Facebook hacker gets eight months in prison

26-year-old software development student Glenn Mangham has been sentenced to 8 months in prison for hacking into Facebook using an employee's login details.

When asked why he did it, Mangham says: "It was to identify vulnerabilities in the system so I could compile a report that I could then bundle over to Facebook and show them what was wrong with their system."

Despite admitting that Mangham had not done the crime for financial gain, the judge still gave the harsh sentence whilst declaring: "You accessed the very heart of the system of an international business of massive size, so this was not just fiddling about in the business records of some tiny business of no great importance."

At the time, authorities believed that Facebook was the next company in a long line of industrial espionage. Companies like Microsoft and Google have been hit over the years, as other companies or even governments try to access secrets.

Prosecutors accused Mangham of stealing "invaluable" intellectual property including restricted internal data.

The student claims he did a similar attack on Yahoo and taught them how to improve their security a few years ago.

Written by: Andre Yoskowitz @ 18 Feb 2012 21:46

no1here

The very essence of what the judge said about,"Not just fiddling about in the business records of some tiny business of no great importance", is very scary. Because it was a significant size one, this kid should go to prison? Yet there are still many real crimes being committed every single day. What has become of us as a society?

MAJB

19.2.2012 02:04 #1

patrick_

I was thinking the same thing. He has to go to jail because of the size of the company he "hacked". BTW hacked? He used an employee login. Since when is that called hacking.

19.2.2012 03:34 #2

LordRuss

"You accessed the very heart of the system of an international business of massive size, so this was not just fiddling about in the business records of some tiny business of no great importance."

So if the company was of 'no account' or small in size this wouldn't be an issue? Allowing the judge to "imply" that the kid's actions were more than a bundle for a job resume as he stated they were is just as circumstantial as saying "I saw him leaving the house" in a murder trial. I.e., he may have been there, but at no time does it mean he had anything to do with it.

The judge has absolutely no knowledge that this kid was going to commit espionage at all given his prior history.I'm not saying the kid shouldn't be tossed in the brig, but the judge should be tossed in the cell next to him for being allowed to make such assessments. Not to mention asinine jail sentences for cyber crimes while murderers are & pedophiles are back to eating babies after only a couple of years of incarceration.

http://onlyinrussellsworld.blogspot.com

19.2.2012 12:28 #3

Mrguss

Judges, Politician, etc. are for-sale now on days.... Never-Trust-Them !

+4000

19.2.2012 20:32 #4

xboxdvl2

i got a question what did he actaually access apart from another employees facebook page???.did he hack anything or did the other employee leave himself logged in???.

R.I.P. mr 1990 ford falcon.got myself a 1993 toyota corolla seems to run good.computers still going good.

20.2.2012 04:45 #5

llongtheD

Originally posted by Mrguss: Judges, Politician, etc. are for-sale now on days.... Never-Trust-Them ! Only in America. White collar criminals can steal trillions and get bailed out, and a kid breaks into facebook and gets 8 months. What's wrong with this picture?

20.2.2012 05:04 #6

LordRuss

Originally posted by xboxdvl2: i got a question what did he actaually access apart from another employees facebook page???.did he hack anything or did the other employee leave himself logged in???. Sounds to me like the kid got hold of an inside employee's log-on credentials, then navigated through the proper channels to show where Facebook could get cremated. That's what I took from the article anyway. Otherwise, making a simple Facebook account from a foreign IP address would have given access to test his theory.

http://onlyinrussellsworld.blogspot.com

20.2.2012 11:27 #7

ps355528

big business no harm done at all.. 8 months..

mom and pop online confectionary sellers site hacked offline persistently eventually forcing them out of business... nothing..

There is a moral here kids.. IF you get in to one of these big businesses.. hack them off the planet.. and tell the black hat community.. DON'T tell the bastards how you got in even though you did nothing at all. because they will just jail you for trying to help them!!!!

When you get unauthorised access to a firearm in this world.. use the frikkin thing!!! don't hand it in to the authorities to go to jail for having an "illegal weapon" in your posession!!!

