The good and the bad… and the grey

In my previous blog post I discussed different kinds of hackers, namely white hat and black hat hackers. Although it’d be great to live in a fairy tale and have a clear difference between good and bad, this isn’t very common in our real world lives. Most of the time a small amount of cases can be divided into ‘good’ and ‘bad’. Perhaps the most interesting colour in the end is grey. The grey area between black and white is a place where doubt, perspectives, subjectivity and complexity rule. While discussions may die in the areas of pure good and bad cases, they flourish in the grey one.

Also when classifying hackers we come across this grey area in the shape of grey hat hackers. Before discussing what type of hacker is a grey hat, we should establish a meaning of the term:

“Like the colour suggests a ‘grey-hat’ hacker is somewhere between white-hat and black-hat hackers, as he or she exhibits traits from both. For instance, a grey-hat hacker will roam the Internet in search of vulnerable systems; like the white-hat hacker, the targeted company will be informed of any weaknesses and will repair it, but like the black-hat hacker the grey-hat hacker is hacking without permission” – Chandrika (2014)

“Somewhere in between the two extremes is the grey hat hacker, operating on the fringe of civil and criminal liability to report security vulnerabilities.” – Kirsch (2014)

“Gray hats fall into middle ground between these two other hacker categories” [referring to black hats and white hats] – WIRED

In general, the most common meaning which is given is between the other two classification. This, however, does not help much. So we may wonder, how do they differ from each other? In A goal of grey hat hacking can be equal to that of a white hat hacker: to secure the digital world we created by finding weaknesses and patching them (Kirsch, 2014). White and grey might share a goal of increasing online security, grey hat hackers will not necessarily stay within legal boundaries like white hat hackers do. Grey differs from black in that they do not solely use their skill set for personal profit. Nevertheless, they are often condemned for possible ulterior motives (Kirsch, 2014). These may be the humiliation the victim (an institution or organisation) or personal recognition.  

There’s another type of hacker that could fall within the grey hacker classification. Hacktivism is a form of behaviour we’re familiar with as a society – namely activism – that shifted to the cyberworld. In this case, hacking skills are used for the purpose of activism in various degrees of intensity. The purpose of these hacks are socially or politically motivated (Chandrika, 2014). As a result the hackers will consider their actions legitimate in relation to their motivation.

Hacktivists don’t really fit the ‘white hat hacker’ description and neither the ‘black hat hacker’ description. They often justify their own actions based on their motivation behind it, but the same actions result fair amount of controversy at times. Whether you might think of a hacktivist group as a white, black or grey hat hacking group also depends on your own perception of good and bad. The more you agree with the ideas of the group, the more likely you approve of their actions. In contrast, if you’re morals deviate from theirs it is likely you’ll classify them as ‘black hat hackers’. The most complex part about this grey area is how subjective it can be. Everyone’s moral standards differ from one another, thus our perception of what or who belongs in which category will be different. Grey hat hackers can be conceptualised in different ways, but in general I’d say the classification characterizes itself by the subjectivity of who we consider to be a part of it.

Sources:

Chandrika, V. (2014). Ethical Hacking: Types of Ethical Hackers. International Journal of Emerging Technology in Computer Science & Electronics (IJETCSE) 11(1), p 43 -48. Retrieved from: http://www.ijetcse.com/wp-content/plugins/ijetcse/file/upload/docx/733ETHICAL-HACKING-TYPES-OF-ETHICAL-HACKERS-pdf.pdf

Kirsch, C. (2014). The Grey Hat Hacker: Reconciling Cyberspace Reality and the Law. Northern Kentucky Law Review 41(3), p 383 – 205. Retrieved from: https://s3.amazonaws.com/academia.edu.documents/36926435/8-Kirsch_v2.pdf?response-content-disposition=inline%3B%20filename%3DGrey_Hat_Hacking_Reconciling_Law_with_Cy.pdf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWOWYYGZ2Y53UL3A%2F20191126%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20191126T022925Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=aedb1e952fceefa614301995b833d25968845b4bc93bc1758a69d8cbea949221

Zetter, K. (2016). Hacker Lexicon: What are white hat, gray hat, and black hat hackers? WIRED. Retrieved from: https://www.wired.com/2016/04/hacker-lexicon-white-hat-gray-hat-black-hat-hackers/#