Facebook may be refusing to reward Palestinian Khalil Shreateh the baseline $500 (£320) offered for discovering a security flaw, but a fellow hacker has now filled in to raise over $11,000 (£7000) for him.
Marc Maiffret, a self taught hacker who is now the chief technology officer of cybersecurity firm BeyondTrust, set up the fund on gofundme.com, hoping to raise $10,000 (£6400). He donated the first $2000 (£1275) himself and then reached the target in less than 24 hours.
Encouraging people from across the world to donate, Maiffret said: “He is sitting there in Palestine doing this research on a five-year-old laptop that looks like it is half broken. It’s something that might help him out in a big way.”
Shreateh first reported the flaw, which allowed him to post to the wall of people he was not friends with, to Facebook’s security team last week. However, the team bluntly told him “I am sorry this is not a bug”.
Facebook engineers then said Shreateh was not entitled to a ‘bug bounty‘ reward as he broke the site’s terms of service by posting on the wall of people he was not friends with, in order to demonstrate the flaw. He’s account was also temporarily suspended.
Writing on Hacker News, Facebook software engineer Matt Jones explained the decision: “To be clear, we fixed this bug on Thursday. The OP is correct that we should have asked for additional repro instructions after his initial report. Unfortunately, all he submitted was a link to the post he’d already made (on a real account whose consent he did not have – violating our ToS and responsible disclosure policy), saying that ‘the bug allow Facebook users to share links to other Facebook users’.”
Upon reaching the $10k mark, with donations still rolling in, Maiffret said: “Thank you so much to everyone who helped make this happen for Khalil.
“I hope this has raised awareness of the importance of independent researchers. I equally hope it has reminded other researchers that while working with technology companies can sometimes be frustrating, we can never forget the greater goal; to help the Internet community at large, just as that community has helped donate over ten thousand dollars to Khalil within a day.
“All proceeds raised from this fund will be sent to Khalil Shreateh to help support future security research.”Leave a comment on this article