A grey hat hacker is an individual who employs illegal means to discover threats even though he/she does not share the malicious intent commonly attributed to black hat hackers.
Grey hat hackers occupy the middle ground that lies between white hat hackers who aim to protect systems and networks from attacks and black hat hackers who exploit vulnerabilities for malicious gain. In essence, grey hat hackers look for vulnerabilities without hardware or software manufacturers’ permission to spread awareness about their findings.
Grey hat hackers are like modern-day Robin Hoods who are willing to forgo ethics and laws for the greater good.
Other interesting terms…
Read More about a Grey Hat Hacker
Some view the cybersecurity landscape as a world of white hats versus black hats. Many fail to see the importance of grey hat hackers who expose vulnerabilities that lead to the creation of patches so black hat hackers can’t abuse them. The examples of the work grey hat hackers have done over the years below are proof of that.
What Are Some Notable Examples of Grey Hat Hacking?
ASUS Routers
In 2014, a grey hat hacker successfully accessed thousands of ASUS routers to warn users about potentially exposing their files if they don’t patch the vulnerability he discovered.
Linux Routers
A team of grey hat hackers known as the “White Team” identified a security hole in specific Linux router models in 2015. To remedy the flaw, the group released a malware that would allow affected users to plug the security gap.
Online Printers
Back in 2017, a grey hat hacker remotely operated more than 150,000 printers to warn their users about the risks of leaving online printers exposed.
MikroTik Routers
Russian grey hat hacker Alexey patched more than 100,000 MikroTik routers to prevent cryptocurrency miners from exploiting a vulnerability.
While these grey hat hackers had no malicious intentions, the invasion of privacy they committed was not well-received.
What Are the Dangers of Grey Hat Hacking?
Since grey hat hackers can do something illegal, many are afraid that they can turn to the dark side. While those who discover vulnerabilities report their findings to affected organizations, they are often ignored or reported to the authorities. If the unappreciation continues, are they bound to become black hat hackers themselves?
A survey of more than 900 security professionals worldwide revealed that black hat activities are pretty standard. Almost half of the respondents were aware that some of their colleagues are grey hat hackers or even black hats. A majority of them believe the reason for abandoning the grey hat hacker cause is the massive payout that black hat hackers get. Apart from that, many grey hat hackers do what they do because they enjoy the challenge.
Straddling between the good and the bad is what a grey hat hacker does. Some grey hat hackers do what they do for the thrill. Others just want to help other people. The question most people ask, though, is, “Does the end justify the means?”
Key Takeaways
- Grey hat hackers employ illegal means to discover threats even though they do not share the malicious intent commonly attributed to black hat hackers.
- Some grey hat hackers do what they do because they think white hats aren’t doing enough to stop the bad guys. While most aren’t in it for the money, some may want fame.
- Grey hat hackers are often unappreciated because they straddle the thin line between the good and the bad.