ARR! Them pesky Navy! Get out of my sea!
irc://irc.villageirc.net/afterdawn http://www.pirateparty.org.uk/

20.2.2012 11:55 #8

hearme0

This kid should be commended for hacking that crappy, lousy over-embellished and overvalued site and PROMOTED to hacking Twitter next!!!

Also, what country is this kid from? Did the U.S. by chance overextend their legal arm again to other jurisdictions or is he in the U.S.??? Anyone??? Anyone???

How did he get caught??

20.2.2012 13:59 #9

LordRuss

Originally posted by ps355528: don't hand it in to the authorities to go to jail for having an "illegal weapon" in your posession!!! Reminds me of one of those "hand guns for hash" trade-offs the law enforcement agencies run every now & then. Turns out to be a joke then too. Basically turns up P.O.S. weapons that don't fire & turns a bunch of drug addicts out in the streets with a few more bucks in their pockets or profiles more folks into looking like they're possible candidates for jail sentences as well. It never actually turns up the real culprits or produces the real effects they intended in the first place. It just looks good on paper.

Originally posted by hearme0: Did the U.S. by chance overextend their legal arm again to other jurisdictions or is he in the U.S.??? Anyone??? Anyone??? How did he get caught?? Being purely circumstantial & using deduction as a guide, I figure because he approached Yahoo & a couple other large scale internet companies as well He has at least lived here in the US for some time now. My guess would be he would have a much harder time trying to make his security sale without a face to face sit-down in order to get things fixed.

Being as young as he is, he's obviously naive as a fresh diaper out of the Pampers box to think an upper echelon, old goat from the IT lab is going to let a snot nose get past him on the security front... So whatever arrangements he made to formally meet with the uppity-ups, it was a ruse, old f*k met him there with the lawyers, security & the cops & a healthy dose of Viagra so he could have one last attempt at his 15 minutes as the kid got drug off.

I'm sure I can't be quoted on any of what I just wrote, but I'll bet a bunch of money that I'm not far off either.

http://onlyinrussellsworld.blogspot.com

20.2.2012 15:16 #10

ChikaraNZ

Originally posted by no1here: The very essence of what the judge said about,"Not just fiddling about in the business records of some tiny business of no great importance", very scary. Because it was a significant size one, this kid should go to prison? Yet there are still many real crimes being committed every single day. What has become of us as a society? This *is* a real crime.
Like it or not, and whether you think the law is an a** or not, he broke the law by accessing a system without permission. How would you like it if you got home from work today, and saw some stranger sitting outside your front doorstep saying "I accessed your PC login, your email, all your documents, pictures etc. You will have to trust me I didn't tell anyone else. And you should secure your PC better"

Are you just going to say "Wow, thanks so much for showing me? You can leave now"
I didn't think so.

24.2.2012 09:31 #11

LordRuss

Originally posted by ChikaraNZ:
This *is* a real crime.
Like it or not, and whether you think the law is an a** or not, he broke the law by accessing a system without permission. How would you like it if you got home from work today, and saw some stranger sitting outside your front doorstep saying "I accessed your PC login, your email, all your documents, pictures etc. You will have to trust me I didn't tell anyone else. And you should secure your PC better"

Are you just going to say "Wow, thanks so much for showing me? You can leave now"
I didn't think so. There used to be a TV show with these 2 guys who were thieves that broke into your home, stole from you & then would re-tailor your house to keep it from happening again. All in trade for televising it.

Yeah, all were upset about the intrusion, but they got their stuff back, they got to look the thief in the eye & talk about what the experience was like & get through it. At least they got a cathartic experience from it instead of flat ripped off & left with their collect dorks in their hands.

This kid told them he did it, what he took, showed back up with what he took & how he did it with a plan as to how to keep it from happening again as it was a part of his business model. Similar to the stupid TV model just like the yahoos above.

Condescending, self important, jerk offs would look at a mechanic who took the extra time changing your oil & said "your fan belt is going bad" as a con man rather than a concerned entrepreneur.

