To show how easy it is to hack the security system of Facebook, a hacker had success in hacking Zuckerberg and he will be receiving more than $12,000 for this. Through a crowd-sourcing campaign at Go Fund Me, the amount was collected which was donated by 303 individuals. The campaign has already accumulated a total of $13,125. The money will be given to Khalil Shreateh, the man from Palestine who was able to hack the timeline of Zuckerberg. According to Khalil, he wanted to try hacking Zuckerberg account to show him how vulnerable their system is. Prior to this act, Shreateh has warned them several times about the security problem, but they continue to ignore them.
The Facebook Bug That Earns a $12,000 Reward
Khalil Shreateh has developed a bug that allowed to post on the timeline of the people who are not in his list of friends. His effort has resulted in a Crowdfunding campaign that produced more than $12,000. Mark Maiffret the chief office of the Beyond Trust security agency arranged the Crowdfunding campaign. Mark states that Mr. Shreateh was able to discover the lapses on the social media security.
But because of miscommunication, he did not obtain the reward. The purpose of the campaign is to encourage security researchers to share their knowledge that will help improve the system.
Facebook has a program known as Bug Bounty. The program compensates individuals amounting to $500 who were able to discover a bug in the system. The system is designed that only those who are directly connected to you can post on your wall. But, Shereateh was able to discover a glitch that lets him post on Mark Zuckerberg timeline. Since he tried to use the bug to hack another user, he was disqualified to the said reward program.
Joe Sullivan, a security officer in the company explained the decision of the company through an online post. According to him, the company cannot change their policy concerning the refusal to grant the reward in a researcher who tested the vulnerability of the system to another user. Sullivan also added that it is not right to compromise the security or privacy of others. In the case of Shreateh, they are waiting for him to send a detailed report concerning the bug like a video. He could have created a test account to test and prove the vulnerability of the system.
SECURITY PROBLEM: HACKING ZUCKERBERG TIMELINE
Shreateh first tries to call the attention of the security. He advised them about the bug after he was able to post on the wall of Zuckerberg’s friend. But, according to the security team what he discovered is not a bug on their system. To show the security team that he knows what he is doing he introduced himself and told them that he has a degree in Information System. Shreateh furnishes them more information about the glitch and that he tested the glitch on Sarah Goodin.
Goodin and Shreateh are not related to each other or know each other. Shreateh lives in Palestine and speaks the Arabic language while Goodin graduated in Harvard. The Palestine guy was hoping that by posting in Goodin’s timeline, he would proof that there is a bug on the Facebook security system. Sadly, instead of believing him and deal with the problem, Facebook they told him that it is not a bug.
Shreateh, unemployed researcher with a degree in Information System said the spammers and scam artists might exploit the vulnerability of the system. To clear his name and inform people about the bug, he posted some of his communication with the security team of Facebook. At first, the team told him that they cannot open the link. They were referring to the video of Enrique Iglesias that he posted on Goodin’s timeline.
He thinks the security team could not open it because they are not connected on Facebook. He contacted again but the Facebook security team told him that the glitch he is reporting is not a bug. Because they are ignoring his concern, he decided to report it directly to Zuckerberg.
Shreateh was completely sure there is a security problem on Facebook. So he decided to inform Zuckerberg about it by posting on his timeline. Before doing such thing, he first asked for an apology for intruding his privacy. He mentioned that the security team of the social media has been ignoring his message. He also provided detailed information concerning the issue on his personal blog.
And he was right when he thought that it is the best way to inform them. After a few minutes of posting, Facebook contacted him and ask him how he was able to hacking Zuckerberg account. The security team acted on it right away and succeeded in fixing the bug. But, this does not prevent the different tech sites from talking about the glitch and how Shreateh could hacking Zuckerberg timeline. Some think that they managed the Shreteh’s report poorly. Matt Jones thinks that the slow response to this issue is due to language barrier.
They are receiving hundreds of reports every day, and the majority of them come from the non-English countries. Also, according to him that Facebook paid around $1 million to a number of reporters worldwide. But because Shreateh violated some terms and condition of their reward program, he is not qualified to receive the reward.
Facebook has several programs that provide a $500 reward for who discover issues concerning security instead of taking advantage of them. A journalist asked Shreateh why he prefers to report the issue Facebook, when he can easily sell it at the black market. He said that in spite the fact that he can earn more from this, his principles in life is more important than money.