After exploiting the vulnerabilities and gaining access to the university's database and finding out who it was who had been plotting for his misery, Aron managed to calm himself down and then shifted his focus towards earning money first in order to relieve himself from the debt so that it won't raise a negative situation in the future.
With that, he decided to find his first target for his grand money-making plan. And since he needed a large amount of money, Aron needed to find the victim who would not only put way too much importance on their data security but also boasted a very large user base and wanted to prevent user data theft. This means that such a target will be willing to pay more money for his service, since a data leak for them may mean that they would lose their user's trust in their security system.
So, with all that in mind, Aron decided to focus on social media sites since they perfectly met all of his criteria. He then started investigating these platforms and initiated gathering all the necessary details before he could make a final choice on which one to choose.
And these are what he discovered after a few hours of research, as of May 28, 2013:
Facebook - Facebook's market valuation stands at approximately 63 billion $ with 1.11 billion monthly active users.
YouTube - YouTube's market valuation remains undisclosed, but the platform has reported 1 billion unique monthly visitors.
Qzone - Owned by Chinese technology giant Tencent, has approximately 597 million registered users as of May 2013, however, its market valuation still remains unknown.
Sina Weibo - Sina Weibo's market valuation stands at approximately 3.3 billion $, with 500 million registered users.
Google+ - Although Google+ had amassed more than 500 million registered users by December 2012, the social media platform's market valuation is currently unknown.
Twitter - Twitter's market valuation remains undisclosed, with 200 million monthly active users.
LinkedIn - LinkedIn went public in May 2011, and has grown to over 225 million registered users as of today, with a market valuation of approximately 20.5 billion $.
Instagram - In April 2012, Facebook acquired Instagram for 1 billion $, its market valuation is incorporated into Facebook's overall valuation, with 100 million monthly active users.
Tumblr - Yahoo! announced its acquisition of Tumblr for 1.1 billion $, its market valuation is likely to be around the same amount, with 300 million monthly active users.
Vine - Vine's market valuation remains undisclosed, with 13 million registered users. Vine was acquired by Twitter in October 2012.
This was what Aron had found out about their user data and their valuation in the market up to the present month.
Given the limitations of his computer, he can only choose one among the companies at a time since the process was going to take about a week to complete.
And since he planned to upgrade it the moment he gets money, Aron decided to go with the company which has the most money right now and could immediately pay him without beating around the bush too much.
So, Aron chose Facebook, given its substantial resources, a large number of users and the highest valuation among all the companies. He also reasoned that they must be valuing their lead in their market and wouldn't want a scandal which could make their competitors catch up to them in a year after they have gone public, and if this happens, it would be quite detrimental for them as they might lose their lead along with the shareholders meeting that would happen after such an incident would definitely be funny.
After making his choice on which program to start with, Aron immediately started his program letting it immediately start scanning the Facebook app for its weaknesses.
….
Two weeks later.... at the headquarters of Facebook...
Roxana Gray, the head of the website security department, walked into the office but was immediately met with a commotion right after her entry.
The moment she opened the door everyone's eyes turned towards her and one of them asked, "Ma'am, why aren't you answering your phone?"
"It was on silent mode, but why? Is there something urgent or what?" Roxana inquired.
"Yes ma'am, we have received a suspicious email claiming that they have found some security breaches on our system and they have also provided an example of a few of them," responded the man with a wry look on his face.
Upon hearing this, Roxana immediately frowned, "Meeting room in 10 minutes," before leaving for her office to calm herself down and prepare for the upcoming meeting.
In the Conference room.
Roxana arrived about 5 minutes before the agreed time, only to find out that everyone was already present there, addressing the situation, she started saying, "Since everyone is already here, let's hear everything from the beginning."
"Yes, Ma'am," answered the man from before, taking the lead in explaining everything from the beginning.
"When I was checking my office email, I came across an email with the subject line as 'I have found some security weaknesses in your app.'" He said while opening the email and projecting it onto the screen so that everyone could see.
