6 The first target
After using the vulnerabilities, entering the university’s database and finding out who was plotting for his misery he managed to calm down and start focusing on earning money first to relieve himself from debt so that it doesn’t create a negative situation in the future.
So, he decided to find his first victim on his massive money making plan. Since he needed a large amount of money. He needed to find the victim who puts not only way too much importance in their data security but also has a very large public user base for them to want to prevent user data theft. This means that they will pay more money for his service, since a leak for them may mean that they lose their user base’s trust in their security system.
So, he decided to focus on social media sites since they fit perfectly in all of his criteria’s and he started investigating them and gathering all the needed detail before he made a choice on which one to choose.
And these are what he found after a few hours of research, As of today (May 28, 2013):
Facebook – Facebook’s market valuation stands at approximately $63 billion, with 1.11 billion monthly active users.
YouTube – YouTube’s market valuation remains undisclosed, but the platform has reported 1 billion unique monthly visitors.
Qzone – Qzone, owned by Chinese technology giant Tencent, has approximately 597 million registered users as of May 2013, but its market valuation is currently unknown.
Sina Weibo – Sina Weibo’s market valuation stands at approximately $3.3 billion, with 500 million registered users.
Google+ – Although Google+ had amassed more than 500 million registered users by December 2012, the social media platform’s market valuation is currently unknown.
Twitter – Twitter’s market valuation remains undisclosed, with 200 million monthly active users.
LinkedIn – LinkedIn went public in May 2011 and has grown to over 225 million registered users as of today, with a market valuation of approximately $20.5 billion.
Instagram – In April 2012, Facebook acquired Instagram for $1 billion, its market valuation is included in Facebook’s overall valuation, with 100 million monthly active users.
Tumblr – Yahoo! announced its acquisition of Tumblr for $1.1 billion, its market valuation is likely around that amount, with 300 million monthly active users.
Vine – Vine’s market valuation remains undisclosed, with 13 million registered users. Vine had been acquired by Twitter in October 2012.
That was what he found out about their user data from the data and their valuation in the market up to this month.
Since his computer is shitty, he can only choose one of the companies to do that, because it will take about a week to complete. Since he will upgrade it immediately the moment he gets money. That’s why he decided to go with the company that has the most money currently and can pay him immediately without beating around the bush too much.
So, he chose Facebook, as they have the most amount of users and the highest valuation among them, they must value their lead and don’t want a scandal that can make their competitors catch to them happen in a year after they have gone public, since if it happens they might lose their lead and the shareholders meeting will be a funnyone to attend.
After choosing which site to start with, he immediately started the program and it immediately started scanning the app for its weaknesses.
….
Two weeks later…. At Facebook headquarters.
Roxana Gray, the head of the website security department, arrived at the office when she heard a commotion immediately after entering the office.
The moment she opened the door everyone turned at her and one of them asked her” Mam, why aren’t you answering your phone?”
“It was on silent mode, but why? Is there something urgent or what?”
“Yes mam, we received a suspicious email saying that they have found some security breaches on our system and sent us an example of a few of them” answered the man.
When she heard that she immediately said “Meeting room in 10 minutes” and left for her office to calm herself down and prepare for the meeting.
Conference room.
Roxana arrive when there was about 5 minutes before the agreed time, when she found out that everyone was already there she said “Since everyone is already here let’s hear everything from the beginning”
“Yes Mam”. Answered the man and started explaining from the beginning
“When i was checking my office email i found an email with the heading written as i found some security weaknesses in your app” he said while opening the email and showing it to everyone using the projector in the meeting room.
The email said:
[
Subject: Disclosure of Vulnerabilities in Facebook’s App and System
To Whom It May Concern,
I am writing to inform you that I have discovered some vulnerabilities in Facebook’s app and system that could potentially compromise user data and security. As a concerned citizen and a user of your platform, I feel it is my responsibility to report these vulnerabilities to you so that they can be addressed and resolved as soon as possible.
I have already sent you some examples of these vulnerabilities that I have discovered, free of charge. However, I have more vulnerabilities that I am willing to share with you, but I require compensation for the remaining information.
I would like to stress that my intentions in reporting these vulnerabilities are solely to help improve the security of your platform and protect your users’ privacy. I am not seeking any personal gain or compensation for the examples that I have already provided. However, I believe that it is appropriate to request payment for my services if you require additional information beyond what I have already provided.
I urge you to take these vulnerabilities seriously and take immediate action to address and resolve them. Please contact me at this email if you require the remainder information or have any questions.
Thank you for your attention to this matter.
Vulnerabilities Ver 01.pdf
Sincerely,
[Aron Michael]
]
When they finished reading the email, the man continued with his explanation “When I tested the vulnerabilities he sent to us, they did exactly how it was explained, and the way he used them to exploit the system wouldn’t have been spotted by our firewall.” finished the man and waited for them to digest what he said.
“Who do you think he is?” asked one of them.
“That’s not important right now “said Roxana, disappointed with whoever said this “What’s important is to patch this security hole and contact him and set a meeting with him, the sooner the better.”
They discussed a little bit more and ended the meeting heading back to their work bench to fix the vulnerabilities Aron had sent them. While also contacting Aron to arrange a meeting with him in a few days.
….
When Aron received their reply he was relieved that they took his email seriously else he would have something that would attract their attention as he didn’t want to wait for another two weeks to find the vulnerabilities of another social media company’s system.
After a back and forth between him and Facebook they agreed to a meeting in their office, while he will be on an all-expense paid trip for a meeting with them next week since they expected his visit to last more than 3 days, due to payments negotiation that will also be taking place on their meeting.
After agreeing to their meeting plan, Aron took out his cell phone and called one of his few remaining friends. Felix, who was a law student specialising technology-related legal issues.
When he answered they caught up with their current situation and a few small talk here and there then Aron dived into the main talk. He explained to him in detail about his situation with Facebook and their planned meeting next week and that he needed a lawyer specialising in tech-related issues to go with and represent him during their meeting with Facebook making sure he gets paid what he deserves and they don’t underplay his contribution.
Felix agreed to help him, but he said they needed to meet first in order to understand the situation fully and be able to prepare for the meeting with Facebook. So they agreed to meet this evening.
After Aron finished the phone call he got up and changed his clothes to his jogging ones since he needed to complete his daily quest to earn some sp as currently only has..
[26,600sp]
Normally he should have only about 1,600sp but since he managed to use the knowledge given by the system he earned 10,000sp when he completed the BugZapper. He got a grade of F minus, because he downgraded the system for it to work in this time and the system interpreted it as him not using the program to its fullest potential.
He also earned 5,000 when he used the program to test it on the university’s system.
He also earned another 10,000sp when he used the program on Facebook’s systems, because Facebook had a larger system size compared to the university’s one and the impact he will have through Facebook will be higher than the university one. The large amount of data was the reason it took him nearly two weeks to complete checking the Facebook’s system, as massive amounts of information to sort and a crappy computer contributing to it didn’t help either.