UK Student Jailed For Facebook Hack Despite 'Ethical Hacking' Defense

Diamonddavej writes "The BBC reports that software development student Glenn Mangham, a 26-year-old from the UK, was jailed 17 February 2012 for eight months for computer misuse, after he discovered serious Facebook security vulnerabilities. Hacking from his bedroom, Mangham gained access to three of Facebook's servers and was able to download to an external hard drive the social network's 'invaluable' intellectual property (source code). Mangham's defense lawyer, Mr. Ventham, pointed out that Mangham is an 'ethical hacker' and runs a tax registered security company. The court heard Mangham previously breached Yahoo's security, compiled a vulnerability report and passed on to Yahoo. He was paid '$7000 for this achievement,' and claims he was merely trying to repeat the same routine with Facebook. But in passing sentence, Judge Alistair McCreath said despite the fact he did not intend to pass on the information gathered, his actions were not harmless and had 'real consequences and very serious potential consequences' for Facebook. The case's prosecutor, Mr. Patel, said Facebook spent '$200,000 (£126,400) dealing with Mangham's crime.'"

Re:Judges from the 20th century have to go

[korean.ian]

From the article:
"Judge McCreath told him
'This was not just fiddling about in the business records of some tiny business of no great importance and you acquired a great deal of sensitive and confidential information to which you were simply not entitled.'"
I think we can pretty clearly see where the judge's opinion lies.

Re:Uhh

[rgbrenner]

Let me ask you this.. if Yahoo didn't pay the reward, what would he have done with that confidential info? Does he sell it to someone else?

Why does he have it at all? He can disclose the security problem to yahoo and they can verify it.. that does not require he steal something from the server.

Re:Uhh

[moderatorrater]

No it's not. He didn't stumble on the access, he chained exploits, went through employee accounts, and ran arbitrary code. It's not a giant hole behind the casino door, it's picking a few locks, rifling through an employee's desk, breaking a few locks, and then telling the security guards they should be grateful. There were holes in facebook's security, and that's their own damn fault, but he pulled off some pretty serious attacks against one of the biggest players on the internet.

There are no words to describe how stupid this kid is. Anyone with half a brain who's followed the news for longer than 2 weeks knows that you don't hack first and communicate later.

Re:"Damage"

[rgbrenner]

Not just the review..

He impersonated a Facebook employee who was on vacation, hacked into the servers, tried to cover his tracks by deleting evidence he was there, downloaded facebook source code, then hid.

Facebook discovered on their own that he hacked in, and they had to work with the FBI to find out who this guy was. They had to do a real investigation.

THEN when the FBI knocks on his door, he says: I'm an ethical hacker trying to HELP facebook.

Seriously.. this guy is nothing more than a common criminal.