Live Chat Now
Give us a call

Send us a text



Grey Hat Hacker: What You Need to Know

By Steve Smith

The information presented here is true and accurate as of the date of publication. DeVry’s programmatic offerings and their accreditations are subject to change. Please refer to the current academic catalog for details.


April 26, 2024

7 min read


In the cyber security space, accessing a computer network without authorization is generally known as “hacking.” This term is widely used to describe a variety of activities and incidents, and their impact on the communities or individuals they affect. The terms you may be less familiar with are the ones that describe the different kinds of hackers, as they are categorized metaphorically by the color of hat they wear.


In this article, we will explore the grey hat hacker and if this player in the cyber security world is a good guy or a bad guy. We’ll find out as we define grey hat hackers and discuss the underlying legal and ethical issues behind their activities. Then we’ll wrap up the discussion with some recommendations for protecting yourself from the malicious hackers who are the most dangerous cybercriminals in today’s interconnected world.

What Is a Grey Hat Hacker?

Grey hat hackers are named so because their activities occupy an ethical grey area between the white hat-wearing good guys who hack information systems with the system owner’s permission to uncover and fix vulnerabilities and the hackers in the black hats who gain unauthorized access with clearly malicious intent. Grey hat hackers gain access to a system without the owner’s permission, look for vulnerabilities and then report their findings to the system’s owners. Their activities can be beneficial to the system’s owner, as they do not steal or damage data stored in the system, and they typically offer to fix the problem. 

So what’s in it for these hackers? In grey hat hacking, the hacker’s intention is often to show off their skills, gain publicity, or earn the appreciation of the system’s owner. As you might think, system owners are generally unappreciative of these unauthorized penetrations of their data infrastructure. And while they can provide helpful information regarding system vulnerabilities, their efforts are in fact illegal and viewed by the cyber security community as unethical. The grey hat hacker bends or even breaks the law for purposes that he sees as noble, but his friends in law enforcement see things differently and are likely to give him a ride “downtown” to express their lack of appreciation.   

An often-cited and high-profile example of grey-hat hacking is the 2013 hacking of Facebook founder Mark Zuckerberg’s FB page by an unemployed computer researcher named Khalil Shreateh. What was his motivation? To persuade Facebook to correct a bug he found that allowed him to post information on any user’s page without their consent. After Shreateh posted a message on Zuckerberg’s page, Facebook could no longer ignore him. The company told him the issue was not a bug, then corrected the vulnerability. As Shreateh violated Facebook’s policies, the company did not compensate him.  

Grey Hat vs. White Hat vs. Black Hat

The differences between these cyber security players lies basically in their intent. Let’s take a closer look at each of them.

White Hat Hackers often work as employees or contractors for companies that own information systems, complying with ethical standards and working under buttoned-down employment contracts. Using tactics that have come to be known as ethical hacking, they scour computer systems or networks to find security flaws or vulnerabilities, then make recommendations for improvements that can close these gaps, which provide potential access points for cybercriminals. They use the same methods as the black hat hackers, but with good intentions and the permission of the system’s owner. Their toolbox contains a variety of digital and physical tools like programming to lure cybercriminals and study their actions, malware, reconnaissance and research. Penetration testing is a subset of ethical hacking, with a focus on finding vulnerabilities and assessing risk within computer systems. Training courses, events and certifications dedicated to ethical hacking are all widely known in the industry, and are useful for anyone preparing to pursue a cyber security career. 

Black hat hackers are the cybercriminals who break into systems with malicious intent. They have been known to release malware that destroys files, holds computers and networks hostage (ransomware attacks), and steals passwords, account numbers and other personal information. What’s their motivation? It’s typically financial gain, but it can also be emotionally-charged, to exact revenge on an individual or institution they feel has wronged them or with whom they disagree with ideologically. The most successful black hats tend to be skilled hackers working for expansive and sophisticated criminal organizations or governments. These cybercriminals will often develop specialties such as phishing scams that use social engineering tactics to fool unsuspecting computer users into granting them access to protected networks. 

