Facebook hacker tells his side of the story (video)

Facebook hacker tells his side of the story (video)

Summary: Glenn Steven Mangham has written a lengthy blog post, and even posted a YouTube video, explaining why he hacked into Facebook and stole the service's source code.

SHARE:

Two months ago, 26-year-old Glenn Steven Mangham, was sentenced to eight months in prison for hacking into Facebook from his bedroom at his parents' house. Earlier this month, he was freed after winning an appeal, and his sentence was halved. This week, Mangham decided to tell his side of the story in a blog post titled The Facebook Hack - What Really Happened and a YouTube video of the same title, which I've embedded above.

Here's the crux of his post:

I’d like to start with the stuff that I feel is obvious or that just needs to be said out of common decency. I accept full responsibility for what I did, it was my idea and my idea alone to do it and in truth I did not fully think through all the potential ramifications at the time. Strictly speaking what I did broke the law because at the time and subsequently it was not authorised, I was working under the premise that sometimes it is better to seek forgiveness than to ask permission, It is possible to offer up information and get a company to retroactively authorise actions so that they become legal. This is an approach I have used with some success in the past. In any case it was my choice to take this risk and I made a bit of a mess out of the project. For whatever it is worth I would like to apologise for allowing the situation to escalate into a full blown investigation and for any distress that my actions caused to certain individuals. While I accept that some cost was caused by what I did I would still dispute its quoted magnitude.

He also goes on to counter a statement made by Facebook CSO Joe Sullivan, in which Mangham is painted as a malicious hacker. The British student explains what he did with the stolen Facebook source code:

It is also worth mentioning that I had the source code for just over three weeks with absolutely nothing to prevent me from making copies and redistributing it, this was more than enough time to have caused significant damage to Facebook or to find a buyer, if that had ever actually been my intention but quite clearly it was not. I also do not accept that the risk was significantly increased by my actions, almost nobody knew of the existence of my copy and it was physically detached from the Internet, in many respects it was better secured than the original, So just in case anyone is unclear at the point I am driving at here, these are not the actions of someone who is being malicious, I would argue quite the opposite.

The full post is worth a read. If you haven't figured it out yet, the video is just Mangham reading his blog post.

Facebook said it spent $200,000 in dealing with Mangham's actions, which triggered a time-consuming and costly investigation by authorities. At first, Menlo Park thought it was dealing with major industrial espionage and contacted the FBI and British law enforcement.

Mangham admitted to the crime and pleaded guilty to breaching the social network's security systems between April 27 and May 9 of last year. He was arrested on June 2 and released from prison on bail after spending two months behind bars. Four conditions were attached to his bail, including that he live and sleep at his home address, not access the Internet, and not have any devices in the house that can access the Web.

Mangham had previously shown Yahoo how to improve its security and wanted to do the same for Facebook. The social networking giant discovered the infiltration during a system check. Mangham used various programs to get past Facebook's defenses, and faced five charges for repeatedly trying to penetrate the defenses of the social network under the Computer Misuse Act 1990. More specifically, Mangham was accused of downloading a computer program to secure unauthorized access to Facebook, of attempting to hack into Facebook's Mailman server, of using PHP script to secure access to Facebook's Phabricator server, of sharing a PHP script intended to hack into that server, and of securing repeated access to another Facebook server.

Facebook runs a Puzzle server to allow computer programmers to test their skills. A Mailman server is typically used by firms to run internal and external email distribution lists. The Phabricator is a set of tools designed by the company to make it easier to build Facebook apps.

See also:

Topics: Social Enterprise, Security

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • Simple things can get expensive for other's quite quickly

    The original Word VBA Concept virus did nothing other than tell you it was there but it was a real pain to finally eradicate from networks, as it kept reappearing. (Sidenote: If it had had a cafefully crafted, time-delayed, subliminally damaging payload, the world was so open to it that it could have caused economic chaos at the time, by destoying many businesses without them knowing why.)
    Patanjali
  • Joe Sullivan

    That man is a creep... Just look at his face, proud and conceited. He thinks he's a god. But he's really just mad that a kid hacked his precious system.

    And of course, the blame is really Mark Zuc's he was an idiot to pursue the boy so harshly. Idiot will be idiots... Oh well.
    yipsalon
    • Joe Sullivan

      Are you really stating that folks at Facebook are in the wrong here ? Truly ? The 'boy' you referenced intentionally compromised business systems and put at risk lots of things which he did not own. You're a great example of skewed values and twisted entitlement expectations, something which seem to be on the rise.
      stonerh
  • You keep using that word...

    Theft implies loss. When he copied Facebook's code, Facebook still had all of it. So he didn't steal anything. Please stop using the word "steal" to refer to making unauthorized copies.
    masonwheeler
    • You stole my idea!!

      That's what I was gonna write, until you stole the idea from me. You get all the credit, but at least I still have my original idea in my head.
      zdnet@...
    • Just to be sure this is seen by the poster...

      @masonwheeler - So what part of stealing is this *not* ? The guy broke in and took something that did not belong to him. The guy is a thief and needs be held accountable for his actions.
      stonerh
  • You keep using that word...

    @masonwheeler - So what part of stealing is this *not* ? The guy broke in and took something that did not belong to him. The guy is a thief and needs be held accountable for his actions.
    stonerh