In the 1960’s the term “hacker” had a completely different meaning than it does today. Most people consider hackers to be criminal as they are best known for wreaking havoc on businesses and the lives of individuals by stealing personal information and using it for financial gain. The pioneers of hacking, however, had a different agenda. The idea of hacking came from model train enthusiasts that attended MIT in the 1960’s, who modified train track switches to control how they work and control where the model trains were sent. They applied this theory to programs and computers systems as a way to improve its functions and with that hackers were born. All hackers are not built the same and they have different agendas, black hat hackers are malicious in their intent while the white hat hackers use their abilities in ways that are beneficial to companies and organizations, grey hat hackers fall somewhere in the middle.
John Draper (aka Cap’n Crunch) was among the first black hat hackers in history. He successfully hacked a telephone line and was able to make free long-distance calls. The key to his success was a toy whistle from a box of cereal. Draper discovered that the whistle could produce a 2600 Hz tone, the same frequency used by the telephone network to signal when the line became active and inactive. He was able to make free calls by calling a long-distance number and while the telephone was ringing he would blow the whistle, signaling the telephone company that the call had ended while he was still on the line. This hacking technique was called “phreaking, which landed Draper two months in jail. Compared to the damage caused by modern hacking techniques, Draper’s offense seems minor. According to the Hiscox Cyber Crime Readiness Report 2017, cybercrime cost the global economy nearly $450 billion in 2016.
Businesses and government agencies hire hackers to penetrate their systems for the sake of security, those hackers are known as white hats or ethical hackers. White hats are paid to hack into systems to expose vulnerabilities or flaws within an organization’s security. When security flaws are discovered, they notify the business or organization of them so that new security measures can be implemented.
It’s illegal to hack into a system without authorization but is it ethical for a gray-hat to hack into a system if the intent is to help it become more secure? Some experts consider gray-hat hackers an essential part of securing the Internet because they often expose vulnerabilities before they’re discovered by the security community.
Grey hat hackers are a mash up of white hats and black hat hackers, with them comes the good and the bad. Similar to black hats, they use unethical or unlawful means to gain unauthorized access to a network or system and uncover security flaws, however, they do not exploit those flaws. Instead, they would notify the organizational the security flaws the same way a white hat would.
It’s difficult to say what motivates a grey hat due to the fact that they are technically breaking the law but they are doing so for the greater good. Ahmed Al-Khabaz, a former Dawson College student falls into this arena, he uncovered a flaw in his school’s computer system that revealed personal information of over a quarter million students. Al-Khabaz notified his school upon his discovery but his efforts managed to get him expelled from school. The Computer Fraud and Abuse Act states that it is illegal to intentionally accesses a computer without authorization or exceed authorized access, so by definition, Al-Khabaz’s actions were illegal and unethical but they were not malicious or immoral. So, what is the dividing line? The same actions that got Ahmed Al-Khabaz expelled from school landed him a job offer at ComLinker, a social media network. The co-founder Kim Yuen, who offered Khabaz the job, had this to say about his expulsion from school: “I think it’s disgraceful that a very skilled student, without any malicious intent, would be expelled and punished for the rest of his life for trying to help protect his fellow students. It doesn’t make sense to me.” In the case of Al-Khabaz, the dividing line turned out to be two incredibly different opinions between organizations.