Grey hat

From Wikipedia, the free encyclopedia
Jump to: navigation, search

The term "grey hat" or "gray hat" in Internet slang refers to a computer hacker or computer security expert whose ethical standards fall somewhere between purely altruistic and purely malicious. The term began to be used in the late 1990s, derived from the concepts of "white hat" and "black hat" hackers.[1] When a white hat hacker discovers a vulnerability, they will exploit it only with permission and not divulge its existence until it has been fixed, whereas the black hat will illegally exploit it and/or tell others how to do so. The grey hat will neither illegally exploit it, nor tell others how to do so. [2]

A further difference among these types of hacker lies in their methods of discovering vulnerabilities. The white hat generally breaks into systems and networks at the request of their employer or with explicit permission for the purpose of determining how secure it is against hackers, whereas the black hat will break into any system or network in order to uncover sensitive information and for personal gain. The grey hat generally has the skills and intent of the white hat but will break into any system or network without permission. [3][4]

In the search engine optimization (SEO) community, grey hat hackers are those who manipulate web sites’ search engine rankings using improper or unethical means but that are not considered search engine spam. [5]


The earliest known use of the term grey hat in the context of computer security literature may be traced back to 1997, when the trademark was first filed in the USPTO by Greyhat, LLC [6] [7] and renewed in 2008. [8]

The term grey hat was used by the hacker group L0pht stating in 1998. They used it in a 1999 interview with The New York Times[9] to describe their own behavior.

The phrase was used to describe hackers who support the ethical reporting of vulnerabilities directly to the software vendor in contrast to the full disclosure practices that were prevalent in the white hat community that vulnerabilities not be disclosed outside of their group. [2]

In 2002, however, the Anti-Sec community published use of the term to refer to people who work in the security industry by day, but engage in black hat activities by night.[10] The irony was that for black hats, this interpretation was seen as a derogatory term; whereas amongst white hats it was a term that lent a sense of popular notoriety.

Following the rise and eventual decline of the full disclosure vs. anti-sec "golden era"—and the subsequent growth of an "ethical hacking" philosophy—the term grey hat began to take on all sorts of diverse meanings. The prosecution in the U.S. of Dmitry Sklyarov for activities which were legal in his home country changed the attitudes of many security researchers. As the Internet became used for more critical functions, and concerns about terrorism grew, the term "white hat" started referring to corporate security experts who did not support full disclosure.[11]

In 2008, the EFF defined grey hats as ethical security researchers who inadvertently or arguably violate the law in an effort to research and improve security. They advocate for computer offense laws that are clearer and more narrowly drawn.[12]


In April 2000, hackers known as "{}" and "Hardbeat" gained unauthorized access to[13] They chose to alert Apache crew of the problems rather than try to damage the servers.[14]

In June 2010, a group of computer experts known as Goatse Security exposed a flaw in AT&T security which allowed the e-mail addresses of iPad users to be revealed.[15] The group revealed the security flaw to the media soon after notifying AT&T. Since then, the FBI opened an investigation into the incident and raided the house of weev, the group's most prominent member.[16]

In April 2011, a group of experts discovered that the Apple iPhone and 3G iPads were "logging where the user visits". Apple released a statement saying that the iPad and iPhone were only logging the towers that the phone could access. [17] There have been numerous articles on the matter and it has been viewed as a minor security issue. This instance would be classified as "grey hat" because although the experts could have used this for malicious intent, the issue was reported. [18]

See also[edit]

Related literature[edit]


  1. ^ De, Chu (2002). "White Hat? Black Hat? Grey Hat?". Jelsoft Enterprises. Retrieved 2015-02-19. 
  2. ^ a b Regalado (et al.) (2015). Grey Hat Hacking: The Ethical Hacker's Handbook (4th ed.). New York: McGraw-Hill Education. p. 18. 
  3. ^ Fuller, Johnray; Ha, John; Fox, Tammy (2003). "Red Hat Enterprise Linux 3 Security Guide". Product Documentation. Red Hat. Section (2.1.1). Retrieved 2015-02-16. 
  4. ^ Cliff, A. "Intrusion Systems Detection Terminology, Part one: A-H". Symantec Connect. Symantec. Retrieved 2015-02-16. 
  5. ^ A E (2014). Grey Hat SEO 2014: The Most Effective and Safest Techniques of 10 Web Developers. Secrets to Rank High including the Fastest Penalty Recoveries. Research & Co. ASIN B00H25O8RM. 
  6. ^ "1997, 2000, and 2008 USPTO Greyhat Service mark Filing". 
  7. ^ " trademark owner". 
  8. ^ "2008 USPTO Registration 3546744 GREYHAT - Trademark Details". 
  9. ^ "HacK, CouNterHaCk". New York Times Magazine. 3 October 1999. Retrieved 6 January 2011. 
  10. ^ #Phrack High Council. 20 August 2002. "The greyhat-IS-whitehat List"
  11. ^ "The thin gray line". CNET News. 23 September 2002. Retrieved 6 January 2011. 
  12. ^ Electronic Frontier Foundation (EFF). 20 August 2008. "A 'Grey Hat' Guide"
  13. ^ Michelle Finley (2013-03-28). "". Retrieved 2013-11-01. 
  14. ^ "". Retrieved 2013-11-01. 
  15. ^ FBI Opens Probe of iPad Breach Wall Street Journal, Spencer Ante and Ben Worthen. 11 June 2010.
  16. ^ Tate, Ryan (9 June 2010). "Apple's Worst Security Breach: 114,000 iPad Owners Exposed". (Gawker Media). Retrieved 13 June 2010. 
  17. ^ Harrison, Natalie; Kerris, Natalie (27 April 2011). "Apple Q&A on Location Data". Apple Press Info. Apple, Inc. 
  18. ^ "Is Apple Tracking You?". Archived from the original on 28 April 2011.