The WannaCry ransomware.
(gigi.h/Twitter) |
The 22-year-old Brit who "accidentally" halted Friday's devastating global cyberattack says he plans to give his $10,000 (£7,700) reward to charity.
"I don't do what I do for money or fame," he said. "I'd rather give the money to people who need it."
Late last week, a ransomware attack that used a leaked National Security Agency "EternalBlue" software exploit spread rapidly around the world, infecting organisations in more than 150 countries, including Britain's National Health Service, the Spanish telecommunications giant Telefonica, Nissan, and FedEx.
But the "WannaCry" malware's spread was halted when a pseudonymous British security researcher who goes by MalwareTech registered a website he found when investigating the malware's code. In doing so, he inadvertently triggered a "kill switch" — and he continued to host the website when he realised what he had done.
Since then, he has been inundated with unwanted publicity, with journalists tracking down his real name, publishing his photo, and appearing outside his home, where he lives with his parents.
"If you turn up at my house you're crossed off the list of potential media outlets I will do an exclusive with," he tweeted on Monday. "For the record I don't 'fear for my safety,' I'm just unhappy with trying to help clear up Friday's mess with the doorbell going constantly."
He has now been offered a $10,000 reward — but he says he doesn't want it.
HackerOne is a platform that lets security professionals responsibly report potential security issues in software, often in return for a cash reward, a so-called bug bounty. In recognition of MalwareTech's efforts, the company publicly offered him the $10,000 bounty, writing, "Thank you for your active research into this malware and for making the internet safer!"
He responded that he would donate it to charity.
"I plan on holding a vote to decided which charities will get the majority of the money," he wrote. "The rest will go to buying books/resources for people looking to get into [information security] who can't afford them."
In a message, MalwareTech said he hadn't decided the sort of charities he would give the reward to, and that he planned "to let people suggest which they think is best."
So why does he do what he does? "Because it helps people, and I enjoy it," he said.
The vulnerability in Microsoft Windows that WannaCry exploited was patched in March, but because many organisations hadn't updated their software, they remained vulnerable.
On Monday, Microsoft published a blog post excoriating the NSA for "stockpiling" software exploits and for the subsequent leak of those exploits online by the hacking group Shadow Brokers.
"An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen," wrote Microsoft's president, Brad Smith. "The governments of the world should treat this attack as a wake-up call."
MalwareTech has since been offered another reward for his work — a year's worth of free pizza, courtesy of the food delivery firm Just Eat.
"Yeah, I'll probably claim it," he said. "I do like delivered food, and it would be perfect for con after-parties."
No comments:
Post a Comment