Gray Hat Hacking, those with ambiguous ethics…

The so-called “Lukewarm Hackers” may be your best friends one day, your trusted employees, but the next day, they may differ upon the payment received on their services remuneration and become your worst nightmare. This time ZARZA Engineers help us understand this Gray Hat Hacking category, which according to statistics, most hackers are housed in today.

Gray Hat Hacking, Where does the gray hat come from?

Gray hat hackers are those who are good one day, but perhaps on the same day, they’re also bad. Their behavior is identified when they are those who detect vulnerabilities, but if they’re not hired to overcome them, they’re the same who exploit them, and so getting their committed by hook or by crook.

The cataloged within the Gray Hat Hacking or Gray Hat Hackers are those who “play” to be good and bad, in other words, they have ambiguous ethics and practice double morality, or moral at convenience.

They have the knowledge of a Black Hat Hacker using it to get into systems and find vulnerabilities, then offer their services to fix them under contract for a “modest fee” usually cheaper than a White Hacker, since they already know and have managed to exploit the system. However, it’s quite usual that the system is not repaired, a back door remains open so they can keep asking for money from time to time… They are in fact unreliable although many claim to be reliable, and others are likely to be; this is a characteristic of Gray Hat Hacking, ambiguity.

Gray Hat: its history

In the hacker community, wearing a gray hat refers to a talented hacker who sometimes acts illegally, but with questionable intentions. They are across between the dark side and those who practice White Hacking.

They don’t usually atgreyhacking2tack moved by personal interests or malicious intentions, but sometimes due to economic interests, however they are prepared to commit crimes in the course of “their deeds”, as long as under their ambiguous ethics, the end justifies the means.

While white hat hackers usually inform companies about security breaches silently, those who practice Gray Hat Hacking are more likely to notify the hacker community, ask for “bailouts”, or warn companies and simply watch the consequences.

The gray hat term was coined by a group of hackers called L0pht in 1998, sincomputer-hackerce then it’s been linked to those who due to leisure or other reasons, look for vulnerabilities and report them, sometimes moving from side to side without much regret, with thesis often colliding between one or another; creating a total compendium of Gray Hat Hacking.

Some of these categorizations, and/or characteristics of Gray Hat Hacking, have been synthesized in the following:

-Hacker who is dedicated to security research with the intention of securing instead of exploding.
-Deal with matters of ethics and morality in regards to attacks and informatics protection in the line of their work.
-Do not approve the full disclosure of vulnerabilities, liking to keep “secondary accesses”.
-Usually report vulnerabilities to vendors of these products, in a non precise or specific moment.

Gray Hat Hacking, good or bad?

Intermediates. However, there are many cases daily, reporting vulnerabilities to developing houses they respect, preferring to report the problem and benefit both their own interests and the community’s interests in overall, considering that an infiltration may generate more damage than what worthwhile to hide. In these cases, respect for the equipment and the developing house are crucial, and this is when Gray Hat Hacking takes reason to be.


There are cases that have gone down in history…

-In April 2000, the hackers known as “{}” and “Hardbeat” obtained unauthorized access to, the popular service of the http server, which is used in most websites worldwide. At that time, they chose to warn Apache’s people about the problems instead of trying to damage the servers.

-In June 2010, Goatse Security revealed a flaw in security of AT&T that allowed to get the email addresses of iPad users. The group revealed the security flaw to the media after AT&T were notified.

-In April 2011, a group of experts found that the iPhone and iPad 3G were “recording” what the user visited. Then, Apple released a statement saying that the iPad and iPhone recorded only the towers where the phone could have access to.

In these cases we see how Gray Hat Hacking has benefited without major complications nor second intentions, or at least, not so obvious…

What to do if I am contacted by a Gray Hacker?

If you are a ZARZA Corp client, we suggest copying the communication to your trusted Engineer, and so receive assistance and specific suggestions for your case. In the case you go alone, the most important would be to backup your data as soon as possible, so if you don’t yield to the Gray Hat Hacking requirements, you may eventually restore your system.

If the Gray Hacker provides you with disinterested information, distrust, and have your developer or engineer, find and apply by his experience, the best tools to correct the detected problem, also, search for and identify possible side entrances, created from this circumstance.