Grey hat

From Wikipedia, the free encyclopedia
Jump to: navigation, search

A grey hat may refer to an individual who acts in a variety of IT-related areas. In the hacking community, this metaphorical title refers to a skilled hacker whose activities fall somewhere between white and black hat hackers in a variety of practices. The ambiguity connoted by the title suggests that such people sometimes act illegally, though in good will, to identify vulnerabilities in computing processes. They usually do not hack for personal gain or have malicious intentions, but may be prepared to break some laws during the course of their technological exploits in order to achieve better security.[1] Whereas white hat hackers generally advise companies of security exploits quietly, grey hat hackers generally "advise the hacker community as well as the vendors and then watch the fallout".[2]

In the search engine optimisation community, the term greyhat refers to the “questionable” category in search engine optimisation. While these actions may be against search engine guidelines or may not generally be considered an ethical way to SEO a website, it is not yet considered search engine spam. While Grey Hat tactics may work for SEO and may avoid search engine penalties, members of the web community may realise what the Grey Hat hacker is doing, negatively affecting the online reputation of both website and hacker.

Black Hat SEO refers to illegitimate (against search engine guidelines) and illegal optimization tactics, while White Hat SEO refers to legitimate and proper ways to optimize a website.


The earliest known use of the term grey hat in the context of computer security literature may be traced back to 1997, when the trademark was first filed in the USPTO by Greyhat, LLC [3] [4] and renewed in 2008. [5]

The term grey hat was first cited by the hacker group L0pht in 1998. The group references it in an interview with the NY Times[6] from 1999 describing their "gray-hat" behavior. The phrase was used to describe hackers who support the ethical reporting of vulnerabilities directly to the software vendor.[7] He contrasted this with the full disclosure practices that were prevalent in the white hat community at the time and with the principles of the black hat, whereby no one should be made aware of security holes.

In 2002, however, the Anti-Sec community published use of the term to refer to people who work in the security industry by day, but engage in black hat activities by night.[8] The irony was that for black hats, this interpretation was seen as a derogatory term; whereas amongst white hats it was a term that lent a sense of popular notoriety.

Following the rise and eventual decline of the full disclosure vs. anti-sec "golden era"—and the subsequent growth of an "ethical hacking" philosophy—the term grey hat began to take on all sorts of diverse meanings. The prosecution in the U.S. of Dmitry Sklyarov for activities which were legal in his home country changed the attitudes of many security researchers. As the Internet became used for more critical functions, and concerns about terrorism grew, the term white hat started referring to corporate security experts who did not support full disclosure.[9]

Nevertheless, in 2004, Harris (et al.) published a book on grey hat methodologies. This built upon the idea that black hats have malicious intentions and do not disclose their secrets, whereas white hats always engaged in public full disclosure, freely publicising security flaws in the hope that they will be fixed. The authors espoused that grey hats fall somewhere between, in that they derive income from notifying the vendor of what needs to be fixed after they have penetrated a system.[10]

In 2006, the term was used to describe freelance hackers who browse the Internet in search of security holes and then seek to charge the host a fee for fixing the issue.[11]

In 2008, the EFF defined grey hats as ethical security researchers who inadvertently or arguably violate the law in an effort to research and improve security. They advocate for computer offense laws that are clearer and more narrowly drawn.[12]


In summary, the term "grey hat" may refer to a hacker who:

  • Engages in security research with the intention to secure rather than exploit
  • Grapples with questions of ethics and law in the line of their work.
  • Does not support full disclosure of vulnerabilities.
  • Usually reports the vulnerability to the product vendor.


In April 2000, hackers known as "{}" and "Hardbeat" gained unauthorized access to[13] They chose to alert Apache crew of the problems rather than try to damage the servers.[14]

In June 2010, a group of computer experts known as Goatse Security exposed a flaw in AT&T security which allowed the e-mail addresses of iPad users to be revealed.[15] The group revealed the security flaw to the media thereafter notifying AT&T. Since then, the FBI has opened an investigation into the incident and raided the house of weev, the group's most prominent member.[16]

In April 2011, a group of experts discovered that the Apple iPhone and 3G iPads were "logging where the user visits". Apple released a statement saying that the iPad and iPhone were only logging the towers that the phone could access. There have been numerous articles on the matter and it has been viewed as a minor security issue. This instance would be classified as "grey hat" because although the experts could have used this for malicious intent, the issue was reported.[17]

See also[edit]

Related literature[edit]


  1. ^ "". Retrieved 2013-11-01. 
  2. ^ Intrusion Detection Systems Terminology
  3. ^ "1997, 2000, and 2008 USPTO Greyhat Service mark Filing". 
  4. ^ " trademark owner". 
  5. ^ "2008 USPTO Registration 3546744 GREYHAT - Trademark Details". 
  6. ^ "HacK, CouNterHaCk". New York Times Magazine. 3 October 1999. Retrieved 6 January 2011. 
  7. ^ Cliff, A. 2 July 2001. "Intrusion Detection Systems Terminology"
  8. ^ #Phrack High Council. 20 August 2002. "The greyhat-IS-whitehat List"
  9. ^ "The thin gray line". CNET News. 23 September 2002. Retrieved 6 January 2011. 
  10. ^ Harris (et al.) (2004). Grey Hat Hacking: The Ethical Hacker's Handbook. McGraw-Hill Osborne Media. 
  11. ^ Moore, Robert (2006). Cybercrime:Investigating High-Technology Computer Crime. Cincinnati, Ohio: Anderson Publishing. 
  12. ^ Electronic Frontier Foundation (EFF). 20 August 2008. "A 'Grey Hat' Guide"
  13. ^ Michelle Finley (2013-03-28). "". Retrieved 2013-11-01. 
  14. ^ "". Retrieved 2013-11-01. 
  15. ^ FBI Opens Probe of iPad Breach Wall Street Journal, Spencer Ante and Ben Worthen. 11 June 2010.
  16. ^ Tate, Ryan (9 June 2010). "Apple's Worst Security Breach: 114,000 iPad Owners Exposed". (Gawker Media). Retrieved 13 June 2010. 
  17. ^ "Is Apple Tracking You?".