A concept that has been acknowledged by the media since 1980. With the explosive growth of the Internet, there have been far more media articles about the darker side of computing than about the good-guy side of the CU. The Black Hats or crackers are often wrongly called “hackers” in media pieces.
In the CU, the hackers are the “good guys,” or the White Hats. They attempt to gain entry into a network with permission to stress-test the security of the system and to identify vulnerabilities. The Black Hats, in contrast, are the “bad guys,” those who break into the computer system without authorization and with the intent to cause damage—usually for personal gain.
Though the CU seems to have a considerable diversity of White Hat and Black Hat types and talents within its status pyramid, most neophyte hackers enter at the base of the pyramid—at the grey zone—in their early teens. The “grey zone” represents the experimental phase for the predominantly under-age-30 segment who have not yet fully developed their White Hat or Black Hat talents. Eventually, those in the grey zone choose to take roles either in the White Hat or the Black Hat zone as they approach age 30.
As for the common usage of the term “grey zone,” after the neophyte’s interest in hacking is sparked, initiation into the CU begins. Special hacking monikers are chosen, how-to-hack programs are downloaded from the Internet, and knowledge from the more senior hackers is sought. Eventually, some of the young people in the grey zone will be charged and convicted of cracking crimes as a result of their experimentation, whereas others will go unnoticed by law enforcement agents. The young people who decide to remain in the hacker status pyramid will eventually practice predominantly White Hat or Black Hat habits. The remainder will decide that the CU is not for them, and they will exit. Whether the seasoned hacker is placed in the White Hat elite stratosphere of the pyramid or in the Black Hat underworld is determined by many factors, including the hackers’ motivations for conducting the acts, the positive or negative effects of the acts on society, and the amount of talent and creativity employed in the acts.
The White Hats who remain in the status pyramid long term seem to select jobs in security and in loss-prevention management. Specialties often involve software and hardware design, anti-terrorism and homeland security, crime and loss prevention, computer and information security, disaster and emergency management, facility management, investigations and auditing, operations security, and physical security.
According to mid-1990 estimates, the total number of White Hats and Black Hats existing around the world totaled about 100,000—of which 10,000 were supposedly dedicated enthusiasts. Of this total, about 250 to 1,000 were thought to be in the elite ranks—those technologically talented enough to penetrate corporate systems.
The “grey zone” in recent years has taken on a new and somewhat different meaning. Grey networks, in particular, are becoming increasingly more commonplace as company IT professionals try to hold back the apparent growth in Peer-to-Peer (P2P), text messaging and other applications that have become important to some corporate users. They are given the “grey” title because although these individuals are still quite a distance from the accepted corporate standard of “approved applications,” they are useful in the corporate network. In short, in this sense, “the grey zone” represents the staffers running applications not part of the approved corporate portfolio.
Schell, B.H., Dodge, J.L., with S.S. Moutsatsos. The Hacking of America: Who’s Doing It, Why, and How. Westport, CT: Quorum Books, 2002; Strom, D. Confessions of a Gray-Hat Networker. [Online, February 28, 2005.] CMP Media LLC Website. http:// www.securitypipeline.com/trends/60404004.