A UK man who hacked his way into Facebook's internal systems has been sentenced to eight months behind bars.
The breach took place in April 2011. Glenn Mangham pleaded guilty to computer misuse charges in December, but claimed in court that he was an ethical hacker who was only trying to show Facebook the vulnerability of its security.
The court disagreed and on Friday he was given four eight-month sentences, to run concurrently.
According to the Metropolitan Police, Mangham had stolen "internal intellectual material" from Facebook's servers. However, this was apparently not user data, but rather internal Facebook information.
"This was a dynamic response that saw PCeU [Metropolitan Police Central e-Crime Unit] officers, working alongside the FBI and North Yorkshire Police, quickly recovering stolen intellectual property," PCeU detective chief inspector Terry Wilson said in a statement on Friday.
After Facebook realised its systems had been breached in April last year, the company reported the matter to the FBI, who figured out that the hacker was in the UK and referred the matter to the PCeU.
Mangham was arrested in June and computers and storage devices were seized from his home in York. Under questioning, he admitted breaching Facebook's systems, and he was charged in August.
The four sentences included three for hacking and one for causing or risking damage to the attacked systems. According to the Met, Mangham was also given a "serious crime prevention order", which involves forfeiting computer kit and having restricted internet access.
According to reports of Mangham's court appearances, the software development student claimed to have been an ethical hacker who had previously breached Yahoo's system as a service to that company.
You accessed the very heart of the system of an international business of massive size, so this was not just fiddling about in the business records of some tiny business of no great importance.
– Judge McCreath
"It was to identify vulnerabilities in the system so I could compile a report that I could then bundle over to Facebook and show them what was wrong with their system," Mangham told Southwark Crown Court. The judge decided that this was not Mangham's intention at the time.
"I acknowledge... that you never intended to pass any information you got through these criminal offences to anyone else and you never did so, and I acknowledge that you never intended to make any financial gain for yourself from these offences," Judge McCreath said. "But this was not just a bit of harmless experimentation."
"You accessed the very heart of the system of an international business of massive size, so this was not just fiddling about in the business records of some tiny business of no great importance," the judge continued, noting that Mangham had at least risked "putting in danger the reputation of an innocent employee of Facebook".
