deface websites. It is generally assumed that script kiddies are juveniles who lack the ability to write sophisticated hacking programs or exploits on their own, and that their objective is to try to impress their friends or gain credit in computer-enthusiast communities. The term is typically pejorative. So in short, they're a clueless nuisance which may still cause harm, be that on purpose or by accident.
Concerning the term "Hacker", there is a lot of ambiguity. My personal preference is the programmer subculture (again emphasis mine): A hacker is someone who loves to program or who enjoys playful cleverness, or a combination of the two. The act of engaging in activities (such as programming or other media) in a spirit of playfulness and exploration is termed hacking. However the defining characteristic of a hacker is not the activities performed themselves (e.g. programming), but the manner in which it is done: Hacking entails some form of excellence, for example exploring the limits of what is possible, thereby doing something exciting and meaningful. Activities of playful cleverness can be said to have "hack value" and are termed hacks (examples include pranks at MIT intended to demonstrate technical aptitude and cleverness).
So that may also include someone who e.g. modded their smartphone into a garage door opener (at least for them it'd be exciting, I guess). What you are probably referring to, however, is more precisely called a Black hat hacker (and again, emphasis mine): A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain" (Moore, 2005). Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal". Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network. So that's someone who actively seeks to harm others for selfish purposes, and they are clever enough to actually understand what they are doing. In summary: Script kiddies are like school bullies: Annoying but clueless Black hat hackers are the mobsters: Bullies gone professional Hackers in general: They just like wearing a pinstripe suit - that doesn't make them evil, but the public always thinks of their black sheep cousins