UK Facebook hacker jailed for 8 months
Software development student claimed he wanted to highlight the social network's vulnerabilities
By Anh Nguyen | Computerworld UK | Published: 10:53, 21 February 2012
A York-based software development student has been sentenced to eight months in jail for hacking into social networking site Facebook, including three of its servers, from his bedroom.
According to the BBC, Glenn Mangham, 26, had admitted to hacking into Facebook between April and May 2011.
Mangham used an ethical hacking defence, saying that after he showed search engine Yahoo how it could improve its security, he wanted to do the same for Facebook.
Related Articles on Techworld
Yahoo had "rewarded" Mangham (with £7,000) for revealing its vulnerabilities previously, his lawyer Tom Ventham said.
However, prosecutor Sandip Patel said that Mangham had acted "with determination, undoubted ingenuity and it was sophisticated, it was calculating".
Patel told London's Southwark Crown Court that Mangham had "unlawfully accessed and hacked" into Facebook's website and its computers from his bedroom in Yorkshire, and then downloaded "invaluable" intellectual property onto an external hard drive.
Judge Alistair McCreath said that Mangham's actions were not "just a bit of harmless experimentation" – despite acknowledging that Mangham had never intended to pass on the hacked information nor make any money from it.
"You accessed the very heart of the system of an international business of massive size, so this was not just fiddling about in the business records of some tiny business of no great importance.
"You and others who are tempted to act as you did really must understand how serious this is.
"The creation of that risk, the extent of that risk and the cost of putting it right mean at the end of it all, I'm afraid a prison sentence is inevitable," McCreath said.
Prosecutor Patel said that Facebook spent $200,000 (£126,108) on investigating Mangham's hacking.
A spokesperson for the social network said that personal user data was not compromised by the breach, and added: "We take any attempt to gain unauthorised access to our network very seriously, and we work closely with law enforcement authorities to ensure that offenders are brought to justice."
