khabaz2

Student expelled for exposing university's security holes

Shares

After being expelled and having his academic record tarnished for alerting his college to a database loophole, 20-year-old Hamed Al-Khabaz might have been offered the job of a lifetime.

And it's with the same company that runs his college's student database.

Al-Khabaz was expelled from Quebec's Dawson College in November "after stumbling upon a potentially disastrous security flaw in the school’s computer system," the Montreal Gazette reported.

The flaw would have allowed hackers to access students’ personal information—such as social security numbers and home addresses—stored in the database used to add or drop classes online.

"Had Hamed not made his discoveries, the personal data of millions of Québec students, College and University staff, as well as alumni dating as far back as 1994 would have continued to be easily exploitable," said a petition site created to clear his name.

Al-Khabaz was ultimately threatened with legal action by the CEO of Skytech Communications, the company which ran the databases at Dawson College. He also was "given zeros across his college transcripts and forced to pay back thousands of dollars in grants awarded to him by Quebec’s student aid program," the Gazette added.

With  Al-Khabaz's academic life in shambles, a petition site called HamedHelped.com was started to help cover his legal bills and share his side of the story.

"We, the undersigned, call on Dawson College to immediately reinstate Hamed Al-Khabaz in their Computer Science program, refund all monies lost as a result of his unjust expulsion, and offer him a full public apology," states the petition, which has since collected more than 8,000 digital signatures.

News of the petition reached Skytech Communications, which has since entertained the idea of offering Al-Khabaz a part-time job and a scholarship to finish his schooling. It is unclear whether Al-Khabaz will return to Dawson.

“This wasn’t a game for me, it was my moral duty to protect the students’ data,” Al-Khabaz told the Gazette. “If I was really acting maliciously, I could have concealed my identity, stolen all of that information and sold it. But instead I alerted the right people; I didn’t try to hide who I was, I just tried to make sure they were following through and fixing the site’s weaknesses.”

Photo via HamedHelped.com