When I work on a stranger's computer I have them sign a document stating that if I happen across kiddy porn I'm calling the cops. It hasn't happened, but are you telling me I should go to jail under the same auspices as this kid? Not on a bet!

http://onlyinrussellsworld.blogspot.com

24.2.2012 13:06 #12

ChikaraNZ

Originally posted by LordRuss: Originally posted by ChikaraNZ:
This *is* a real crime.
Like it or not, and whether you think the law is an a** or not, he broke the law by accessing a system without permission. How would you like it if you got home from work today, and saw some stranger sitting outside your front doorstep saying "I accessed your PC login, your email, all your documents, pictures etc. You will have to trust me I didn't tell anyone else. And you should secure your PC better"

Are you just going to say "Wow, thanks so much for showing me? You can leave now"
I didn't think so. There used to be a TV show with these 2 guys who were thieves that broke into your home, stole from you & then would re-tailor your house to keep it from happening again. All in trade for televising it.

Yeah, all were upset about the intrusion, but they got their stuff back, they got to look the thief in the eye & talk about what the experience was like & get through it. At least they got a cathartic experience from it instead of flat ripped off & left with their collect dorks in their hands.

This kid told them he did it, what he took, showed back up with what he took & how he did it with a plan as to how to keep it from happening again as it was a part of his business model. Similar to the stupid TV model just like the yahoos above.

Condescending, self important, jerk offs would look at a mechanic who took the extra time changing your oil & said "your fan belt is going bad" as a con man rather than a concerned entrepreneur.

When I work on a stranger's computer I have them sign a document stating that if I happen across kiddy porn I'm calling the cops. It hasn't happened, but are you telling me I should go to jail under the same auspices as this kid? Not on a bet! I remember a show like that too.
I always wondered for every episode shown, how many people were seriously p***ed off and refused to be on air. I'm sure the TV networks had strict conditions on what the 'thief' could and couldn't do as well, backed up by indemnity insurance, etc.
Also, he was only stealing physical items so there could be no argument about what he has and hasn't got. He's got your TV or he hasn't.
With accessing systems it's different, he could have copied data, copyrighted intellectual property, without anyone knowing. It's just his word saying he didn't.
Your example about finding kiddy porn is different. In this case you are accessing someones system in order to do a job you are paid for, and would only find stuff like this in the course of doing your legitimate job.

I still think they are right to prosecute him.
If he really wanted to 'help' FB, he could have agreed with them in advance he will try to break their systems.

In any case, I don't think he was really testing their security, somehow he got hold of an employees logon, so he logged on as the employee which gave him access to stuff he shouldn't. The article doesn't say, but we can only assume he didn't legitimitely obtain the ID and password either.

24.2.2012 21:18 #13

ps355528

Still say he should have just told the black hat his employee login and left them to it..

It's impossible to "steal" digital data.. unless you copy it and then delete it.. stealing specifically covers removing something from somebody and denying them the use of it.. "unauthorised access to systems".. bollocks.. so what? .. every single day millions and millions of people gain unauthorised access to other peoples property knowing or unknowing. To get in and out of my building I have to trespass on "private property" just to get to the front door.. There are signs up saying who thinks they own that street and that there is no public right of way..

Think again about "unauthorised access" and the tyranny you are supporting. In my books this is a clear case of no harm no foul.. except from the cops and the courts who again have jailed an innocent person while genocidal mass murders (bush and blair to name 2) walk around having lined their pockets with millions from murder of innocent civilians!!

ARR! Them pesky Navy! Get out of my sea!
irc://irc.villageirc.net/afterdawn http://www.pirateparty.org.uk/

24.2.2012 21:39 #14

no1here

I am not arguing that this is a REAL crime, but that it is one only because it is 'On the books'. The instance of the judge proclaiming that the offender's attack upon a substantial corporation is alarming. Corporate driven laws should not be acceptable. Plain and simple. If you are one of societies drones that actually believe that Big-Brother knows best, well more power to you. I find it to be very alarming.

25.2.2012 01:35 #15

no1here

I am not a sheep that is willing to follow the herd. Therefore, I am illegal in my thinking. I question everything, as I watch everything become illegal.

