Man who stopped WannaCry cyberattack donates US$10,000 reward to charity
The 22-year-old Brit who "accidentally" halted Friday's devastating global cyberattack says he plans to give his US$10,000 (NZ$14,000) reward to charity.
"I don't do what I do for money or fame," he told Business Insider. "I'd rather give the money to people who need it."
Late last week, a ransomware attack that made use of a leaked NSA (National Security Agency) "EternalBlue" software exploit spread rapidly round the world, infecting organisations in more than 150 countries, from Britain's National Health Service (NHS) to Spanish telecoms giant Telefonica, Nissan, and FedEx.
But the "WannaCry" malware's spread was halted when a British security researcher who goes by the name "MalwareTech" registered a website he found when investigating the malware's code. In doing so, he inadvertently triggered a "killswitch" - and he continued to host the website when he realised what he had done.
Since then, he has been inundated with unwanted publicity, with journalists tracking down his real name, publishing his photo, and appearing outside his family home, where he lives with his parents.
"If you turn up at my house you're crossed off the list of potential media outlets I will do an exclusive with," he tweeted on Monday. "For the record I don't 'fear for my safety', I'm just unhappy with trying to help clear up Friday's mess with the doorbell going constantly."
He has now been offered a US$10,000 reward for his efforts - but he says he doesn't want it.
HackerOne is a platform that lets security professionals responsibly report potential security issues in software, often in return for a cash reward (a "bug bounty"). In recognition of MalwareTech's efforts, the company publicly offered him a bounty, writing: "Thank you for your active research into this malware and for making the internet safer!"
In response, he said he intends to donate it to charity.
"I plan on holding a vote to decided which charities will get the majority of the money," he wrote. "The rest will go to buying books/resources for people looking to get into infosec [information security] who can't afford them."
In a message, MalwareTech told Business Insider he is still undecided on what sort of charities he will give the reward, to and that he plans "to let people suggest which they think is best".
So why does he do what he does? "Because it helps people and I enjoy it."
So @Hacker0x01 have awarded me a $10,000 bounty for the "kill-switch". I plan on splitting it between to-be-decided charities and education.— MalwareTech (@MalwareTechBlog) May 15, 2017
The vulnerability in Microsoft Windows that WannaCry exploited was patched in March this year, but because many organisations hadn't updated their software, they remained vulnerable. On Monday, Microsoft published a blogpost excoriating the NSA for "stockpiling" software exploits and their subsequent leak online by hacking group "ShadowBrokers."
"An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen," wrote president Brad Smith. "The governments of the world should treat this attack as a wake-up call."
- This story was first published by BusinessInsider.com.au