The grey hat hacker occupies the space in the middle. Like the black hats, they don’t have system owners’ permission to penetrate networks. But unlike the black hats, their intent is typically not malicious. When they find a vulnerability, they will typically not exploit it themselves, but will report it to the owner. Some companies have bug bounty programs that pay rewards to grey hats who report such issues. These payouts can range from a few hundred bucks to more than $100,000. Gray hats can, however, drift over to the dark side if their attempts to work with a network owner are ignored. In these cases, grey hats have been known to exploit the weaknesses themselves or post the vulnerabilities they’ve found, making them fair game for black hats to do their worst.

Is Grey Hat Hacking Safe?

The question of whether grey hat hacking is a safe practice can be examined in several ways, from a simple data security point of view, but also from a legal and ethical perspective. Grey hat hackers are generally not considered a major threat because they don’t access systems with malicious intent. It would, however, be prudent to consider any unauthorized access of a network and the information in it to be unsafe.

What’s the legality of the grey hat hacker’s actions? They access systems without the network owners’ consent. Doing so makes their activities illegal. Think of it this way – if a thief gains access to your home by breaking a window and opening a locked door, even if nothing is stolen the intruder can be arrested and charged with breaking and entering. 

Ethically, as we mentioned earlier, the grey hat operates in that grey area between the sanctioned and above-board activities of the white hat and the distinctly unethical activities of the malicious black hat.

Protecting Yourself from Hackers

The focus of our discussion has mainly been the relationship between the various types of hackers and the organizations that own and maintain data systems, and the potential threats posed by malicious hackers. But since the consumer is often the target of various forms of cybercrime, everyone should know how to keep sensitive information safe. Here are a few tips to keep yourself safe from hackers: 

  • Use strong passwords: Strong passwords that contain a combination of upper and lower-case letters, numerals and special characters go a long way toward keeping your information safe because they’re hard for the hackers to guess. Best practices in password management include changing passwords periodically and never writing them down on paper or sharing them with others.

  • Scrutinize unsolicited emails: You can protect yourself and your employer organization by never clicking on links within unsolicited emails. Email is the delivery system of choice for phishing scams that attempt to gain access to your credit card numbers, passwords or bank account details, or downloading malicious software onto your device. The trouble begins when you click on that link, so be sure to scrutinize those unsolicited emails more carefully than others. If you think it may be legit because it appears to be sent by someone you know, try calling or texting that person to verify they’re the one who sent it.

  • Safeguard your payment information: When shopping online, use only sites that have secure sockets layer (SSL) encryption. That’s what the “s” stands for in the URL that begins with https. Another practical security tip is to avoid saving your payment information on shopping sites. If the site is compromised by hackers, they may gain access to your credit card information.

  • Use two-factor authentication: After entering your username and password, that second authentication factor could stop a thief dead in their tracks. A verification code sent via text message to your mobile phone, for example, can quickly provide you with the key to access your account. Because it is highly unlikely that a thief would also have your cell phone, they would not have the code and would remain locked out.

Launch Your Career as an Ethical Hacker with Help from DeVry

DeVry University can help you prepare to pursue a career in cybersecurity. With our online Undergraduate Certificate in Cyber Security, Associate degree in Cyber Security and Networking or Bachelor degree in Cyber Security and Networking, you can take your first steps toward becoming a cyber defender, protecting information, data infrastructure and brands from malicious attackers. This 100% online undergraduate certificate program can be completed in as little as 1 year and 2 months on an accelerated schedule* or 1 year and 6 months on a normal schedule.** 

Coursework in this program may also prepare you to pursue industry-relevant certifications in the cyber security space, like CompTIA’s Security+ and the EC Council’s Certified Ethical Hacker. 

*Minimum schedule does not include breaks and assumes 3 semesters of year-round, full-time enrollment in 7-13 credit hours a semester per 12 month period.

**Normal schedule includes breaks and assumes 2 semesters of enrollment in 7-13 credit hours per semester per 12 month period.

If you want to take your education further, this certificate program “stacks” into our associate and bachelor’s degree programs in cyber security and networking, with every course counting as a building block toward the next degree level at DeVry.1


At DeVry, 6 academic sessions per year allow you to start when you’re ready and learn on the schedule that’s right for you and your personal and professional goals. Classes start every 8 weeks.


1At the time of application to the next credential level, an evaluation of qualifying transfer credit will occur and the most beneficial outcome will be applied.

8-Week Class Sessions

Classes Start Every 8 Weeks

Filter Blog Post Category

Related Posts