{{Short description|Hacker who operates without permission or malice}} {{Use dmy dates|date=March 2019}} {{Computer hacking}}

A '''grey hat''' ('''greyhat''' or '''gray hat''') is a term used in computer security with a range of definitions and is derived from the concepts of "white hat" and "black hat" hackers.<ref name="De 2002">{{cite web|url=http://www.ddth.com/showthread.php/200-ENG-White-Hat-Black-Hat-Grey-Hat | title=White Hat? Black Hat? Grey Hat? | last=De| first=Chu | date=2002 | website=ddth.com | publisher=Jelsoft Enterprises | access-date=19 February 2015}}</ref>

The term was first used in print in the late 1990s by the hacker group L0pht in a 1999 interview with ''The New York Times''<ref name=":0">{{cite news |date=3 October 1999 |title=HacK, CouNterHaCk |url=https://www.nytimes.com/library/magazine/home/19991003mag-hackers.html |access-date=6 January 2011 |work=New York Times Magazine}}</ref> to describe their hacking activities. The same article describes several members as black hat hackers and a third party describes L0pht as white-hat hackers.<ref name=":0" />

=== Definitions ===

* When a white hat hacker discovers a vulnerability, they will exploit it only with permission and not divulge its existence until it has been fixed, whereas the black hat will illegally exploit it and/or tell others how to do so. The grey hat will neither illegally exploit it, nor tell others how to do so.<ref name="Grey Hat Hacking: The Ethical Hacker's Handbook">{{cite book | last = Regalado |display-authors=etal | year = 2015 | title =Grey Hat Hacking: The Ethical Hacker's Handbook | edition=4th | publisher = McGraw-Hill Education | location=New York | page=18 }}</ref> The phrase was used to describe hackers who support the ethical reporting of vulnerabilities directly to the software vendor in contrast to the full disclosure practices that were prevalent in the white hat community that vulnerabilities not be disclosed outside of their group.<ref name="Grey Hat Hacking: The Ethical Hacker's Handbook" /> * The Red Hat Linux Security Guide states that the white hat breaks into systems and networks at the request of their employer or with explicit permission for the purpose of determining how secure it is against hackers, whereas the black hat will break into any system or network in order to uncover sensitive information for personal gain. The grey hat generally has the skills and intent of the white hat but may break into any system or network without permission.<ref>{{cite web |url=http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/3/html/Security_Guide/ch-risk.html |title=Red Hat Enterprise Linux 3 Security Guide |last1=Fuller |first1=Johnray |last2=Ha |first2=John |last3=Fox |first3=Tammy |date=2003 |website=Product Documentation |publisher=Red Hat |at=Section (2.1.1) |access-date=16 February 2015 |archive-url=https://web.archive.org/web/20120729122043/http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/3/html/Security_Guide/ch-risk.html |archive-date=29 July 2012 |url-status=dead }}</ref> * Systemic Connect state that grey hat hackers, discovering a vulnerability, will tell the hacker community as well as the company affected and then "watch the fallout."<ref>{{cite web|url=http://www.symantec.com/connect/articles/intrusion-detection-systems-terminology-part-one-h |archive-url=https://web.archive.org/web/20110608065500/http://www.symantec.com/connect/articles/intrusion-detection-systems-terminology-part-one-h |url-status=dead |archive-date=8 June 2011 |title=Intrusion Systems Detection Terminology, Part one: A-H |last=Cliff |first=A |website=Symantec Connect |publisher=Symantec |access-date=16 February 2015}}</ref> * In 2008, the EFF defined grey hats as ethical security researchers who inadvertently or arguably violate the law in an effort to research and improve security. They advocate for computer offense laws that are clearer and more narrowly drawn.<ref>[https://www.eff.org/issues/coders/grey-hat-guide EFF.org] Electronic Frontier Foundation (EFF). 20 August 2008. "A 'Grey Hat' Guide"</ref> Another definition of grey hat maintains that grey hat hackers only arguably violate the law in an effort to research and improve security: legality being set according to the particular ramifications of any hacks they participate in.<ref name="Cybercrime: investigating high-technology computer crime">{{cite book | last =Moore |first=Robert | year = 2011 |title=Cybercrime: investigating high-technology computer crime | edition=2nd | publisher = Anderson Publishing | location=Burlington, MA | page=25 }}</ref>

In the search engine optimization (SEO) community, grey hat hackers are those who manipulate websites' search engine rankings using improper or unethical means but that are not considered search engine spam.<ref>{{cite book | author= A E | title=Grey Hat SEO 2014: The Most Effective and Safest Techniques of 10 Web Developers. Secrets to Rank High including the Fastest Penalty Recoveries. | url=https://www.amazon.com/dp/B0C83N8B8B | year=2014 | asin=B0C83N8B8B | publisher=Research & Co}}</ref>

A 2021 research study looked into the psychological characteristics of individuals that participate in hacking in the workforce. The findings indicate that grey hat hackers typically go against authority, black hat hackers have a strong tendency toward thrill-seeking, and white hat hackers often exhibit narcissistic traits.<ref>{{Cite journal |date=2021-07-09 |title=Dark Traits and Hacking Potential |url=https://articlegateway.com/index.php/JOP/article/view/4307 |journal=Journal of Organizational Psychology |language=en |volume=21 |issue=3 |doi=10.33423/jop.v21i3.4307 |issn=2158-3609}}</ref>

==Examples== In April 2000, hackers known as "<nowiki>{}</nowiki>" and "Hardbeat" gained unauthorized access to Apache.org.<ref>{{cite magazine|author=Michelle Finley |url=https://www.wired.com/politics/law/news/2000/05/36170 |title=Wired.com |magazine=Wired |publisher=Wired.com |date=28 March 2013 |access-date=1 November 2013}}</ref> They chose to alert Apache crew of the problems rather than try to damage the Apache.org servers.<ref>{{cite web|url=http://web.textfiles.com/ezines/HWA/hwa-hn53.txt |title=Textfiles.com |access-date=1 November 2013}}</ref>

==References== {{reflist|30em}}

{{DEFAULTSORT:Grey Hat}} Category:Hacking (computer security)