American security research fund awards $20,000 grant to Maltese student hackers

The Maltese white hackers that found a security flaw in student app FreeHour, were prosecuted for it, and then pardoned by the Prime Minister, have now been granted a $20,000 grant to help cover legal expenses.

As first reported by the Maltese Herald, the grant supports individuals targeted by legal action due to their good-faith security research.

In October 2022, computer science undergraduates Michael Debono, Giorgio Grigolo, and Luke Bjorn Scerri, alongside lecturer Mark Joseph Vella, discovered multiple security flaws in a student scheduling app widely used in Malta. The group reported their findings to the app’s developers so the developers could correct the vulnerabilities. 

Their discovery, performed transparently and with intent to improve public cybersecurity, served the public interest. However, the group faced criminal charges under Malta’s Computer Misuse Act, with potential prison time and fines.

The SRLDF, which awarded the students the grant, supports individuals targeted by such legal action due to their good-faith security research.

 “Our mission is to ensure that ethical researchers have access to counsel when facing charges for revealing vulnerabilities so they can be fixed,” said Stacy O’Mara, SRLDF coordinator. 

The Fund’s grants are awarded under criteria emphasizing financial need, alignment with definitions of “good faith,” and board approval. 

SRLDF does not provide legal representation directly, but funds independent legal counsel to defend researchers and challenge chilling prosecutions.

 SRLDF’s grant to the Maltese students helps ensure the students will receive legal representation in ongoing or future hearings related to their security vulnerability disclosure, particularly vital as the case moves through Malta’s courts.

The students recently received a presidential pardon, and are currently awaiting a final September 9th court date to officially file the pardon in the case. 

“Ethical security research strengthens society’s digital resilience,” said Harley Geiger, SRLDF Board Member. 

“Criminalising researchers doing the right thing imposes a dangerous chill on the discovery and responsible reporting of cybersecurity vulnerabilities that need to be fixed before hostile actors can exploit them,” according to Jim Dempsey, SRLDF Board Member.