LONDON — The 22-year-old Brit who “accidentally” halted Friday’s devastating global cyberattack says he plans to give his $10,000 (£7,700) reward to charity.
“I don’t do what I do for money or fame,” he told Business Insider. “I’d rather give the money to people who need it.”
Late last week, a ransomware attack that made use of a leaked NSA (National Security Agency) “EternalBlue” software exploit spread rapidly round the world, infecting organisations in more than 150 countries, from Britain’s National Health Service (NHS) to Spanish telecoms giant Telefonica, Nissan, and FedEx.
But the “WannaCry” malware’s spread was halted when a pseudonymous British security researcher who goes by the name “MalwareTech” registered a website he found when investigating the malware’s code. In doing so, he inadvertently triggered a “killswitch” — and he continued to host the website when he realised what he had done.
Since then, he has been inundated with unwanted publicity, with journalists tracking down his real name, publishing his photo, and appearing outside his family home, where he lives with his parents.
“If you turn up at my house you’re crossed off the list of potential media outlets I will do an exclusive with,” he tweeted on Monday. “For the record I don’t ‘fear for my safety’, I’m just unhappy with trying to help clear up Friday’s mess with the doorbell going constantly.”
He has now been offered a $10,000 reward for his efforts — but he says he doesn’t want it.
HackerOne is a platform that lets security professionals responsibly report potential security issues in software, often in return for a cash reward (a “bug bounty”). In recognition of MalwareTech’s efforts, the company publicly offered him a ten grand bounty, writing: “Thank you for your active research into this malware and for making the internet safer!”
In response, he said he intends to donate it to charity. “I plan on holding a vote to decided which charities will get the majority of the money,” he wrote. “The rest will go to buying books/resources for people looking to get into infosec [information security] who can’t afford them.”
By education I mean I plan to purchase infosec based book to give to students who cannot afford them themsleves.
— MalwareTech (@MalwareTechBlog) May 15, 2017
In a message, MalwareTech told Business Insider he is still undecided on what sort of charities he will give the reward, to and that he plans “to let people suggest which they think is best.”
“I don’t do what I do for money or fame,” he wrote. “I’d rather give the money to people who need it.”
So why does he do what he does? “Because it helps people and I enjoy it.”
The vulnerability in Microsoft Windows that WannaCry exploited was patched in March this year, but because many organisations hadn’t updated their software, they remained vulnerable. On Monday, Microsoft published a blogpost excoriating the NSA for “stockpiling” software exploits and their subsequent leak online by hacking group “ShadowBrokers.”
“An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” wrote president Brad Smith. “The governments of the world should treat this attack as a wake-up call.”