Gray Hat Hackers?

Print
Details
Category: Government

Oh boy.  Here we go.

A group that calls themselves "Gray Hat Hackers" today posted various sites including an Air Force, NASA and a Harvard University Project website that they are vulnerable to certain hacks.  But the story goes on to tell that the sites were already patched.

The article is here.

I love this for reasons I will explain. But they go on in the article to state:

“We are not Anonymous Version 2 and we are not against the US Government,” the group said in a post on Pastebin. The Unknowns have offered to test websites and alert the owners of any weaknesses without releasing hacked information. “We're here to help and we're asking nothing in exchange,” its message said.
From GCN (share this quote)

Please.  Lets get something straight.  If you hack a site WITHOUT consent, you are a black hat, NOT a Gray Hat. "Oh but we are here to help and ask nothing in exchange", yeah right.  There is no such thing as a free lunch.

Hacking without consent is still hacking illegally.  Product the infamous "get out of jail card" and we will think otherwise.

Again, from the article:

Gray hat hackers, as the name suggests, traditionally fall in between white hat hackers — security experts who conduct penetration testing and other procedures to help organizations identify weaknesses — and black hat hackers, who engage in outright criminal behavior. Gray hats might cross legal lines, but only to expose vulnerabilities without profiting from the hack or causing serious damage.
From GCN (share this quote)

Wrong.  A Gray Hat will NOT post, brag or put anything out in the media as was done here.  Fine line?  Fine if that makes you happy, but it is still hacking without consent.  If you believe this and lower your guard to these type of scams, then you deserve everything you get thrown at you.  From my neck of the woods, you are either White (with consent with the purpose to help a potential victim, with permission), Black ( go head, you'll get caught some day)  or if you consider yourself Gray, you will screw up sooner or later. Posting publically with the "aim to help" also shows that you are willing to expose information, no matter how limited.  But exposure it still is and that is STILL Black Hat.  Like I said, fine line to some, clearly defined to others.

Your take ?

I just get so annoyed by those bragging or saying that they are out to help, without permission.  Its just another scam to lower your guard.  Don't fall for it.  If you want a professional Hacker to pen test your system(s), do it properly.  Get the right permissions in writing and with proper disclosure rules.Protect yourself on both sides of the issue.

If you want to disclose later, that is up to the company you contracted with , not you and NOT the media.  Bored ? Got more time on your hands than you know what to do with? Prove your skills and join a professional team.  This Gray Hat stuff is and will burn you in the long run.  Be extremely careful. There are now laws and will continue to be newer laws introduced that will keep splitting hairs.  What you consider Gray today will be Black before the end of the day.

 

Steve