Path to Success for One Palestinian Hacker: Publicly Owning Mark Zuckerberg
NOVEMBER 2, 2013 5:01 PM COMMENTS OFFVIEWS: 1448YATTA, West Bank – “You’ve no idea what I’ve done,” Khalil Shreateh said, bursting into the kitchen of his family’s stone-and-concrete house in the South Hebron Hills. The stocky 30-year-old Palestinian ran a hand through his already haphazard hair. “I just posted on Mark Zuckerberg’s wall.”
“YATTA, West Bank – “You’ve no idea what I’ve done,” Khalil Shreateh said, bursting into the kitchen of his family’s stone-and-concrete house in the South Hebron Hills. The stocky 30-year-old Palestinian ran a hand through his already haphazard hair. “I just posted on Mark Zuckerberg’s wall.”
“You’re kidding,” said his sister, 22-year-old Nibal. She’d just tried sending her brother a message over Facebook, and was surprised to find his account mysteriously deactivated. Now she could guess why. “Stay away from big people, brother!”
“I’m going to take a nap,” Shreateh shrugged. “Hopefully they’ll give me back my page when I wake up.”
Facebook CEO Mark Zuckerberg. Photo: Carlos Serrao
It was August 14, and Shreateh had just reached halfway around the world to pull off a prank that would make him the most famous hacker in the Israeli-occupied West Bank. He’ddiscovered a Facebook bug that would allow him to post to another user’s wall even if he wasn’t on the user’s friends list. Demonstrating the bug on Zuckerberg was a last resort: He first reported the vulnerability to Facebook’s bug bounty program, which usually pays $500 for discoveries like his. But Facebook dismissed his report out of hand, and to this day refuses to pay the bounty for the security hole, which it has now fixed.
Where Facebook failed, though, techies from across the world stepped in to fix, crowdfunding a $13,000 reward for Shreateh. Now that money, and Shreateh’s notoriety, is about to launch the former construction worker into a new life. He’s using the funds to buy a new laptop and launch a cybersecurity service where websites will be able to request “ethical hacking” to identify their vulnerabilities. And he’s started a six-month contract with a nearby university to find bugs as part of their information security unit. He hacks and reports flaws on other universities’ sites in his free time.
“If they offer money I do not reject them, but I did not ask for money,” Shreateh says. “I don’t seek much money, only a job and a good life.”
