Were done discussing the White and Black Hat Hacker, now we are going to hybrid those two that will fall under the Grey Hat Hacker (or Gray Hat Hacker). Grey Hat Hacker based on SecPoint website: What is a Grey Hat?, “In the hacking community, a grey hat refers to a proficient and tech-savvy hacker who is ambivalent enough to sometimes use his program manipulating skills to act illegally in either good or ill will.” “Their intentions for hacking don’t usually delve into any of the traditional well-intentioned or maliciously driven extremes; that is, they may or may not commit crimes from time to time during the course of their digital undertakings, so they’re not exclusively indulging on any one type of activity like their security-improving or network-destroying counterparts would.” From this, Grey Hat Hackers are in between the two and it is in grey hat hacker hands what he or she will prefer to be. But can you imagine what can grey hat hacker really do? And why they chose to be in between those two? (White and Black Hat Hacker).
Another lines from SecPoint website: What is a Grey Hat?, “One of the reasons why a grey hat would categorize himself as “grey” is to distance himself from the two opposing hacker spectrum white and black, constructive or malicious. For instance, even though a grey hat could gain unauthorized access to a network (an illegal crime in most jurisdictions), he could, at the same time, offer a patch for the exposed vulnerability that allowed him access in the first place without compromising the system he invaded. Also, grey hats may or may not show vulnerabilities to the administrators or the public, or they could even sell them to either white hats or black hats if they so choose.” Here, grey hat hackers are still cracker on which they also exploits a security weakness in a computer system or product to bring the weakness to the attention of the owners but what they do is that they act without malicious intent and their goal is to improve system and network security. However, by publicizing a vulnerability, the gray hat may give other crackers the opportunity to exploit it. Unlike white hat hacker who alerts system owners and vendors of a vulnerability without actually exploiting it in public. (Based on SearchSecurity: gray hat or grey hat).
On this part, Grey hat hacker are considered also as one of the ethical hackers in the hackers’ community. They are the one who mostly formed group of hacktivist on which from forums, to organizations, this group also lead into Hacktivist world on which they have their own set of rules and hack into some systems as a form of protest. One of those famous known group on which can also be considered part of this are the Anonymous. We can see the lot of them do protest on the government websites. They also have this kind of quotations, The Mentor quotes: “We explore and you call us criminals. We seek after knowledge and you call us criminals…Yes, I am a criminal. My crime is that of curiosity…My crime is that of outsmarting you, something that you will never forgive me for (Mentor, para. 9).” This is an informal attempt to record a record of motivation can be found in the short essay titled “The Conscience of a Hacker” written on January 8th, 1986 and published in the online hacker magazine Phrack, more famously known as “The Hacker Manifesto”. The essay became a cornerstone of hacker culture and is probably still the most well-known essay on hacking in existence.
Hacktivism which is still under this grey hat hacker is the development and use of technology to foster human rights and the open exchange of information, or more simply ‘hacking for political purposes’. Brought into the mainstream by the hacker group Cult of the Dead Cow (cDc) in the mid-1990s and widely defined as a form of grey-hat hacking due to its sometimes quasi-legal nature, the term ‘hacktivism’ is often abused misused similar to its cousin ‘hacking’; this leads to a dirtying of the public perception of the word. However, the genesis of ‘hacktivism’ was a benign one. We can see the lot of anonymous now a days on the internet since technology runs fast. Communicating and expressing one’s self or as a group which is against the political state of the country can be done now through online. And by using the hacking tools and skills they have, they show it in public. Mostly of the domains they used were from the government websites since their request will be heard directly from all those government sectors. Around the globe, there are the lot of Anonymous groups and they do this things not just for their own privileges but also for other people in worldwide web community.
Moreover with this Anonymous, “Beginning in 2008, Anonymous started promoting collaborative global hacktivism by performing combined protests to promote freedom of Internet speech. Anonymous group activities are managed by unidentified yet self-attributed Anonymous members. Internet forums and image boards are key sources for Anonymous recruitment, as well as wiki and other Internet Relay Chat (IRC) networks. Anonymous uses such mediums to communicate and organize protests.” We cannot really dictate anonymous as a black hat hacker or even white hat hacker because he or she may use his or her skills for legal or illegal acts, but not for personal gains. Grey hackers use their skills to prove themselves that they can carry out a determined feat, but never do it to make money out of it. While I’m searching for some reading about this grey hat hackers, I found a website on which they are into grey hat but for security purposes and group of grey hat hacker community. It is the Greyhat Security. The site show their legal purpose and uses of their website and the two main purposes of it were Education and Teach advanced techniques to legal Penetration Testers. You can view and read it here: Legal for further research about that website.
Lastly, Grey or Gray Hat Hacking also have a book about ethical hacking. Based on reviews about this book (Gray Hat Hacking: The Ethical Hacker’s Handbook), “It is an ethical hacker’s handbook which combines a highly pedagogical approach with advanced knowledge of security vulnerability, discovery, and exploitation. The process of discovering and exploiting security vulnerabilities is a multiphase one: first, a series of laws must be considered and addressed, to avoid legal prosecution. Next, a network must be scanned, and potentially vulnerable machines detected. The last phase is exploitation, where vulnerable applications are injected with user-controlled data, and the underlying machine is “owned.” These phases are common to both black hats and professional penetration testers, hired for assessment and testing purposes. The authors describe these phases in great detail.” Being ethical in what we do is really important because it is where other people and society measures on how you respect yourself as an individual.