A grey hat is a computer security expert who falls between the categories of a white hat (ethical hacker) and a black hat (malicious hacker). Grey hats use hacking techniques for the purpose of finding security vulnerabilities and reporting them to the affected organizations, but may also engage in illegal or unethical behavior.


 

    A grey hat hacker is an individual who employs illegal means

to discover threats even though he/she does not share

the malicious intent commonly attributed to black hat 

hackers. Grey hat hackers occupy the middle ground that

lies between white hat hackers who aim to protect systems 

and networks from attacks and black hat hackers who exploit

vulnerabilities for malicious gain. In essence, a grey hat

hacker looks for vulnerabilities without the hardware or

software manufacturer’s permission to spread awareness about

 his/her findings.


          Grey hat hackers are like modern-day Robin Hoods who 

are willing to forgo ethics and laws for the greater good.



        Some view the cybersecurity landscape as a world of

 white hat versus black hat hackers. Many fail to see the 

importance of grey hat hackers who expose vulnerabilities

 that lead to the creation of patches so black hat hackers 

can’t abuse them. The examples of the work grey hat hackers

 have done over the years below are proof of that.

           

              Notable Examples of Grey Hat Hacking



          ASUS Routers

In 2014, a grey hat hacker successfully accessed thousands

 of ASUS routers to warn users about potentially exposing 

their files if they don’t patch the vulnerability he discovered 



                    Linux Routers


A team of grey hat hackers known as the “White Team” identified

 a security hole in specific Linux router models in 2015.

 To remedy the flaw, the group released a malware that would

 allow affected users to plug the security gap.


                         Online Printers

  


Back in 2017, a grey hat hacker remotely operated more than

 150,000 printers to warn their users about the risks of leaving 

online printers exposed.


                 What are the Dangers of Grey Hat Hacking?

         Since grey hat hackers can do something illegal,

 many are afraid that they can turn to the dark side. While

 grey hat hackers who discover vulnerabilities report their 

findings to affected organizations, they are often ignored 

or even reported to the authorities. If the unappreciation

 continues, are they bound to become black hat hackers 

themselves?

         

          A survey of more than 900 security professionals 

worldwide revealed that black hat activities are pretty 

standard. Almost half of the respondents were aware that 

some of their colleagues are grey hat hackers or even black

 hats.

 A majority of them believe the reason for abandoning the 

grey hat hacker cause is the massive payout that black hat 

hackers get. Apart from that, many grey hat hackers do what

 they do because they enjoy the challenge. 


Straddling between the good and the bad is what a grey hat 

hacker does. Some grey hat hackers do what they do for the 

thrill. Others just want to help other people. The question

 most people ask, though, is, “Does the end justify the means?”



..................................................................................

                                Grey hat

..................................................................................

A grey hat (greyhat or gray hat) is a computer hacker or computer

 security expert who may sometimes violate laws or typical ethical

 standards, but usually does not have the malicious intent typical 

of a black hat hacker.


The term came into use in the late 1990s, derived from the concepts

 of "white hat" and "black hat" hackers.[1] When a white hat hacker

 discovers a vulnerability, they will exploit it only with permission

 and not divulge its existence until it has been fixed, whereas the 

black hat will illegally exploit it and/or tell others how to do so.

 The grey hat will neither illegally exploit it, nor tell others how

 to do so.[2]


A further difference among these types of hacker lies in their

 methods of discovering vulnerabilities. The white hat breaks into

 systems and networks at the request of their employer or with

 explicit permission for the purpose of determining how secure it

 is against hackers, whereas the black hat will break into any system 

or network in order to uncover sensitive information for personal gain. 

The grey hat generally has the skills and intent of the white hat

 but will break into any system or network without permission.[3][4]


According to one definition of a grey-hat hacker, when they discover

 a vulnerability, instead of telling the vendor how the exploit works,

 they may offer to repair it for a small fee. When one gains illegal

 access to a system or network, they may suggest to the system 

administrator that one of their friends be hired to fix the problem;

 however, this practice has been declining due to the increasing

 willingness of businesses to prosecute. Another definition of grey 

hat maintains that grey hat hackers only arguably violate the law in 

an effort to research and improve security: legality being set 

according to the particular ramifications of any hacks they

 participate in.[5]


In the search engine optimization (SEO) community, grey hat hackers 

are those who manipulate websites' search engine rankings using improper

 or unethical means but that are not considered search engine spam.[6]