العربية
中国
Français
Deutsch
Ελληνική
हिन्दी
Italiano
日本語
Português
Русский
EspañolGREY HAT
A 'grey hat' in the computer security community, refers to a skilled hacker who sometimes acts legally, sometimes in good will, and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits.
One reason a grey hat might consider himself to be grey is to disambiguate from the other two extremes: black and white. It might be a little misleading to say that grey hat hackers do not hack for personal gain. While they do not necessarily hack for malicious purposes, grey hats do hack for a reason, a reason which more often than not remains undisclosed. A grey hat will not necessarily notify the system admin of a penetrated system of their penetration. Such a hacker will prefer anonymity at almost all cost, carrying out their penetration undetected and then exiting said system still undetected with minimal damages. Consequently, grey hat penetrations of systems tend to be for far more passive activities such as testing, monitoring, or less destructive forms of data transfer and retrieval.
A person who breaks into a computer system and simply puts their name there whilst doing no damage (such as in wargaming - see) can also be classified as a grey hat.
Alice sets up a site for Bob on a server run by Isaac. Isaac's server is on a network with Trudy. Unknown to Isaac, his server has a security flaw. Trudy finds the flaw and uses it to monitor Bob's site, because his server runs a different OS and she wants to find out how it's configured. But Isaac has had problems with Mallory. Mallory finds the flaw and uses it to gain access to the server. Mallory then uploads a complex logic bomb that would fry Isaac's server in three days.
Trudy catches Mallory uploading the doom-code. She waits until Mallory leaves then proceeds to remove the logic bomb so that she can continue to learn how the server was configured.
In 2006, a Swedish ISP was raided and servers were seized that contained torrent files which provided users the ability to download warez (illegal software) and some legitimate content. This move was applauded by the international media industry, such as the MPAA.
A few days later, a Swedish hacker group known as 'AUH' (Arga Unga Hackare, translates to "Angry Young Hackers") defaced the website of Antipiratbyrån (Anti-Piracy Bureau), Sweden's biggest organisation working to stop piracy. Arga Unga Hackare is generally regarded as a group of black hats. However, in this case, it may be argued that this particular action was 'grey'.
The defacement was unusual, because AUH published information which became the basis for a nation wide discussion regarding the abuse of Swedish legal resources, and possibly criminal acts supervised by international anti-piracy industry. The servers of the raided ISP were found containing warez, but as AUH was hacking Antipiratbyrån, they found evidence in the form of private emails that showed that Antipiratbyrån had used an infiltrator to put the illegal software on the ISP's servers. The infiltrator worked under the nickname 'rouge', but AUH identified him with real name, address and Swedish personal identification number. He was shown to be wanted by Swedish authorities for criminal acts. AUH also published e-mails that loosely linked international anti-piracy agencies to these actions, but the e-mails did not show to which extent the case was known outside of Sweden.
In the next few days, other sources provided evidence that strongly suggested that:
★ Antipiratbyrån funded the warez servers, making Antipiratbyrån the source of the illegal software - not the ISP.
★ Antipiratbyrån knew that the ISP owners were not aware that the servers were being used for warez.
★ Antipiratbyrån put effort into moving the warez servers from a former location to the raided ISP, because the raided ISP had a very good bandwidth (high speed internet connection).
★ Antipiratbyrån had been able to influence the legal system into not following proper procedures: the raided ISP owners were not interviewed by a judge before the raid. The raid was needlessly intrusive and caused downtime to critical infrastructure for systems which did not serve illegal content. The Antipiratbyrån staff had supervised and instructed Swedish authorities on place what to do.
★ Antipiratbyrån's hurry to raid the ISP may have been initiated by the fact that the ISP had performed an inventory just before the raid, in which the warez servers had been notified as unknown servers to be investigated.
The credibility of Antipiratbyrån was badly injured, and they did not deny the allegations. Eventually, Antipiratbyrån and the ISP reached a settlement, and did not publicly debate the incident further.
So, black hat tactics and skills were used by AUH, however they were used to unravel what many consider to be an unethical and criminal conspiracy, which possibly has international ties. These are typically grey shades of ethics; while the methods employed by AUH can be considered unacceptable and unethical, they were used to uncover even more unethical and possibly criminal actions on the part of Antipiratbyrån.
The current website of Antipiratbyrån is located at http://www.antipiratbyran.com/ .
★ Hacker ethic
★ Hacktivism
★ The Register - Bahnhof Bust
★ "Arga unga hackare" tog över Antipiratbyrån - article about the defacement.
★ Birgersson och Nylander anmäler Kronofogden - Two famous Swedish IT spokespersons file report (polisanmälan) with Swedish police agency regarding crimes allegedly committed by the Swedish national authority "Kronofogden".
★ Två Bahnhofanställda utpekade som pirater - Swedish ISP notifies media that two staff members may have been involved in warez activities.
