A British student who breached security at Facebook last year has been sentenced to eight months in jail, despite arguing that his intentions were not malicious.
Glenn Mangham, who had previously been rewarded by Yahoo for finding vulnerabilities in its systems, unlawfully accessed and hacked into Facebook’s computer systems between April and May last year from his bedroom in York.
Specifically, Mangham breached a webserver used by Facebook to set puzzles to software engineers who might be interested in working for the social network.
Mangham then gained access to the account of Facebook employee Stefan Parker, and used the staff member’s privileges to access Facebook’s Mailman server (used to run internal and external email lists), and the Facebook Phabricator server used by internal developers.
Prosecutors claimed that Facebook spent US $200,000 (£126,400) dealing with the aftermath of Mangham’s hack, which prompted a “concerted, time-consuming and costly investigation” by the FBI and British law enforcement.
Mangham’s defence team argued that he was an “ethical” or “white-hat” hacker, whose intentions – rather than being malicious – were to uncover security vulnerabilities at Facebook with the intention of getting them fixed.
Southwark Crown Court heard that Mangham thought Facebook would respond positively to having its security flaws brought to its attention. The York student explained:
"It was to identify vulnerabilities in the system so I could compile a report for lack of a better word that I could then bundle off to Facebook and show them what was wrong with their systems."
Judge Alistair McCreath, however, showed little sympathy for the argument that Mangham was attempting to uncover security holes:
"This was not just a bit of harmless experimentation - you accessed the very heart of the system of an international business of massive size."
"This was not just fiddling about in the business records of some tiny business of no great importance and you acquired a great deal of sensitive and confidential information to which you were simply not entitled... Potentially what you did could have been utterly disastrous to Facebook."
Others who are interested in uncovering security holes in Facebook’s systems might be wise to take heed of Mangham’s story. If you illegally access Facebook’s computers while investigating a potential vulnerability, the social network may take a very dim view of your actions.Follow @gcluley