MAJB

25.2.2012 01:45 #16

ChikaraNZ

By the way, I should mention I would feel the same if this was FB, or some little small one person part time business. The judge shouldn't treat it any different just because its a large corporation.
If this is not punished, where is the line drawn? How about I hack into your internet banking and view your income and expenses and where you spend your money? Are you happy for someone to have that confidential info, just to try and point out the logon I'd is insecure? Are you really going to trust that I didn't do anything with, or tell anyone what I saw?
Regardless of what we feel about large corporations, this isdangerous ground if it is not treated and punished as a crime.

25.2.2012 01:57 #17

no1here

As opposed to prosecuting those responsible for the fall of the American Banking system as we knew it (or believed it to be)? Where was the line drawn then? I find the reasoning behind the sentencing to be excessive and unusual. Has a crime been committed? Yes. Corporation or not, I couldn't care less. If you are a proponent of the powers that be, then a black and white approach would seem to be logical.("Let it be written. Let it be done') I find it not to be logical. Just because it has been made a law, does not make it right and absolute. The word;'Privacy' has been diluted.

MAJB

25.2.2012 02:45 #18

ChikaraNZ

Originally posted by no1here: As opposed to prosecuting those responsible for the fall of the American Banking system as we knew it (or believed it to be)? Where was the line drawn then? I find the reasoning behind the sentencing to be excessive and unusual. Has a crime been committed? Yes. Corporation or not, I couldn't care less. If you are a proponent of the powers that be, then a black and white approach would seem to be logical.("Let it be written. Let it be done') I find it not to be logical. Just because it has been made a law, does not make it right and absolute. The word;'Privacy' has been diluted. It's not mutually exclusive. Punish the bankiers if they did wrong, also punish this guy as he's done wrong.
But thatr's a different issue, i'm not talking about whether the bankers should / should not be punished, i'm just saying this guy - on the face of it - deliberatly broke the law and now he is held accountable, the way it should be.

25.2.2012 05:07 #19

no1here

The comparison is right on the money. Can you even see the imbalance? It's not mutually exclusive? Really? So can you even agree that ANYONE who breaks the law should be punished?

MAJB

25.2.2012 06:15 #20

ChikaraNZ

I'm not talking about the imbalance between the punishments, i'm talking about whether he did wrong and should be punished, or not (some people have said he shouldnt be punished at all).
That's what I meant by not mutually exclusive. You can still punish the bankers *and* punish this guy - it doesn't have to be one *or* the other, they both f***ed up and should be accountable.

I'm not neccesarily comparing whether the sentence is the right or wrong length, or 'fair' lentgh, i'm just saying yes he should be punished.
He knew this was wrong, he did it anyway, he got access to information and possibly trade secrets he had no right to, so I stick by what I said that he does deserve to be punished for that. If there is no punishment or deterrent for that, people will hack into whatever systems they feel like knowing they will never be stopped. Well actually that happens now, but just from China haha...

25.2.2012 06:46 #21

LordRuss

Originally posted by no1here: I am not a sheep that is willing to follow the herd. Therefore, I am illegal in my thinking. I question everything, as I watch everything become illegal.
This is an excellent point to which I was trying to make. Just cause the judge had a brain fart, doesn't make it so. Thus, the Thought Police needn't arrest, nor prosecute for said crimes. Nor should a judge sentence on such fractalized logic.

We're not in a Minority Report society so "intentions" are not prosecutable. That's the same as circumstantial & for a condescending judge to stand in his robes & tell me that he has the right to make such decisions over my neanderthalic ass is pompous personified.

Bust the kid for a form of 'breaking & entering', put him in with the rapists & killers for 90 days. See if that doesn't have him wishing he should have grown up a bit & played the game correctly and approached FB properly. So what if FB is too pompous to listen to a 26year old wizz kid... that's what youth & exuberance gets you these days.

http://onlyinrussellsworld.blogspot.com

25.2.2012 14:22 #22

AfterDawn: News