Grey Hats



A grey hat, in the hacking community, refers to a skilled hacker who sometimes acts illegally, sometimes in good will, and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.

Disambiguation
One reason a grey hat might consider himself to be grey is to disambiguate from the other two extremes: black and white. For example, a grey hat hacker may penetrate a computer system without authorization, an illegal act in most countries. However, the hacker may simply patch the security hole that allowed them access without damaging the system. In this situation, they may or may not disclose their activities, due to legal ramifications. It is possibly misleading to say that grey hat hackers do not hack for personal gain. While they do not necessarily hack for malicious purposes, grey hats do hack for a reason, a reason which more often than not remains undisclosed. A grey hat will not necessarily notify the system administrator of a penetrated system of their penetration. A grey hat will prefer anonymity at almost all cost, carrying out their penetration undetected and then leaving undetected. Consequently, grey hat penetrations of systems tend to be far more passive activities such as testing, monitoring, or less destructive forms of data transfer and retrieval.

In addition, they may be further disambiguated by their stance as it refers to the proper disclosure of computer security flaws. Whereas a white hat will generally work with a vendor to correct the flaw, within a time frame, or under certain conditions. They also may attempt to pressure vendors to release a patch for a flaw through the possibility of disclosure. Their intention is to make systems safer. A black hat will generally never disclose information to the public, since doing so will cause systems to be patched and greatly reduce the effectiveness of the vulnerability. In fact there has been a long standing controversy of black hats opposed to the white hat policy of full disclosure. Grey hats may or may not release vulnerabilities to the vendor or the public. They may attempt to sell them to black hats or white hats.

The apache.org hack. by {} and Hardbeat
In April 2000, grey hat hackers gained unauthorized access to apache.org. These people could have tried to damage apache.org servers, write text offensive to Apache crew, or distribute trojans or other malicious actions. Instead, they chose just to alert Apache crew of the problems and then to publish,[7] beginning with: This paper does _not_ uncover any new vulnerabilities. It points out common (and slightly less common) configuration errors, which even the people at apache.org made. This is a general warning. Learn from it. Fix your systems, so we won't have to :) This paper describes how, over the course of a week, we succeeded in getting root access to the machine running www.apache.org, and changed the main page to show a 'Powered by Microsoft BackOffice' logo instead of the default 'Powered by Apache' logo (the feather). No other changes were made, except to prevent other (possibly malicious) people getting in.