Two months ago, 26-year-old Glenn Steven Mangham, was sentenced to eight months in prison for hacking into Facebook from his bedroom at his parents' house. Earlier this month, he was freed after winning an appeal, and his sentence was halved. This week, Mangham decided to tell his side of the story in a blog post titled The Facebook Hack - What Really Happened and a YouTube video of the same title, which I've embedded above.
Here's the crux of his post:
I’d like to start with the stuff that I feel is obvious or that just needs to be said out of common decency. I accept full responsibility for what I did, it was my idea and my idea alone to do it and in truth I did not fully think through all the potential ramifications at the time. Strictly speaking what I did broke the law because at the time and subsequently it was not authorised, I was working under the premise that sometimes it is better to seek forgiveness than to ask permission, It is possible to offer up information and get a company to retroactively authorise actions so that they become legal. This is an approach I have used with some success in the past. In any case it was my choice to take this risk and I made a bit of a mess out of the project. For whatever it is worth I would like to apologise for allowing the situation to escalate into a full blown investigation and for any distress that my actions caused to certain individuals. While I accept that some cost was caused by what I did I would still dispute its quoted magnitude.
He also goes on to counter a statement made by Facebook CSO Joe Sullivan, in which Mangham is painted as a malicious hacker. The British student explains what he did with the stolen Facebook source code:
It is also worth mentioning that I had the source code for just over three weeks with absolutely nothing to prevent me from making copies and redistributing it, this was more than enough time to have caused significant damage to Facebook or to find a buyer, if that had ever actually been my intention but quite clearly it was not. I also do not accept that the risk was significantly increased by my actions, almost nobody knew of the existence of my copy and it was physically detached from the Internet, in many respects it was better secured than the original, So just in case anyone is unclear at the point I am driving at here, these are not the actions of someone who is being malicious, I would argue quite the opposite.
The full post is worth a read. If you haven't figured it out yet, the video is just Mangham reading his blog post.
Facebook said it spent $200,000 in dealing with Mangham's actions, which triggered a time-consuming and costly investigation by authorities. At first, Menlo Park thought it was dealing with major industrial espionage and contacted the FBI and British law enforcement.
Mangham admitted to the crime and pleaded guilty to breaching the social network's security systems between April 27 and May 9 of last year. He was arrested on June 2 and released from prison on bail after spending two months behind bars. Four conditions were attached to his bail, including that he live and sleep at his home address, not access the Internet, and not have any devices in the house that can access the Web.
Mangham had previously shown Yahoo how to improve its security and wanted to do the same for Facebook. The social networking giant discovered the infiltration during a system check. Mangham used various programs to get past Facebook's defenses, and faced five charges for repeatedly trying to penetrate the defenses of the social network under the Computer Misuse Act 1990. More specifically, Mangham was accused of downloading a computer program to secure unauthorized access to Facebook, of attempting to hack into Facebook's Mailman server, of using PHP script to secure access to Facebook's Phabricator server, of sharing a PHP script intended to hack into that server, and of securing repeated access to another Facebook server.
Facebook runs a Puzzle server to allow computer programmers to test their skills. A Mailman server is typically used by firms to run internal and external email distribution lists. The Phabricator is a set of tools designed by the company to make it easier to build Facebook apps.
- Facebook virus or account hacked? Here's how to fix it.
- Facebook releases official Guide to Facebook Security
- Experts: Facebook crime is on the rise
- Sex sells: Men fall for Facebook scams more than women
- Researchers invade Facebook with socialbots, grab 250GB of data
- Facebook Immune System checks 25 billion actions every day