Glenn Mangham, a 26-year-old software development student from Cornlands Road, York in Great Britain, was sentenced to eight months in prison after he admitted hacking into Facebook from his bedroom in his parents' house between April and May 2011.
Mangham told London's Southwark Crown Court that he hacked into Facebook to discover the site's vulnerabilities, which he claimed he would then turn over to Facebook to help them beef up security.
It was to identify vulnerabilities in the system so I could compile a report that I could then bundle over to Facebook and show them what was wrong with their system, Mangham said. I had performed the same routine with Yahoo.
Mangham's lawyer Tony Ventham described the student as a computer nerd with good character, and a big fan of the fictional detective Sherlock Holmes. While the student's behavior suggested he may have Aspberger syndrome, Ventham argued that Mangham's actions were reflective of the greater hacker culture.
He saw this as a challenge, Ventham said. This is someone who in previous times would have thrown everything aside to seek the source of the Nile. It was common currency within the community of computer nerds or geeks, if I may refer to him as that, where there was this interesting relationship between companies and people who ethically point out vulnerabilities.
Prosecutor Sandip Patel soundly rejected Mangham's claims that he was hacking for good.
He acted with determination, undoubted ingenuity and it was sophisticated, it was calculating, Patel said. He said he wanted a mini project and chose Facebook because of its high-profile Internet presence. The prosecution does not accept that the defendant's actions were anything other than malicious.
Patel told the court that Mangham stole invaluable intellectual property when he unlawfully accessed and hacked into the social media website Facebook and its computers in April to May last year from his bedroom in Yorkshire. Mangham reportedly bypassed Facebook's security measures and targeted multiple servers, downloading the information and saving it onto an external hard drive.
As an added bonus, Mangham hacked the account of a Facebook employee who was away on vacation and obtained restricted internal data that only the employee had access to.
Facebook reportedly spent $200,000 to isolate and nullify the damage from Mangham's crime, which also prompted a concerted, time-consuming and costly investigation on the part of British law enforcement and the FBI.
Even though Ventham argued that Mangham never attempted to sell any of the information he procured or tried to hand it off to others, the judge ruled against the hacker.
You and others who are tempted to act as you did really must understand how serious this is, said Judge Alistair mcCreath as he handed down his ruling to Mangham. The creation of that risk, the extent of that risk and the cost of putting it right mean at the end of it all I'm afraid a prison sentence is inevitable.
After Mangham hacked the Facebook site and employee account, he had reportedly tried to cover up his electronic footprints which were left from the hacking attacks. Unfortunately, his desperate attempts to hide from his crime failed on June 2, when a routine security review of the website prompted the FBI to come knock on Mangham's door.
Mangham's home was raided, and he was arrested.
He was in his own world, his own bedroom, his own mind, his own project and certainly his intention throughout was to contact Facebook in due course when he had rectified their problems, Ventham said.
Despite Mangham's good intentions, the court believed he may have been trying to prove himself to his father, who works in the computer industry.
I bear in mind you have never been in trouble before, that you're young in physical years and maybe emotionally younger than your physical age, and I bear in mind all the aspects of your psychological and personal make-up, Judge McCreath said. I acknowledge also that you never intended to pass any information you got through these criminal offenses to anyone else and you never did so, and I acknowledge you never intended to make any financial gain for yourself from these offenses.
But this was not just a bit of harmless experimentation. You accessed the very heart of the system of an international business of massive size, so this was not just fiddling about in the business records of some tiny business of no great importance.
On the contrary, Facebook is one of the most valuable businesses in the world, with more than 800 million users worldwide and a market valuation of approximately $100 billion. The social network, which was created in 2004 out of Mark Zuckerberg's Harvard dorm room, stores an immense amount of personal data about its users, from personal preferences to credit card numbers.
Judge McCreath ruled that Mangham had retroactively justified his hacking with the claim that he was going to alert Facebook with his findings. McCreath described Mangham's actions as persistent conduct, sophisticated conduct and conduct that had at least the risk of putting in danger the reputation of an innocent employee of Facebook.
As a result, the judge sentenced Mangham to eight months in prison. Mangham has forfeited his computer equipment, and the judge's restrictive crime prevention order will also inhibit Mangham's access to the Internet.
This was the most extensive and flagrant incidence of social media hacking to be brought before British courts, said Alison Saunders, chief crown prosecutor for CPS London. Fortunately this did not involve any personal user data being compromised. We worked closely with the Met police's central e-crime unit, the FBI and the U.S. Department of Justice to prepare a strong and compelling prosecution case and faced with that case, Mangham has admitted responsibility for his acts. He claimed his intention was to improve security but the method he decided to use to achieve this was actually illegal.
Facebook, meanwhile, is extremely happy with the efforts both stateside and across the pond to apprehend the culprit.
We applaud the efforts of the Metropolitan Police and the Crown Prosecution Service in this case, which did not involve any copromise of personal user data, said a Facebook spokesperson. We take any attempt to gain unauthorized access to our network very seriously and we work closely with law enforcement authorities to ensure that offenders are brought to justice.