British student admits hacking into Facebook

British student admits hacking into Facebook

Summary: Glenn Steven Mangham has pleaded guilty of hacking into Facebook. He faces five charges for repeatedly trying to penetrate the defenses of the social network and will be sentenced in February.

SHARE:

Update: British student jailed for hacking into Facebook

26-year-old Glenn Steven Mangham, a student in the UK, admitted hacking into Facebook, a court heard this week. Mangham pleaded guilty to breaching the social network's security systems between April 27 and May 9. He was arrested on June 2 and released from prison on bail after spending two months behind bars. Four conditions were attached to his bail, including that he live and sleep at his home address, not access the Internet, and not have any devices in the house that can access the Web.

Mangham had previously shown Yahoo how to improve its security and wanted to do the same for Facebook, the court heard, according to the BBC. Prosecutor Sandip Patel said the defendant's actions caused concern among a number of American authorities, including the FBI, and that Mangham's actions were the "most effective and egregious example of hacking into social media that has come before a British court. It required considerable expertise." He managed to download "highly sensitive intellectual property."

"This attack did not involve an attempt to compromise or access user data," a Facebook spokesperson said in a statement.

Facebook discovered the infiltration during a system check. Tom Ventham, Mangham's defence lawyer, said his client was an ethical hacker who had a "high moral stance" and Yahoo had "rewarded" him for pointing out its vulnerabilities. "That was his plan here but the activity was found by accident," said Ventham.

Mangham used various programs to get past Facebook's defenses, and faces five charges for repeatedly trying to penetrate the defenses of the social network under the Computer Misuse Act 1990. More specifically, Mangham is accused of downloading a computer program to secure unauthorized access to Facebook, of attempting to hack into Facebook's Mailman server, of using PHP script to secure access to Facebook's Phabricator server, of sharing a PHP script intended to hack into that server, and of securing repeated access to another Facebook server.

Facebook runs a Puzzle server to allow computer programmers to test their skills. A Mailman server is typically used by firms to run internal and external email distribution lists. The Phabricator is a set of tools designed by the company to make it easier to build Facebook apps.

Mangham will be sentenced on February 17, 2012.

Update: British student jailed for hacking into Facebook

See also:

Topics: Social Enterprise, Security, Servers

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • RE: British student admits hacking into Facebook

    Here's a hint, kid. You get the company to agree to let you do security research on their behalf, FIRST, then you hack their systems, document and point out their flaws. You don't do the hacking first, then ask them to pay for the information. You are not an ethical hacker. An ethical hacker gets permission from the company they're going to hack BEFORE compromising their security.
    swmace
    • Ethical hacker

      @swmace

      Agreed, good post.
      skyoneder
    • RE: British student admits hacking into Facebook

      @swmace Yes, you have a point. But one can only imagine how that would go.

      Mangham: I can hack your systems, oh and btw can I have $$$? :D
      Facebook: Get lost.
      Mangham: No, really, I did it to Yahoo...
      Facebook: Big deal. Now get lost.

      I suspect he was trying to get some proof of the extent of the hack before confronting them with that evidence. He doesn't appear stupid or greedy enough to simply hack for lulz, or personal gain, unless you count what he did for Yahoo.
      We dont know what evidence was found in the system audit either. If he had any sense, he'd have simply scrawled 'I woz ere' in a number of discrete places as a calling card, and then phoned Facebook...
      But he got rumbled by the Janitor instead.

      This is the risk of being a hacker in the first place, ethics aren't in question because hacking is unethical by nature. The ethics are in why its done.
      If he were working for Facebook, it wouldn't be hacking, it'd be security - same work, different hat.
      SiO2
    • RE: British student admits hacking into Facebook

      @swmace

      I agree with you but there is one anomaly. His Defence was that he was an 'ethical' hacker. And yet he is accused "...... of sharing a PHP script intended to hack into that server...,".

      Sharing? With who? Obviously not Facebook although I don't see in these reports where that was ever investigated during the court proceedings.

      If he was sharing with other hackers, (eg, perhaps Anonymous), then the ethical argument loses a little impact.

      But that said, these computer networks and web sites really should employ experts such as him to continuously try to hack in and show up any weaknesses.
      markflax
  • RE: British student admits hacking into Facebook

    He should of hid behind proxies with 100s of hops and did the hacking from a public library under a fake identity.
    vahnx
  • RE: British student admits hacking into Facebook

    I agree with the first poster, you let them know that you think they have security issues and offer to help find them and show them how to plug them. (For a fee of course).

    Don't hack first and ask for pay later.
    cmwade1977
    • RE: British student admits hacking into Facebook

      @cmwade1977 could asking first ever work? Would Facebook ever accept that? I seriously doubt it. For every guy willing to report found vulnerabilities (that Facebook devs themselves have a really hard time spotting) there's hundreds only wishing to exploit such vulnerabilities and cause havoc.

      Facebook's hope with this move is to make an example out of this guy, and therefore scaring off any other hackers. Let's see if that's gonna work.....
      cameigons