Palestinian Hacker Finds Bug on Facebook, Breaks into Mark Zuckerberg’s Timeline

Facebook SecurityThere are, quite literally, dozens of organizations and entities who have held their reservations over Facebook and its security since a long time and now it’s clear that even the company’s CEO isn’t completely safe.

Yesterday, a Palestinian hacker by the name of Khalil Shreateh found a vulnerability in the social network’s coding and capitalized on it by writing a post on Mark Zuckerberg’s wall, disguised as Mark Zuckerberg.

The hacker had earlier reported the bug to the Facebook authorities twice,  but after he got a reply telling him that “I’m sorry this is not a bug”, he lost patience and decided to show the world that it was.

Khalil had discovered that with some kind of trick anyone could post onto anyone’s wall, even if target wall isn’t in the friend list of the user.

Here’s the post from Khalil detailing the complete information on the bug and incidents revolving around it.

According to Facebook regulations, hackers who inform the company about existing bugs are awarded $500 apiece, at least with no cap on maximum reward.

Not in this case. Facebook declined to reward him on finding such a huge error and instead deactivated his Facebook account, simply because the hacker had violated the site’s rules and regulations of not intruding on someone else’s timeline. Eventually, they did activate his account it but not without hitches.

As far as the relationship between developers and Facebook goes, it won’t be fair to blame the latter totally for what happened in this case as they’ve already rewarded around $1 million to developers over the past couple of years just for reporting bugs. What happened here won’t be doing any good to its botched image though.

    • Irrelevant 100% irrelevant. The real reason they will not pay out is that they (Facebook) has a list of accounts you are ALLOWED to attack. Their whitehats program tells everyone what those accounts are.

      Instead of attacking those accounts. he attacked Facebook executives. Facebook does not want to set a precedent that “okay, you attack Zuck’s account, we give you money.” So, no money.

    • Yeah.. he should have totes acknowledged that for the anti-semite conspiracy theory lovers club members like you. Am sure they had a secret meeting in Tel Aviv regarding this incident and Mossad agents are on their way to takedown this guy for bringing shame upon the jews. /s

      • I just asked a question, no need to get your shorts in a twist, burger.
        But your inflammatory reaction to my innocent musing proves a more important point doesnt it?

        • Your “question” was NOT a simple question, it was a foolish bigoted statement describing your state of mental health, and how you deal with non-Muslims.

          You have been outed as a prejudiced fool. Editing it to change it won’t affect what we know. Can you erase my memory???

          • Do you agree the same would have happened if it had been a non-muslim? non-palestinian? would you like to debate about youtube’s policy of allowing certain anti-islamic material on there? Get your head out of your *** man and smell the infidels penetrating every opening in your body.

            • ONCE AGAIN FOR YOU WHO CANNOT THINK: Facebook has over the years given out money to Muslims. Regardless of origin. Regardless of nationality. Regardless of mudhab followed by bug reporter. Regardless of gender.

              ** PROVING YOU WRONG YET AGAIN **

        • Accusing someone of religious discrimination doesn’t quite sound like an “innocent musing” to me. What important point is that which my post “proves” anyway?

          Oh and you editing out your post definitely proves that you agree it was stupid.

          @Shaid Saleem haha spot on.

          • Is it religious discrimination by youtube for not allowing anti-holocaust material, but allowing an anti-islamic movie to stay up?

            I never said my post wasnt stupid, I just asked why you had to be so rude about it? You made me cry, burger. Buri baat.

            • Is Youtube Facebook now???? No? Then why do you think they have or should have same policies?

              Oh right, I know why. You only look at “Facebook employes Jews” and “Google employes Jews” means “THEY ARE ALL AGAINST ISLAM#@[email protected]#$#@$#@”

              Short circuit in your brain, not ours.

            • lol looks like my reply to this got deleted. Ironically we were discussing censorship.

  • Bhai asal bat yeh hai kay that man is Muslim. Sub log muslims say khaif hai. agar yeh koe aur report karta tu acha khasa amount mil jata.

    • Then explain why many Muslims have won money from Facebook for showing security holes?

      Go to facebook whitehats site and click on “thanks” link.

        • And your point is…?

          Read my reply to talha92 carefully. He found a bug, yes, and they fixed it, but he attacked the accounts he was NOT supposed to so no money.

          If a bank says we will give anyone 5 lac for showing a security hole if you can make transcation to account XXX-YYY, and you make transaction with bank CEO’s account instead, then they’ll consider it a breach of agreement.

          • that’s actually I understand, but if a peron report a bug & no one listens to him what he should do to get attention. thats the main reason he use Mark’s Facebook account to attack & then he got a huge attention :)

            • He didn’t explain the problem properly, he just said he posted.

              EITHER WAY.

