Trending Topics:

Palestinian hacker channeling Snowden and Swartz becomes folk hero for Zuckerberg ‘exploite’

693 UxK9I AuSt 55
Palestinan Khalil Shreateh sits in front of his his computer at his home in the West Bank town of Yatta, Monday, Aug. 19, 2013 (Photo: Nasser Shiyoukhi/AP)
Photo of Aaron Swartz on Khalil’s facebook page

This is a great story that has gotten a lot of attention in the tech community. A Palestinian hacker named Khalil Shreateh kept reporting a bug in the Facebook code to Facebook, but techs blew him off. Finally he hacked Mark Zuckerberg’s page to post the bug there, along with an apology. “Sorry for breaking your privacy. I has no other choice… as you can see iam not in your friend list and yet i can post to your timeline.”

All hell broke loose, and Facebook cut off Shreateh’s Facebook page and also refused to give him the reward Facebook advertises for techies who discover glitches. The hacker community stepped up and rallied to reward him via a fundraising campaign on GoFundMe that has already raised over $11,000.

And now the hacker– who has used the portraits of Edward Snowden and the late Aaron Swartz, above, in his profiles– has become a global folk hero, and Zuckerberg has egg on his Facebook.

The story has been propelled by Shreateh’s devilish chops, sense of humor, and English. “Hello guys, this will be English and Arabic,” the bilingual youth wrote, in a viral video on the “exploite” that he put together to prove that he’d discovered the glitch.

AP says Shreateh has been inundated by job offers from all over the world, and his reactivated Facebook page, which now features his own portrait, lists his business representatives.

I can only imagine the political dimensions of this story. Shreateh lives in occupied Yatta, a city in the West Bank that is a core site for warehousing people who are being moved off their lands. And as Alex Kane noted to me, all Palestinian stories are political:

In the U.S., we’ve been trained to views Palestinians crudely; I imagine if you ask Americans what’s the first thing you think of when you think of Palestine, they would say Islamists, Hamas or war. But Shreateh is a reminder that this is a sophisticated society, one of the most highly educated in the world. Of course elements of Palestinian society are still tied to traditional ways of living–and there’s of course nothing wrong with that–but Palestinians are a part of our world, our hyperconnected Internet-infused world.

Right, that’s what’s thrilling about Shreateh. He destroys stereotype, and does it with brilliance, mischief, and some good oldfashioned resistance.

OK, some of the facts. From a tech site: “Snubbed by Facebook, Security researcher hacks Mark Zuckerberg’s Facebook page.”

Although Shreateh’s Facebook account was soon reactivated, he was told he wouldn’t qualify for Facebook’s bug-bounty program, which rewards researchers who find security flaws with payments ranging from $500 to $5,000.

“We are unfortunately not able to pay you for this vulnerability because your actions violated our Terms of Service” by making an unauthorized posting to a member’s page, the email message Shreateh received said. “We do hope, however, that you continue to work with us to find vulnerabilities in the site.”

To Shreateh, who says on his blog that he’s unemployed, this was unfair.

“I could sell” the exploit in underground malware bazaars, he told CNN in an interview. “I could make more money than Facebook could pay me.”

If you go to Khalil’s blog, “Facebook vulnerability 2013,” he tells the story himself. He gives his address as “Yatta-Hebron/Palestine,” and his job as “unemployee :/”

Days ago i discovered a serious facebook vulnerability that allows a facebook user to post to all facebook users timeline even they are not in his friend list .

His account of the “exploite” is charming. At one point he used a Zuckerberg friend’s facebook page to try and get his message across.

Sarah Goodin is the girl that was in the same college with Mark Zuckerberg .

Apparently, Palestinians don’t have Harvard worship.

Then here’s some of his traffic with facebook techs:

as usual they ignored my replay so i did report another , this email shows their replay to my second report including the report :

Hi Ḱhalil, I am sorry this is not a bug. Thanks, Emrakul Security Facebook

Well after a couple of these notes, Khalil proved his point by going to Zuckerberg’s page.

i know that you guys now know that it’s a bug for sure after deactivate my account which is& i want my account back soon as possible , as i report the bugs for you and i didnt use another fake accounts or test accounts to break privac

Facebook didn’t accept his story, and Shreateh called B.S. on it.

i replay back that facebook report page has a ” prove concept ” and i cant prove without sending pictures or video . that is bullshit

after my second report i record this video which shows the exploit , i was rush recording it cause they was able to close that exploit in any second :

Here is that video account of his “exploite”, showing a computer screen. It’s gone viral, 360,000 views, complete with the adorable exploding-hearts-graphic as Shreateh’s marker.

A commenter explained to Khalil that “reply” is not spelled “replay.”

He responded:

whatever , i dont care for miss spelling , just the idea , i never correct an underline red word ;)

Richard Odekerken, technical director of VANAD Laboratories in Rotterdam, sought to counsel him too:

Ḱhalil you should realize that making so many grammar and spelling mistakes causes you to be taken less seriously by the rest of the world.

Ondrej Zastera celebrated him:

Hi Ḱhalil,

you made a serious discover that could affect millions of people and you didn’t abuse it. You did the opposite thing – you reported it to the qualified persons.

The level of understanding is relative. If something is unclear, questions should be raised. You were obviously ready to co-operate.

No matter what, you deserve a certain kind of reward for sure. Facebook statement is just a shameful excuse for not giving it to you. You deserve a credit, not a disrespectful treatment we see here.

AP managed to get a photo of Shreateh (above) in Yatta and describes the job offers.

