Khalil, a Palestinian expert discovered and reported a serious vulnerability in Facebook code, but the Facebook team deputed to examine its report and ignored a high severity problem. Hereafter he had to hack and report the problem by directly intervening Mark Zuckerberg’s wall.
Hackers or crackers are not really bad guys. To understand the difference you must retrace the whole story. Khalil Shreateh, a Palestinian has discovered a vulnerability that allows anyone to write on the wall of other users without authorization. While the report sent to the Facebook security experts, however, Khalil hasn’t received feedback and confirmation. Therefore, he found himself in the difficult position and the researcher has decided to go the hard way, pointing out the bug in the most obvious and possible noisy way. He has intervened directly Mark Zuckerberg’s wall and posted a message as if Zuckerberg himself had written on his own after logging in to his account.
Thus, Khalil has achieved its purpose, and then the Facebook security team immediately took the report into consideration and interfered the problem. The message on the wall of Zuckerberg was extremely “clean” from the ethical point of view. He was not a fake, but instead reported the problem and shared contact details for further investigation. Khalil has apologized Zuckerberg for the intrusion, but explained that he had done that just because of the silence, which he received from Facebook team. First, he didn’t get any reply, and then second time, his report was rejected explaining the whole thing could not be considered as a vulnerability.
However, it’s a happy ending, but Khalil would not be able to redeem the reward promised by Facebook to those who report significant vulnerability to the system (from a minimum of $ 500). In fact, the team hasn’t recognized his way as a legal way to report the problem and by virtue of non-adherence, his account was locked at the time of fixing the bug. Mark Zuckerberg may now decide how to proceed with his own hand as it’s all about the stubbornness of Khalil.
Meanwhile, after his second report he recorded this video which shows the exploit in action: