Gray Hats: Tapping Into the Dark Side to Secure Data1 | 2 |
Still, even those gray hats who conduct business with the right motives always run the risk of encountering problems along the way.
“I’d like to believe all gray hats start out as good people — with the intention of trying to make things better in the world,” Pironti said. “It’s just that through a series of very well-educated, well-coordinated actions, individuals learn how to exploit their capabilities and exploit individuals and, before they know it, they’re doing things they didn’t mean to do. [For example,] research from a code is being used in ways that it never was intended to be used; a lot of guys are developing tools in the name of research that will then be modified for malicious purposes and they don’t know it’s going to happen.”
White hats, on the other hand, refuse to compromise their ethics in any way.
“The white hat says, ‘Look, I don’t want to be in the position where I have to compromise my morals, values and ethics to carry out my work activities, so it’s better to be in a passive, reactive mode than it would be to in some way jeopardize myself,’” he said.
Hacking Activities Can Have Legal Implications
“When you violate the security of a Web site, in many cases you’re violating various laws relating to computer crime,” Mizrach said.
To some, hacker activities can be classified, for the most part, as right or wrong with very little room for nebulous areas.
“Maybe I’m thinking like a former federal agent, but we tend to see things a lot more black and white, and there’s no law that allows anyone to go in on their own and test someone’s system without mutually agreed to rules of engagement,” Tipton said. “There are all sorts of shades of gray, and many — maybe even most — of them are very well intended, but it still doesn’t keep [the activities] from being illegal.”
There are computer acts, such as the Data Protection Act of 1998, that establish boundaries and penalties for disorganized hacking activity, and the laws that have been put in place over the past decade are even more stringent and carry even harsher penalties, Tipton said.
Gray hat hackers who choose to sell or post information on the Internet run the risk of facing legal action. While it’s nearly impossible to prosecute every case, the probability of this depends on how egregious the security breach is.1 | 2 |