LONDON — The 22-year-old Brit who “accidentally” halted Friday’s
devastating global cyberattack says he plans to give his $10,000
(£7,700) reward to charity.
“I don’t do what I do for money or fame,” he told Business
Insider. “I’d rather give the money to people who need it.”
Late last week, a ransomware attack that used a leaked National
Security Agency “EternalBlue” software exploit
spread rapidly around the world, infecting organisations in
more than 150 countries,
including Britain’s National Health Service, the Spanish
telecommunications giant Telefonica, Nissan, and FedEx.
But the “WannaCry” malware’s spread was halted when a
pseudonymous British security researcher who goes by MalwareTech
registered a website he found when investigating the
malware’s code. In doing so, he inadvertently triggered a “kill
switch” — and he continued to host the website when he realised
what he had done.
Since then, he has been inundated with unwanted publicity, with
journalists tracking down his real name, publishing his photo,
and appearing outside his home, where he lives with his parents.
“If you turn up at my house you’re crossed off the list of
potential media outlets I will do an exclusive with,” he
tweeted on Monday. “For the record I don’t ‘fear for my
safety,’ I’m just unhappy with trying to help clear up Friday’s
mess with the doorbell going constantly.”
He has now been offered a $10,000 reward — but he says he doesn’t
HackerOne is a platform that lets security professionals
responsibly report potential security issues in software, often
in return for a cash reward, a so-called bug bounty. In
recognition of MalwareTech’s efforts, the company publicly offered him the
$10,000 bounty, writing, “Thank you for your active research
into this malware and for making the internet safer!”
He responded that he would donate it to charity.
“I plan on holding a vote to decided which charities will get the
majority of the money,” he wrote. “The rest will go to buying
books/resources for people looking to get into [information
security] who can’t afford them.”
By education I mean I plan to purchase infosec based book to give to students who cannot afford them themsleves.
— MalwareTech (@MalwareTechBlog) May 15, 2017
In a message, MalwareTech told Business Insider he hadn’t decided
the sort of charities he would give the reward to, and that he
planned “to let people suggest which they think is best.”
So why does he do what he does? “Because it helps people, and I
enjoy it,” he said.
The vulnerability in Microsoft Windows that WannaCry exploited
was patched in March, but because many organisations hadn’t
updated their software, they remained vulnerable.
On Monday, Microsoft published a blog post
excoriating the NSA for “stockpiling” software exploits and
for the subsequent leak of those exploits online by the hacking
group Shadow Brokers.
“An equivalent scenario with conventional weapons would be the US
military having some of its Tomahawk missiles stolen,” wrote
Microsoft’s president, Brad Smith. “The governments of the world
should treat this attack as a wake-up call.”
MalwareTech has since been offered another reward for his work —
a year’s worth of free pizza,
courtesy of the food delivery firm Just Eat.
“Yeah, I’ll probably claim it,” he said. “I do like delivered
food, and it would be perfect for con after-parties.”