A gray hat, in the hacking community, refers to a skilled hacker who sometimes acts legally, sometimes in good will, and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.
One reason a gray hat might consider himself to be gray is to disambiguate from the other two extremes: black and white. For example, a gray hat hacker may penetrate a computer system without authorization, an illegal act in most countries. However, the hacker may simply patch the security hole that allowed them access without damaging the system. In this situation, they may or may not disclose their activities, due to legal ramifications. It is possibly misleading to say that gray hat hackers do not hack for personal gain. While they do not necessarily hack for malicious purposes, gray hats do hack for a reason, a reason which more often than not remains undisclosed. A gray hat will not necessarily notify the system administrator of a penetrated system of their penetration. A gray hat will prefer anonymity at almost all cost, carrying out their penetration undetected and then leaving undetected. Consequently, gray hat penetrations of systems tend to be far more passive activities such as testing, monitoring, or less destructive forms of data transfer and retrieval.
In addition, they may be further disambiguated by their stance as it refers to the proper disclosure of computer security flaws. Where as a white hat will generally work with a vendor to correct the flaw, within a time frame, or under certain conditions. They also may attempt to pressure vendors to release a patch for a flaw through the possibility of disclosure. Their intention is to make systems safer. A black hat will generally never disclose information to the public since doing so will cause systems to be patched and greatly reduce the effectiveness of the vulnerability. In fact there as been a long standing controversy of black hats opposed to the white hat policy of full disclosure. Gray hats may or may not release vulnerabilities to the vendor or the public. They may attempt to sell them to black hats or white hats.
This is a good example of greyhat hacking. The Apache company had the right to pursue the hackers as black hat (criminals) or white hat (good samaritans).
In April 2000, gray hat hackers gained unauthorized access to apache.org. These people could have tried to damage apache.org servers, write text offensive to Apache crew, or distribute trojans or other malicious actions. Instead, they chose just to alert Apache crew of the problems and then to publish , beginning with:
This paper does _not_ uncover any new vulnerabilities. It points out common (and slightly less common) configuration errors, which even the people at apache.org made. This is a general warning. Learn from it. Fix your systems, so we won't have to :) This paper describes how, over the course of a week, we succeeded in getting root access to the machine running www.apache.org, and changed the main page to show a 'Powered by Microsoft BackOffice' logo instead of the default 'Powered by Apache' logo (the feather). No other changes were made, except to prevent other (possibly malicious) people getting in.| Hackers | | | Black Hats | | | White Hats |