Just what Is grey hat? Wikipedia defines it as such:
"A grey hat, in the hacking community, refers to a skilled hacker who sometimes acts legally, sometimes in good will, and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits."
Wikipedia goes on to to state the obvious reasons why one might consider oneself 'grey' in a black and white world. Some people will jump to the conclusion that we're obviously bad people since we may from time to time access a system we have no right or operate a program in a manner unspecified. We're obviously not white hat, not content to mind our own systems until they're attacked. So what are we? Wikipedia hit the nail on the head stating that grey hat hackers do not hack for malicious purposes, yet the definition remains rather bland... just what is a malicious act anyways and who is defining this stuff? So far I've done nothing but asks questions and state the obvious, what kind of informaiton page is this?!
Let's continue. We learn that the origins of hacking lay in the very word, which cannot be truly known and understood without first understanding the ethics behind it:
"The hacker ethic comprises the values and philosophy that are standard in the hacker community. The early hacker culture and resulting philosophy originated at the Massachusetts Institute of Technology (MIT) in the 1950s and 1960s.
The boys [at MIT] defined a hack as a project undertaken or a product built not solely to fulfil some constructive goal, but with some wild pleasure taken in mere involvement. The term "hack arose from MIT lingo as the word had long been used to describe college pranks that MIT students would regularly devise. Hackers push programs beyond what they are designed to do. Note that, at other universities, professors were making public proclamations that computers would never be able to beat a human being in chess. Hackers knew better. They would be the ones who would guide computers to greater heights than anyone expected.
The Hacker Ethic was a "new way of life, with a philosophy, an ethic and a dream". However, the elements of the Hacker Ethic were not openly debated and discussed, rather they were accepted and silently agreed upon."
So there you have it, but unless you ARE a 'hacker', I don't expect you to understand one bit of that, so don't feel bad if you don't. The term hack itself, now 50 years later has definitely changed, no scratch that, it's radically different, much thanks to people who broadcast biased and ignorant news (you know the three letter word). That's ok though, we don't need names and titles to define us, but if people are going to attempt to classify we 'hackers', they may as well understand the very classifcation system which they so bluntly use.
We've talked about hacking... which people generally relate to a bad thing, and ethics... something that makes people do good, how do these things fit together you say? Very carefully of course, like anything in life... and as anyone can tell you, people obviously do make the wrong choice ethically going into solely black hat hacking for monetary gain. Black hats exploit a system, a tool of enlightenment. They use it to fool unsuspecting masses of computer users to do their bidding, downloading malware, stealing info, passing along code, becoming ever more creative and malicious. The problem is this type of behavior is self-destructive, it destroys the community in which the user thrives (in the form of bringing the law down on them) and peoples perception of those who try to do good (is your head spinning yet?) by using the same tools to show just how a malicious user would exploit a system, so that it may be fixed ahead of time, or perhaps it is an old exploit no ones bothered to inform millions of unaware consumers, for instance, if your bank was using insecure methods of storing your data, wouldn't you want to know? In most cases these vulnerabilities would never be exposed until AFTER major breaches of security have occurred. We don't do what we do to help just ourselves, solving a problem before its an emergency is good for everyone.
Is it making any sense yet? We feel that what we do is so essential, so necessary, so exhilerating, we wouldn't have it any other way, and that it's worth the legal risk if it means we're doing what's right.
Go ahead, take the red pill.
