Good PR versus Bad PR

I recently read an article on CNN that Zuckerberg’s Facebook page was hacked. The article uncovers the truth behind a security researcher who found a flaw in Facebook’s security system. While he reported it to Facebook several times and received some feedback, he wasn’t satisfied with the approach and proved his theory by hacking into the young CEO’s site, a story that has drawn major attention in media venues across the nation. Just to highlight a few:

CBS news: Facebook founder Mark Zuckerberg hacked to expose security flaw

Washington Post: Mark Zuckerberg’s facebook page hacked by unemployed Web Developer

Huffington Post UK: Mark Zuckerbergs facebook page hacked

Jerusalem Post: Palestinian Apologizes for hacking Zuckerber’s facebook page

Times of India: No Reward for hacking Zuckerbergs facebook page

As I read these articles, my mind went back to my master’s ethics class. I am not a litigator by any means, but I can’t help but pose a the following question:

1. Was the intention of hacking into Zuckerberg’s account legitimately that the hacker was trying to prove the flaw?

If so, I would defend that the researcher/hacker may not have understood the ‘white hat’ versus ‘black hat’ Terms and Conditions on Facebook. According to the article, “In hacker circles, “white hat” is a term for people who report exploits they find so they can be fixed, while “black hat” often refers to people who hack to take advantage of those exploits.” I am not sure the level of understanding between these two terms, but I could argue that there may be cultural differences associated with understanding this meaning. Perhaps the researcher/hacker thought he was acting as ‘white hat.’

Regardless of communication and cultural barriers, some would argue that breaking policy to make a point is still breaking policy, even if it was to alert the largest social network in the world of potential damage that could cost them “several” dollars to clean up, and could damage their reputation.

Am I saying it was right? No. I agree that anyone who breaks law/policy/guidelines, etc. should have to deal with the consequences.

Am I saying that sometimes any PR is good PR? Maybe. I wonder if the most well-known hacker of the last couple of days has landed himself a job. What do you think?