              Facebook gives him a list of accounts to attack. He attacked an account NOT on the list.

              Maybe you should give out your account to be hacked, then tell us how you feel about it.

              • @Shahid shb – if you are from Pakistan, Afghanistan, Kashmir, Egypt etc country and you find a bug then they will fix the bug ASAP but from these countries they will not do any thing because of muslims and now this is the concept of those jews.

                Even the person reported multiple times and FB replied that this is not a bug – Bhai aur kia karay jo woh log mana bhi kar rahay hai aur nahi maan rahay hai and then fix the bug.

                Tell me why embassies are not giving visa to Pakistani persons and even everything is OK and case is strong but due to Pakistani – they have in minded you are muslim and may be terrorist.
                If the guy that are from Palestinian suppose to be a cristian then you will see what they awarded.

                Bhai Shahid shb – ap ko shayad andaza nahi hai kay yeh log muslims kay pechay lagaye hue hai aur ap kay har reply say aisa feel ho raha hai kay un kay har qadam par ap khoob sath day rahay ho.

                Bhai ap pehlay Quran, Al-Hadith ki study karo sahi tara aur phr apnay har reply jo kisi bhi post par par dia hai ap nay then phr dekna Hadith ki nazar main tu shayad ap kay ankaoon say Ansoo niklay.

                @Shahid shb – Tell me are you against the Danish newspaper as they was did in past and alots of films that was released on Youtube against Islam and USA-citizen terry that was martyred our Holy Quran?

          • His point is that someone reported a problem and did not get acknowledgement. What would you do in this situation? Lets hear what the great shahid saleem would do?

            • READ HIS OWN POST. READ THE TIMELINE. They did not understand the bug until after he talked to engineer and posted the video. Which was WELL AFTER he told them there was a bug with their whitehats program.

              If he didn’t explain himself, so how could they fix the bug???

    • Don’t be silly, he broke the TOS and it didn’t help that his English is terrible. If they give him the prize money, they would be encouraging hackers to hack into FB profiles of other people and their bounty program is called “White Hat” not “Black Hat”.

        • Anyone who confused “terms of service” with “intellectual property” is ignorant. PERIOD. You use those terms without ever having known their meanings, because if you did know their meanings you would never confuse the two.

          PUBLIC PROOF YET AGAIN of your ignorance. Please, post another comment, maybe we don’t have enough proof.

    • Bhai yahaan par yeh baat na likhein warna shahid saleem sahab danda le kar ap ke peeche parjayenge.

  • I read all story at given link of hacker. Sorry hacker is not fitted word, i will say that bug finder. I think they refuse his argument because he is Palestinian. Anyway if he write on the wall of Mark zukerberg by finding this type of security holes, anyone can write on my wall also.

  • You accuse them of treating Muslims badly when in your mind (and expressed in your comment above) YOU are doing the same to them: treating them all equally and badly. Is Facebook a country and issueing visas now? Is it a Danish newspaper No? Then why are you comparing the two? What a silly argument you make, Saeed. Can’t you even think straight?

    I want you to explain to me why AFTER I have shown you that they give money to Muslims (INCLUDING PAKISTANIS) for finding bugs in Facebook, then why you ask this question of yours? Are you so mentally deficient that FACTS don’t penetrate your brain?

    ONE LAST TIME: Facebook has given and continues to give money to Muslims to find bugs in their site. All the bug reporters have to do is follow their whitehats terms of service. That’s all.

    Other Muslims can do it. This one didn’t. End of story.

    Except it’s not the end of the story. In case you haven’t followed the news, the bug reporter has just recieved over $11,000 from ordinary people and security researchers on the internet to compensate him for what Facebook didn’t think he deserved. And you know what? The person who led the effort to give him the $11,000? He’s a Jew.

  • Joe Sullivan – Chief Security Officer at Facebook says:
    “He tried to report the bug responsibly, and we failed in our communication with him”
    He wasn’t paid and will not be paid “as per them” (above link) as he finally showed/tested on a real user Mark Z since they would not acknowledge the bug.
    Can you imagine a scenario where they would have accepted his report, Do you know facebook has a “no reward policy” for territories/countries under US sanctions (Palestine being one of them).
    “Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)”

    So next, was it face saving by a company not wanting to accept a broader policy by declining in the start? was it saving its money as in the past it has been very generous? its an open topic, you can all imagine and think yourself if he would have gotten the reward :)

  • You are so prejudiced you cannot see the truth in front of your eyes.

    Palestine is not under current Sanctions by the US, by the way. So they have no SANCTIONS reason for denying him money.

    ONE MORE TIME: he was supposed to hack test accounts to prove his hack. He hacked other accounts. He broke the Whitehats agreement, so he got no money from Facebook. Khalas.

  • close