Facebook Hack: Glenn Mangham, 26, Jailed For Eight Months

Posted: Updated:
Print Article

A student who hacked into Facebook in the "most extensive and grave" case of social media hacking to come before a British court was jailed for eight months today.

Glenn Mangham, 26, admitted infiltrating the website from his bedroom in his parents' house between April and May last year.

His actions were said to have risked destroying "the whole enterprise" and sparked fears among American authorities of industrial espionage.

Mangham, a software development student from Cornlands Road, York, had previously shown the search engine Yahoo how it could improve its security and said he wanted to do the same for Facebook.

But prosecutor Sandip Patel rejected his claims, saying: "He acted with determination, undoubted ingenuity and it was sophisticated, it was calculating."

Facebook spent 200,000 US dollars (£126,400) dealing with Mangham's crime, which triggered a "concerted, time-consuming and costly investigation" by the FBI and British law enforcement.

"He said he wanted a mini project and chose Facebook because of its high-profile internet presence," Mr Patel said.

"The prosecution does not accept that the defendant's actions were anything other than malicious."

He told Southwark Crown Court in London how Mangham had "unlawfully accessed and hacked into the social media website Facebook and its computers in April to May last year from his bedroom in Yorkshire" and had ultimately stolen "invaluable" intellectual property, which he downloaded on to an external hard drive.

He added: "This represents the most extensive and grave incident of social media hacking to be brought before the British courts."

Passing sentence, Judge Alistair McCreath told Mangham his actions were not harmless and had "real consequences and very serious potential consequences," which could have been "utterly disastrous" for Facebook.

"You and others who are tempted to act as you did really must understand how serious this is," he said.

"The creation of that risk, the extent of that risk and the cost of putting it right mean at the end of it all I'm afraid a prison sentence is inevitable."

Mangham, a Sherlock Holmes fan described by his lawyer as a "computer nerd", targeted multiple servers, bypassing Facebook's security.

As part of his ruse, he hacked into the account of a Facebook employee and through it obtained restricted internal data while the staff member was away on holiday.

Then, fearing discovery, he sought to delete the electronic footprints he had left while committing his hacking attacks.

His fears were realised when his crime was unearthed in a routine security review by the website and on June 2 he received a knock on the door from the FBI.

His "middle class family" home was raided and he was arrested.

He insisted financial gain was not his motive and vowed he was willing to explain to Facebook how he had compromised their servers, the court heard.

Tony Ventham, defending Mangham, said he was an "ethical hacker" who had described himself as a security consultant.

"He saw this as a challenge," he told the court. "This is someone who in previous times would have thrown everything aside to seek the source of the Nile."

He went on: "It was common currency within the community of computer nerds or geeks, if I may refer to him as that, where there was this interesting relationship between companies and people who ethically point out vulnerabilities."

He had not tried to sell any of the information he obtained or pass it on to anyone else, Mr Ventham stressed.

He added: "He was in his own world, his own bedroom, his own mind, his own project and certainly his intention throughout was to contact Facebook in due course when he had rectified their problems."

mf

Page 3: 18:48

Mangham himself then took the stand to explain his actions, dressed in a dark suit and red tie, as his father and uncle looked on.

"It was to identify vulnerabilities in the system so I could compile a report that I could then bundle over to Facebook and show them what was wrong with their system," he said.

"I had performed the same routine with Yahoo."

The court heard he was of good character but showed strong indications of Asperger syndrome, and may have been trying to prove himself to his father, who works in the computer industry.

Judge McCreath told him: "I bear in mind you have never been in trouble before, that you're young in physical years and maybe emotionally younger than your physical age, and I bear in mind all the aspects of your psychological and personal make-up.

"I acknowledge also that you never intended to pass any information you got through these criminal offences to anyone else and you never did so, and I acknowledge you never intended to make any financial gain for yourself from these offences.

"But this was not just a bit of harmless experimentation. You accessed the very heart of the system of an international business of massive size, so this was not just fiddling about in the business records of some tiny business of no great importance."

He described Mangham's actions as "persistent conduct, sophisticated conduct and conduct that had at least the risk of putting in danger the reputation of an innocent employee of Facebook."

Mangham's claim that he had always intended to alert the website to what he had done was a retrospective justification for it, rather than his motivation, he added.

Mangham, who admitted computer misuse offences on December 13, was also given a serious crime prevention order restricting his access to the internet and forfeiting his computer equipment.

Alison Saunders, chief crown prosecutor for CPS London, said: "This was the most extensive and flagrant incidence of social media hacking to be brought before British courts.

"Fortunately this did not involve any personal user data being compromised.

"We worked closely with the Met police's central e-crime unit, the FBI and the US Department of Justice to prepare a strong and compelling prosecution case and faced with that case, Mangham has admitted responsibility for his acts.

"He claimed his intention was to improve security but the method he decided to use to achieve this was actually illegal."

A Facebook spokesman said: "We applaud the efforts of the Metropolitan Police and the Crown Prosecution Service in this case, which did not involve any compromise of personal user data.

"We take any attempt to gain unauthorised access to our network very seriously and we work closely with law enforcement authorities to ensure that offenders are brought to justice."