When we think of cyberattacks, we often first think of a black hat hacker furiously writing code behind a computer screen, executing the right combination in order to wreak havoc on innocent devices. In tandem with these cybercriminals are the white hat hackers sworn to protect users’ devices from the very threats enacted by black hats. We all know about the protection and perils that emerge from the efforts of these two groups, but what about the gray hats who walk the fine line between the two? What about those who aren’t on the naughty or nice list, but instead lie somewhere in-between?
Defining the Gray Hat
According to Tech Target, a gray hat hacker is someone who “exploits a security weakness in a computer system or product in order to bring the weakness to the attention of the owners.” Though black hats take similar action, they do so with malicious intent, whereas a gray hat actor’s goal is to improve system and network security. A white hat, conversely, will responsibly disclose the vulnerability to the affected company before taking any action on individual devices or systems.
In fact, a gray hat hacker recently came out of the woodwork to enact such a hack. The hacker broke into people’s MikroTik routers and patched devices, so they can’t be abused by cryptojackers and cybercriminals. According to ZDNet, he “has not been trying to hide his actions and has boasted about his hobby on a Russian blogging platform. He says he accesses routers and makes changes to their settings to prevent further abuse.”
Good Intentions, Bad Side Effects
But therein lies the issue – the abrupt exploitation of a vulnerability, even if for well-intentioned purposes, can still have a negative impact. By exploiting and publicizing these vulnerabilities, these gray hat hackers are drawing them to the attention of hackers with malicious intent. These black hats can use the knowledge of this vulnerability to enact actual schemes, collect user data, and even commit fraud.
There have even been “humorous” hacks that have begun with light-hearted intentions and ended in serious consequences. Just take Samy Kamkar’s MySpace Hack in 2005 for example. The gray hat hacker similar created a workaround so that when someone visited his profile, they would be automatically made his friend on the platform. And, of course, the bottom of their profile would now say “Samy is my hero.” But the results of the hack were not humorous at all, as it was the fastest-spreading computer worm at that period of time. Plus, it crashed MySpace. Fast forward to present day and Kamkar, similar to other gray hat hackers, now hacks into cars to prove a point.
Sifting Through Shades of Gray
When it comes to black hat attacks, the answer is clear – stop their schemes, no matter what. But with gray hats, the security community is faced with a conundrum. Do you stop or punish those that act illegally out of good will, whose actions can potentially render unforeseen consequences? Are these “ethical” hackers really making the internet a safer place?
Our recommendation: if you’re a hacker, think about the consequences behind a hack before you do it. Ask yourself, will this ultimately do more harm than good? How will this really impact users? From there, remember its always best to remain on the side of the law. A lot of good can be done and still be legally compliant.