What will a hacker do to prove his point when Facebook doesn't follow protocol? He will post directly to Mark Zuckerberg's Facebook wall. That's the method the hacker known as Khalil took when Facebook didn't accept his report of a bug to be true. Khalil reported that he found a bug that allowed him to post on anyone's wall, regardless of whether they were 'friends' or not. Khalil reported the bug to Facebook's White Hat Program, a program that rewards people who report exploits of the Facebook system. The reward is $500 per bug. Facebook denied Khalil's report, saying at first the link he attached with proof of he bug was broken. The second time Khalil reported the security flaw Facebook responded saying "This is not a bug." Khalil, a professional with a Bachelor's Degree in Information Systems, decided to take the issue upon himself. To prove his point that the bug was real, he posted the following to Mark Zuckerberg's wall:
Facebook responded immediately and disabled his account. However, they refused him the reward for reporting the hack because his actions violated the Terms of Service of their White Hat Program. They told him he had not provided enough technical information and because of that they were not able to respond. When he used his ability to violate Facebook users, that's when he crossed the line. Khalil is proud that he had the expertise to discover a bug in one of the world's biggest website from Palestine using a five-year old laptop with a broken battery and missing keys. He said he "really needed that money," and that was his reasoning why he reported the bug to Facebook directly instead of selling the information to blackhat hacker sites, which would have been less than the $500 dollar Facebook award. Although Facebook refuses to honor the reward, luckily, Marc Maiffret, CTO of security firm BeyondTrust, started a GoFundMe Campaign to give Khalil the reward he deserves for his work and to raise awareness of the "importance of independent researchers," Maiffret stated. He continued, "Let us all send a message to security researchers across the world and say that we appreciate the efforts they make for the good of everyone." The campaign raised a total of $11,305 - over one thousand dollars more than the $10,000 dollar goal. The money will be honorably rewarded to Khalil.