The stunt cost the 30-year-old Palestinian the bounty, but earned him praise — and numerous job offers — for being able to get to the boss of the world’s most ubiquitous social network.

Shreateh, who lives near the West Bank city of Hebron and has been unable to find a job since graduating two years ago with a degree in information technology, told Facebook that he found a way that allowed anyone to post on anyone else’s wall. “I told them that you have a vulnerability and you need to close it,” he told The Associated Press. “I wasn’t looking to be famous. I just wanted to make a point to Mark (Zuckerberg).”…

The bug — and Facebook’s response to it — has become a talking point in information security circles, with many speculating that the Palestinian could have helped himself to thousands of dollars had he chosen to sell the information on the black market.

Shreateh said he was initially disappointed by the Facebook response but that after being inundated by job offers from all over the world he is pleased with how things worked out.

“I am looking for a good job to start a normal life like everybody,” he said. “I am so proud to be the Palestinian who discovered that exploit in Facebook.”

About Philip Weiss

Philip Weiss is Founder and Co-Editor of

Other posts by .

Posted In:

13 Responses

  1. homingpigeon
    August 21, 2013, 1:40 pm

    doesn’t that kid zuckerberg have any adult supervisors who could counsel him on his PR embarrassment and how to make good on it?

    • Krauss
      August 21, 2013, 4:24 pm

      Zuckerberg, when asked in a private IM chat in 2004 by a friend why people trust him with their private information:

      “Because they’re dumb fucks”.

      By the way, most people are not aware that those twins did actually get almost a billion if not more in compensation. That means that their claims were not simply a way to scam money as he tried to suggest. To this day it’s more than likely that he simply stole most of the source code for Facebook.

      I understand the social pressure to use that site, I succumbed for a while(but only with limited time and effort), but ultimately the integrity of a website is about the integrity of the owner.

      As for Khalil, I’m pretty amused that the guy got to notice that bug through a laptop that looks like it is 5 or 6 years old. Reminds me of the Brazilian kids who come to my country to play in football games. They have no professional training at all but still beat the crap out of our players who have all kinds of professional gear, pro coaches and so on.

      Skill is skill, ultimately. Hopefully he can get a job and show a different face than the usual stone-throwing hasbara many have been accustomed to seeing.

  2. Citizen
    August 21, 2013, 1:54 pm

    “The bug — and Facebook’s response to it — has become a talking point in information security circles, with many speculating that the Palestinian could have helped himself to thousands of dollars had he chosen to sell the information on the black market.”

    Manning and Snowden could have done the same thing. American power types have a really hard time dealing with individuals who are honest, brave, and smart with ethical and moral integrity. They always play the probabilities, but every blue moon somebody pops up to show what despicable creatures they are. Considering what it’s like to grow up with all the disadvantages Israel imposes on Palestinians cradle to grave, the exact contrary to the super privileged Zuckerberg, this young Palestinian hacker is definitely a hero and role model for the best humanity has to offer.

    • August 22, 2013, 6:42 am

      By the way Citi, let us look at the list of WB universities (see below) and realize that many of them opened (or underwent major upgrade) AFTER ’67. Just follow the link and THINK, THINK, dont just spray your anti_Israeli venom.

      The West Bank[edit source]
      Arab American University[9]
      Al-Quds Open University[5]
      Al-Quds University[10]
      An-Najah National University[11]
      Bethlehem Bible College[12]
      Bethlehem University[13]
      Birzeit University[14]
      Edward Said National Conservatory of Music
      Hebron University[15]
      Ibrahimieh College[16]
      Khodori Institute, Tulkarm
      Palestine Polytechnic University[17]
      Al Ahlia University of Palestine [11]

  3. Fredman
    August 21, 2013, 2:19 pm

    This story is a quiet watershed of sorts and good on Mondoweiss for covering it. It has wider implications that you all didn’t miss even if most of the world missed them.

    • marc b.
      marc b.
      August 21, 2013, 5:43 pm

      so what are the implications in your opinion? I see two facts that are important to note: one guy in the WB is smarter than the combined intellect of the FBers; the world is a worse place with aaron Swartz gone, while we’re left with billionaire mediocrities like zuckerberg and gates.

      • Fredman
        August 21, 2013, 8:10 pm

        This story had some serious legs in the geek world last weekend and by himself, Khalil has broken the Zionist narrative of the “savage Palestinian” in the eyes of thousands of young nerds that heard this story. His civility and ability are in stark contrast to the Facebook response and their payment welching on the bug bounty.

        I miss Aaron and his energy but his work continues to do much good. RSS is still chugging along, for instance. : )

  4. David Doppler
    David Doppler
    August 21, 2013, 3:57 pm

    Another potential explanation is that this was a deliberate trapdoor left to allow falsification of someone’s facebook page, such as to fabricate evidence to incriminate or discredit someone? Not to be widely used, but very valuable in the rare case.

    • ritzl
      August 21, 2013, 7:41 pm

      Agree, DD. That would explain their response. A feature (to someone), not a bug.

    • marc b.
      marc b.
      August 22, 2013, 1:27 pm

      Not to be widely used, but very valuable in the rare case.

      for use by whom?

  5. ritzl
    August 21, 2013, 7:43 pm

    Assaf, Shreateh, and (dare I say) Tamari have done more for Palestinians in a year than Abbas, Fayyed, and Hanniyeh have done in decades.

  6. mcohen
    August 22, 2013, 7:06 am

    Looks like moon of alabama is having a spot of bother ,must be the palestinian hacker

  7. Talkback
    August 22, 2013, 8:29 am

    According to ADL-logic this can only mean that Facebook is racist and hates Palestinians.

Leave a Reply