Grey hat hacking is a growing trend within the cybersecurity community, but what is a grey hat hacker? To answer that question, we must first ask a different one.
What is the difference between white, grey and black hat hackers?
The coloured-hat concept stems from the trope in old Western films where, to make it easier for the audience to recognise the characters, the ‘good guy’ would wear a white hat, and the ‘bad guy’ would wear a black hat.
What is a white hat hacker?
When a hacker is attempting to uncover software bugs with pure intentions, rather than looking to exploit vulnerabilities for personal gain, they are known as ‘white hats’. Large companies often encourage white hat hacking as a way of testing the security of their systems, and hackers are financially rewarded if they find any holes.
White hats have all of the required knowledge of how they could exploit software, networks, or systems, but choose instead to work with the owner instead of against them. White hats are more commonly employed by companies as security experts, and can even be accredited with an official “Certified Ethical Hacker” (CEH) status which proves them to be effective and conscientious hackers.
What is a black hat hacker?
This type of hacker is still looking for bugs in software and systems, but almost always with more nefarious intentions. When a black hat hacker finds a gap in a system’s security, they choose to exploit it, rather than notify the owner and, depending on the system, this exploit could have disastrous and wide-ranging consequences. The intention could be to spread malware, or to steal/edit/delete confidential personal or financial data.
What is a grey hat hacker?
As logic would suggest, a grey hat hacker falls somewhere between white hats and black hats. To refer it back to the Westerns, grey hats are neither ‘good guys’ nor ‘bad guys’.
Unlike Certified Ethical Hacking, grey hat hacking is illegal, as the hacker has not received permission from the organisation to attempt to infiltrate their systems, but the intentions of grey hat hackers aren’t as troublesome as their black hat counterparts.
Grey hat hacking is sometimes done with the intent of public interest, although, quite commonly, if a grey hat identifies a flaw and points it out to a company, the company will work with the hacker to fix the exploit – often rewarding them just like they would a white hat. The difference however, is that if the company ignores the grey hat’s warning, the hacker could either exploit the flaw themselves, or share the knowledge online for other hackers to exploit.
And so, the vital difference between white, grey and black hat hackers is in the legality and ethics. While white hats operate ethically, and black hats illegally, grey hats blur the line between the two.