What is the distinguishing point between a script kiddie and a hacker?
It really depends on your point of view.
From the outside, the "script kiddie" is, nominally, the wannabe attacker who uses tools written by other people (the "scripts"), without really understanding what is going on. Everybody uses tools written by other people (if only operating systems, C compilers, libraries...), but some people have a certain understanding of how things work internally, and could, at least potentially (if free time was free), rewrite these tools from scratch.
The script kiddie himself does not think of himself as a "script kiddie", of course. In his view, he is an "elite hacker", and the other people are script kiddies. The expression "script kiddie" is meant as a disparaging designation, to insist on the alleged youth of the individual and its associated inherent shame. To consider youth as shameful by nature, you have to be young. Old people don't think of youth as a disgusting fact to hide, but as a lost treasure. When somebody uses the expression "script kiddie" too often, you can often infer that this somebody is himself not very old, and a metaphorical scripty smell probably lingers around his person.
A more neutral, less emotionally charged classification would be about competence. Attackers are more or less competent at what they do. Just like anybody. The less competent attackers, which other script kiddies are prone to point out and mock as "script kiddies", will run their tools (collected on the Internet), and if the off-the-shelf tools don't succeed in the attack, they soon give up. More competent attackers will adapt their tools to the specific situation; they see the tools more as a generic framework for attacks than the actual instruments.
Given the above, to avoid being seen as a script kiddie, the trick is to distantiate yourself from the kiddie term, not from the script. Scripts, and, more generally, tools, are neutral. It is the maturity of your reactions, or lack thereof, which will mark you as a script kiddie or not. Despite what is usually believed on the subject, it has very little to do with technical skill; it is a matter of communication, of public relations. Be cool, don't whine, and you will never be a script kiddie.
I read somewhere, I forget where, they divided hackers into three levels of expertise.
The lowest level was Script kiddie. Script kiddies have very limited knowledge and almost no knowledge beyond the attack they are attempting. They may not completely understand the attack they are attempting. An example of this would be a person ARP poisoning a network with Cain, but the person does not know what ARP is or why the attack works. These people are likely to identify targets for the exploit they will try and if it does not work they will move on. Blind SQL Injections, for example, is a common real world example of a script kiddie. It is important to say that Blind SQL injections, or any attack a script kiddie might use, may be used by more advanced hackers. They are just a tool in the toolbox
I don't remember what the second level was called (lets go with Hacker)but this was a level of hacker that DID understand how and why attacks worked. They may write some security tools for themselves to use, and they may not know everything there is to know, but they are NOT a one-trick pony at this level.
The third level was called Elite Hacker. These people will understand all of the underlying mechanisms of their attacks, create new attacks, write some of their own security tools, and have a deep knowledge/experience when it comes to attacking computer systems. These people are more likely to be persistant and use 0day exploits.
It is quite simple. As you get more tricks, understand more about how the computer works and how to get what you want, you become a better hacker. How you deal with someone like a script kiddie is completely different than how you deal with an elite hacker. Frustrating a script kiddie may cause him to go to the next website on his hit-list, but an elite hacker may require more resources and more time. It is hard to lump people into groups, since all people are so different, but I think these three categories do a pretty good job
Wikipedia on Script kiddies (emphasis mine):
In hacker culture a script kiddie or skiddie, (also known as skid, script bunny, script kitty,) are unskilled individuals who use scripts or programs developed by others to attack computer systems and networks and deface websites. It is generally assumed that script kiddies are juveniles who lack the ability to write sophisticated hacking programs or exploits on their own, and that their objective is to try to impress their friends or gain credit in computer-enthusiast communities. The term is typically pejorative.
So in short, they're a clueless nuisance which may still cause harm, be that on purpose or by accident.
Concerning the term "Hacker", there is a lot of ambiguity. My personal preference is the programmer subculture (again emphasis mine):
A hacker is someone who loves to program or who enjoys playful cleverness, or a combination of the two. The act of engaging in activities (such as programming or other media) in a spirit of playfulness and exploration is termed hacking. However the defining characteristic of a hacker is not the activities performed themselves (e.g. programming), but the manner in which it is done: Hacking entails some form of excellence, for example exploring the limits of what is possible, thereby doing something exciting and meaningful. Activities of playful cleverness can be said to have "hack value" and are termed hacks (examples include pranks at MIT intended to demonstrate technical aptitude and cleverness).
So that may also include someone who e.g. modded their smartphone into a garage door opener (at least for them it'd be exciting, I guess). What you are probably referring to, however, is more precisely called a Black hat hacker (and again, emphasis mine):
A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain" (Moore, 2005). Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal". Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network.
So that's someone who actively seeks to harm others for selfish purposes, and they are clever enough to actually understand what they are doing.
In summary:
- Script kiddies are like school bullies: Annoying but clueless
- Black hat hackers are the mobsters: Bullies gone professional
- Hackers in general: They just like wearing a pinstripe suit - that doesn't make them evil, but the public always thinks of their black sheep cousins...