★ The thin gray line
| Contents |
| Disambiguation |
| Examples |
| Trudy |
| Arga Unga Hackare vs Antipiratbyrån |
| See also |
| References |
| External links |
Disambiguation
One reason a grey hat might consider himself to be grey is to disambiguate from the other two extremes: black and white. It might be a little misleading to say that grey hat hackers do not hack for personal gain. While they do not necessarily hack for malicious purposes, grey hats do hack for a reason, a reason which more often than not remains undisclosed. A grey hat will not necessarily notify the system admin of a penetrated system of their penetration. Such a hacker will prefer anonymity at almost all cost, carrying out their penetration undetected and then exiting said system still undetected with minimal damages. Consequently, grey hat penetrations of systems tend to be for far more passive activities such as testing, monitoring, or less destructive forms of data transfer and retrieval.
A person who breaks into a computer system and simply puts their name there whilst doing no damage (such as in wargaming - see) can also be classified as a grey hat.
Examples
Trudy
Alice sets up a site for Bob on a server run by Isaac. Isaac's server is on a network with Trudy. Unknown to Isaac, his server has a security flaw. Trudy finds the flaw and uses it to monitor Bob's site, because his server runs a different OS and she wants to find out how it's configured. But Isaac has had problems with Mallory. Mallory finds the flaw and uses it to gain access to the server. Mallory then uploads a complex logic bomb that would fry Isaac's server in three days.
Trudy catches Mallory uploading the doom-code. She waits until Mallory leaves then proceeds to remove the logic bomb so that she can continue to learn how the server was configured.
Arga Unga Hackare vs Antipiratbyrån
In 2006, a Swedish ISP was raided and servers were seized that contained torrent files which provided users the ability to download warez (illegal software) and some legitimate content. This move was applauded by the international media industry, such as the MPAA.
A few days later, a Swedish hacker group known as 'AUH' (Arga Unga Hackare, translates to "Angry Young Hackers") defaced the website of Antipiratbyrån (Anti-Piracy Bureau), Sweden's biggest organisation working to stop piracy. Arga Unga Hackare is generally regarded as a group of black hats. However, in this case, it may be argued that this particular action was 'grey'.
The defacement was unusual, because AUH published information which became the basis for a nation wide discussion regarding the abuse of Swedish legal resources, and possibly criminal acts supervised by international anti-piracy industry. The servers of the raided ISP were found containing warez, but as AUH was hacking Antipiratbyrån, they found evidence in the form of private emails that showed that Antipiratbyrån had used an infiltrator to put the illegal software on the ISP's servers. The infiltrator worked under the nickname 'rouge', but AUH identified him with real name, address and Swedish personal identification number. He was shown to be wanted by Swedish authorities for criminal acts. AUH also published e-mails that loosely linked international anti-piracy agencies to these actions, but the e-mails did not show to which extent the case was known outside of Sweden.
In the next few days, other sources provided evidence that strongly suggested that:
★ Antipiratbyrån funded the warez servers, making Antipiratbyrån the source of the illegal software - not the ISP.
★ Antipiratbyrån knew that the ISP owners were not aware that the servers were being used for warez.
★ Antipiratbyrån put effort into moving the warez servers from a former location to the raided ISP, because the raided ISP had a very good bandwidth (high speed internet connection).
★ Antipiratbyrån had been able to influence the legal system into not following proper procedures: the raided ISP owners were not interviewed by a judge before the raid. The raid was needlessly intrusive and caused downtime to critical infrastructure for systems which did not serve illegal content. The Antipiratbyrån staff had supervised and instructed Swedish authorities on place what to do.
★ Antipiratbyrån's hurry to raid the ISP may have been initiated by the fact that the ISP had performed an inventory just before the raid, in which the warez servers had been notified as unknown servers to be investigated.
The credibility of Antipiratbyrån was badly injured, and they did not deny the allegations. Eventually, Antipiratbyrån and the ISP reached a settlement, and did not publicly debate the incident further.
So, black hat tactics and skills were used by AUH, however they were used to unravel what many consider to be an unethical and criminal conspiracy, which possibly has international ties. These are typically grey shades of ethics; while the methods employed by AUH can be considered unacceptable and unethical, they were used to uncover even more unethical and possibly criminal actions on the part of Antipiratbyrån.
The current website of Antipiratbyrån is located at http://www.antipiratbyran.com/ .
See also
★ Hacker ethic
★ Hacktivism
References
★ The Register - Bahnhof Bust
★ "Arga unga hackare" tog över Antipiratbyrån - article about the defacement.
★ Birgersson och Nylander anmäler Kronofogden - Two famous Swedish IT spokespersons file report (polisanmälan) with Swedish police agency regarding crimes allegedly committed by the Swedish national authority "Kronofogden".
★ Två Bahnhofanställda utpekade som pirater - Swedish ISP notifies media that two staff members may have been involved in warez activities.
External links
★ The thin gray line
This article provided by Wikipedia. To edit the contents of this article, click here for original source.
psst.. try this: add to faves
