Hacker who bypassed Facebook security pleads guilty

Filed Under: Data loss, Facebook, Featured, Law & order, Social networks, Vulnerability

Glenn Steven ManghamA British student has pleaded guilty to charges that he breached security at Facebook earlier his year, despite arguing that his intentions were not malicious.

York computer science student Glenn Steven Mangham, 26, attempted to bypass security on the company's internal systems, raising alarm amongst the FBI that industrial espionage was occurring, according to media reports.

Mangham, who had previously been rewarded by Yahoo for finding vulnerabilities in its systems, discovered that Facebook was far from amused by his activities.

The social networking giant discovered evidence that pointed back to Mangham and he was arrested by the Metropolitan Police Central e-Crime Unit (PCeU) in June.

Specifically, Mangham was accused of using a computer program to secure unauthorized access to Facebook, of attempting to hack into Facebook's Mailman server (used to run internal and external email lists), and attempting to secure access to the Facebook Phabricator server used by internal developers.

Southwark Crown Court was told Mangham produced software scripts that could hack into Facebook's Phabricator server to download "highly sensitive intellectual property".

In addition, the student was said to have breached a webserver used by Facebook to set software development puzzles to programmers who might be interested in working for the company.

Facebook software engineering puzzle website

Mangham's defence team has argued that he was an "ethical" or "white-hat" hacker, whose intentions - rather than being malicious - were to uncover security vulnerabilities at Facebook with the intention of getting them fixed.

Facebook users will be relieved to hear that the social network told BBC News that the attack "did not involve an attempt to compromise or access user data."

Thank goodness for that.

Of course, Facebook founder Mark Zuckerberg's past is not necessarily entirely squeaky clean itself. In the past, he has been accused of hacking into a rival social network, breaking into journalists' email accounts, and calling Facebook's early adopters "dumb f**ks" for sharing their email addresses, photos and other personal information.

Some people just get lucky I guess.

Mangham is scheduled to be sentenced on 17 February 2012.

, , ,

You might like

7 Responses to Hacker who bypassed Facebook security pleads guilty

  1. Mike · 1394 days ago

    Wow I guess zuckerberg does not like it when it gets done to his stuff but he has no problem hacking anyones stuff or stealing there Ideas he is a lame ass.

  2. starfish · 1394 days ago

    im pretty impressed. on the other hand, it is not so good...

  3. Judy · 1394 days ago

    it dont surprise me that he was able to break FB security. FB has been pretty shitty lately. But Y imprison him? What did he really find or come close to finding that the FBI is afraid of?

  4. Myrddin Emrys · 1394 days ago

    Facebook should hire this guy! Or at least reward him for finding the flaws in their own incompetent programming...... I admire the fact this guy found all these flaws...... and DIDN'T abuse the ability by taking peoples data

  5. lewis · 1393 days ago

    he wont go prison believe me ;)

  6. Facebook has a long history of coming down on people who report security flaws for them. It doesn't come as a surprise that they come after this guy who didn't manage to actually hack - only attempt, from the look of it - since we can't prove his intentions were not malicious.

  7. wildman424 · 1389 days ago

    there's suppose to be a bounty for whitehats that report vunerbilities, where's this guys $500 bounty. You can't tell every hacker on the interwebs your pay them for reporting bugs then turn around and get them locked up after the done hacked your shit. Facebook needs to shut up,drop the charges & pay this guy his bounty.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley