The law tends to be very black-and-white when it comes to the legality of things like hacking.
Either something is or is not a crime.
Ethics, however, can be much more nuanced.
The term grey hat hacker refers to hackers that walk this tightrope.
Often their actions are illegal, but they have some ethical justification or framework.
Technically, it also covers those that act legally but unethically.
That group, however, is a lot smaller than the first.
The problem withblack hat hackersis that they victimize innocent people, just going about their lives.
Anyone is acceptable as a victim to them because their goal is, typically, to benefit themselves.
Contents
Motivations
A grey hat is typically motivated similarly to a white hat hacker.
They want to disclose issues to improve security for the user responsibly.
Generally, however, they find the legal system too restrictive and act without permission.
Many early computer hackers were motivated by trying to see what could be done.
In many cases, these hackers didnt do anything malicious.
Technically, they would look at data, but there werent black markets on which to sell it.
Often the flag would be something simple like a text file saying, X was here.
This would certainly be illegal in modern times, but the applicable laws didnt exist then.
These hackers were typically doing so for fun and generally didnt do much harm.
This then leaves the ethical hacker in a quandary.
Its a difficult choice and ethically challenging.
He had attempted to disclose the issue adequately through Facebooks bug bounty program.
The problem, however, was rejected as not a bug.
Facebook then quickly fixed the issue.
It didnt pay any bug bounty, as Khalil had exceeded the restrictions on the program.
It also did not attempt to push charges.
If they were black hats, they could have quietly set up malicious downloads in place of legitimate ones.
Any user unlucky enough to roll out the web server before the hack was discovered would have been affected.
Instead, they only defaced the website, swapping out some images.
The actions didnt harm any users and led to direct dialogue, resulting in the issue being fixed.
Often these objections are powerful and respected by society at large.
This isnt just political groups that you disagree with.
It tends to be things like groups supporting terrorism, repressive regimes, criminal organizations, or pedophile rings.
They hope that their efforts help to protect people.
A grey hat that works under this principle may also consider themselves a sort of Robin Hood-like figure.
This entire concept is highly subjective.
Some people may agree that the actions, while illegal, are ethical, while others may not.
Typically, they operate under the principle that the ends justify the means.
They get security vulnerabilities resolved but typically break the law in the process of doing so.
This action differentiates them from white hats.
