The United Kingdom has just jailed a man for proving that Facebook’s security was not up to scratch.
Glenn Mangham was jailed for eight months for hacking Facebook after the company moaned that it had to spend $200,000 fixing the problems he uncovered.
Glenn Mangham, 26, admitted infiltrating the social media website from his bedroom at his parents’ house between April and May last year.
Mangham told Southwark Crown Court in London that he had wanted to identify vulnerabilities in the system so he could alert Facebook. He had done similar work on search engine Yahoo to show how it could improve its security.
His actions were said to have risked destroying ”the whole enterprise” and sparked fears among American authorities of industrial espionage.
Southwark Crown Court heard how Mangham had unlawfully accessed and hacked into Facebook and its computers in April to May and had stolen ”invaluable” intellectual property, which he downloaded on to an external hard drive.
Mangham, a Sherlock Holmes fan, targeted multiple servers, bypassing Facebook’s security. He hacked into the account of a Facebook employee and through it obtained restricted internal data while the staff member was on holiday.
Where he went wrong was that he tried to delete the fingerprints he had left behind and this amounted to destroying some data. The matter was unearthed in a routine security review by the website. In June, the FBI knocked on his door, because apparently the US has rights to deal with hackers in the UK.
Tony Ventham, defending Mangham, said he was an “ethical hacker” who saw it all as a challenge.
Mangham had not tried to sell any of the information he obtained or pass it on to anyone else.
Ventham said it was always Mangham’s intention to hand over the information to Facebook when he could present them with a way of fixing the hack he had created.
The court heard he was of good character but showed strong indications of Asperger’s syndrome, and may have been trying to prove himself to his father, who works in the computer industry.
Passing sentence, Judge Alistair McCreath told Mangham the hack was not harmless and had ”real consequences and very serious potential consequences,” which could have been ”utterly disastrous” for Facebook.
The Judge said that the sentence was lighter than normal because Mangham never intended to pass on any of the information for financial gain.
He did not believe that Mangham would have tried to contact Facebook and thought that this was a retrospective justification for it, rather than his motivation.
What the case will mean for ethical hackers in the UK is that if they carry out any similar operation they will have to leave messages which will show clearly that they always indended to help the company out and not damage any data.