Though it might sound like a malicious prank, Khalil Shreateh was actually trying to make Facebook programmers aware of a system bug that could have potentially allowed spammers and scammers to post messages as someone else’s page – even without being a friend.
Though the unemployed computer researcher could have made a tidy profit selling this information to the blackhat hacker community, he chose to bring it to Facebook’s attention, hoping to receive $500 through their bounty program.
Shreateh tried to bring this loophole to the attention of Facebook’s security team and was given the brush-off due to an apparent miscommunication. He hijacked Zuckerberg’s page in order to better grab their attention. Though Facebook has since fixed the error, they have refused to pay Shreateh because he violated the network’s rules against taking over other people’s pages.
The refusal to pay sparked a bit of an outrage online, particularly the Arab and Palestinian geek community. A crowdfunding effort was even undertaken to help get Shreateh his bounty. The organizers set out to raise $10,000. They ultimately raised more than $13,000.
But now it would appear all has been righted. Shreateh, who has been unemployed the last two years, will finally be paid for his social media prowess. According to the blog ArabCrunch, Shreateh’s new job will have him consulting with crowd-funded start-ups in the United Arab Emirates at a company called Eureeca.
Security expert Marc Maiffret, who led the crowd-funding campaign to get Shreateh his bounty, said Facebook disrepetected third-party researchers by refusing to pay Shreateh.
“While a lot of companies maintain their own security teams there certainly are things that these teams miss,” Maiffret told the Daily Dot. “Sometimes simply being part of the company itself that you are trying to protect makes you too close to see the real problems. That is why third parties and outside researchers are so important because they view the world and your technology differently and discover different bugs that way.”
UPDATE: Sounds like Shreatah is exploring other options. In a blog post earlier today, Eureeca admitted that, while it had extended an offer to the young hacker, he hasn’t accepted it. The post stated:
Yesterday we mentioned in a blog post that we were going to take on the young, bright Palestinian IT expert Khalil Shreateh to work with SMEs across the region on a short term basis, however Khalil is going to explore other consulting opportunities and projects.
We wish him great luck!”
Illustration by Jason Reed