The email read:
[
Subject: Disclosure of Vulnerabilities in Facebook's App and System
To Whom It May Concern,
I am writing to inform you that I have discovered a few vulnerabilities in Facebook's app and system that could potentially compromise the users' data and security. As a concerned citizen and a user of your platform, I feel it is my responsibility to report these vulnerabilities to you so that they can be addressed and resolved as soon as possible.
I have already provided you with a few samples of these vulnerabilities that I have discovered, free of charge. However, I have more of the app's vulnerabilities which I am willing to share with you, but I will require an adequate compensation for the remaining information.
I would like to stress that my intentions for reporting these vulnerabilities are solely to help you to improve the security of your platform and protect your users' privacy. Though I am not seeking any personal gain or compensation for the examples that I have already provided, however, I believe that it is appropriate for the right compensation for my services if you require additional information that is beyond what I have already provided.
I urge you to take these vulnerabilities seriously and take immediate action to address and resolve them. Please contact me at this email if you require the remaining information or have any questions.
Thank you for your attention to this matter.
Vulnerabilities Ver 01.pdf
Sincerely,
Aron Michael
]
After reading this email, the man then continued with his explanation, "At first I thought that it was a prank, but I still tried one out of curiosity, and when I tested one the vulnerabilities he sent to us, it did exactly how it was explained by him, and the way he used them to exploit the system wouldn't have been spotted by our firewall either, then I tried testing others as well and though it makes me feel disbelief, but all of this is true." finished the man and waited for them to digest what he had just said.
"Who do you think he is?" asked one of them in curiosity.
However, Roxana interjected disappointed with whoever had asked this, "That's not important right now. What matters is to patch this security hole and contact him and arrange a meeting with him, the sooner the better."
They further discussed a little bit more about this matter before ending the meeting and heading back to their workstations to address the remaining vulnerabilities Aron had shared with them.
Simultaneously, they also initiated contact with Aron to schedule a meeting with him in a few coming days.
….
When Aron received the reply from Facebook, he was relieved knowing that they had taken his email seriously, or else he didn't have something that would attract their attention. He didn't want to wait another two weeks to discover the vulnerabilities of another social media company's system.
After a series of back and forth communication between Aron and Facebook, they finally agreed to hold a meeting in the Facebook's office, he was offered an all-expense paid trip for the meeting with them next week as they anticipated that his visit would extend for more than 3 days due to payments negotiation which will also take place during their meeting.
After agreeing to their meeting plan, Aron took out his cell phone and called one of his few remaining friends, Felix, who was a law student specializing in technology-related legal issues.
When he answered the call, the two caught up with their current situation and engaged in a few small talks. Eventually, Aron delved into the main topic. He explained to Flexis everything in detail about his situation with Facebook including their planned meeting next week and that he needed a lawyer who was specializing in tech-related matters to accompany him and also represent him during the meeting with Facebook, making sure that he gets fair payment for what he deserves and they don't undervalue his contribution.
Felix agreed to help him but suggested that they would need to meet first in order to completely understand the situation and to adequately prepare for the meeting with Facebook. Hence, they agreed to meet in the evening.
After he ended the phone call, Aron got up and changed into his jogging clothes since he needed to complete his daily quest to earn some SP as currently he only had.
[26,600 SP]
Normally, he should only have earned about 1,600 SPs but since he had managed to use the knowledge given by the system, Aron earned an extra 10,000 SP when he completed his version of BugZapper.
However, he got a grade of F minus because he had downgraded the program for it to work in the current era, the system interpreted it as him not using the program to its fullest potential.
He also earned an additional 5,000 SPs when he used the program to test it on the University's system and earned another 10,000 SPs when he used the program on Facebook's systems.
And since Facebook had a larger system size, the impact he would have through Facebook will be higher when compared to the University's system, along with that it took nearly two weeks to complete the extensive evaluation of the Facebook's system due to the massive amounts of information to sort and a crappy computer contributing to it didn't help much either.