The Palestinian hacker 'Khalil Shreateh', who broke into the Mark Zuckerberg's Facebook Timeline to expose a security lapse will be awarded nearly $12,000 but not from Facebook, it will come from an online crowdsourced campaign.
The hacker initially used Facebook's whitehat disclosure program, a service that rewards bug hunters for reporting vulnerabilities, to inform the company about the issue. Facebook refused to pay him for finding the bug since he used it to post on Mark Zuckerberg's wall, because Facebook had ignored his earlier warnings. The exploit allows users to post to other Facebook user's timeline while they are not in friend list.
Marc Maiffret, CTO of BeyondTrust, has kicked off a crowd-sourced funding to come up with a reward for Khalil Shreateh, and the results have already been impressive.
'Khalil Shreateh found a vulnerability in Facebook.com and, due to miscommunication, was not awarded a bounty for his work,' Maiffret wrote on the GoFundMe campaign page. 'Let us all send a message to security researchers across the world and say that we appreciate the efforts they make for the good of everyone.'
"He is sitting there in Palestine doing this research on a five-year-old laptop that looks like it is half broken," Maiffret said. "It's something that might help him out in a big way."
Facebook has a bounty program where it pays people to report bugs instead of using them maliciously. "We will not change our practice of refusing to pay rewards to researchers who have tested vulnerabilities against real users," Chief Security Officer Joe Sullivan said. Shreateh has said he is not too disappointed by the response as he has now been inundated with job offers.