Remember our friendly white hat hacker, Khalil Shreateh, who got stiffed on his just reward after identifying a Facebook bug that let him post on Zuckerberg's wall? Well, looks like the hacker community has no intention of letting their buddy's bank account fall to the wayside. After setting up a fundraising campaign on GoFundMe, security researcher Marc Maiffret has successfully collected $US10,000 in donations for Shreateh — a full 20 times more than Facebook's withheld offering.
It all started when the Palestinian hacker posted what might have been the kindest, most polite complaint (or compliment, for that matter) that Facebook has ever received, which would normally have warranted him the $US500 bounty Facebok offeres for uncovering a security vulnerability. There was just one little problem; he posted it by hacking his way onto Zuck's wall — and apparently, Zuck's already got all the friends he needs, thank you very much. So claiming that Shreateh violated Facebook's terms by "exploiting bugs to impact real users," Facebook denied him the reward money.
And that's when Maiffret stepped in. He got his start as a software researcher by exposing the flaws in tech companies' software, so he naturally sympathized with this noble young upstart. He was a little more mischievous in his aims than Shreateh seems, however. At 17, Maiffret's home was raided by the FBI — and he'd done so much illegal hacking, he had no idea what the exact offence was. As he told Bloomberg Businessweek:
I had honestly hacked everything from government systems to [Microsoft] to you name it, a good three years of hacking. These days there's a much bigger allure, and if you're getting into hacking and research, there are essentially two paths ahead of you.
Now, though, he's back to using his powers for good, and companies have, for the most part, wised up. Facebook has paid out over $US1 million to white hat hackers for their help in exposing various flaws and bugs that would otherwise go unnoticed.
Which is a big reason why, when Facebook backed out of its promise, Maiffret wanted to make sure that a hacker who actually did the right thing got what he deserved. Lucky for Shreateh, so did a lot of other people. For kindhearted hackers' sakes, here's to Facebook holding back cash more often. [Bloomberg Businessweek]