British Facebook hacker sentenced to eight months in prison

Posted by Shane McGlaun

We all know crime doesn't pay, but sometimes hacking does pay.

More than a few so-called ethical (or White Hat) hackers have discovered a security vulnerability only to end up with a new job or hefty bounty.

British Facebook hacker gets eight months in prisonUnfortunately, that was not case for a British software development student named Glenn Mangham, who had previously identified vulnerabilities in Yahoo systems and was rewarded accordingly.

The 26-year-old hacker subsequently turned his attentions to Facebook where he accessed a website used by the social networking site to set puzzles for software engineers who might be interested in working for the company.

Between April and May of 2011, Mangham allegedly downloaded important proprietary information to an external hard drive. To facilitate the downloading of the data, the hacker also gained access to the Facebook account of an employee named Stefan Parker.

Prosecutors say the hack cost Facebook $200,000 in terms of legal and security costs. However, Mangham claimed he didn't hack maliciously, and didn't sell any of the downloaded data. He insisted he intended to alert Facebook to the issues; however, prosecutors didn't buy the story.

"This was not just a bit of harmless experimentation - you accessed the very heart of the system of an international business of massive size," Judge Allister McCreath wrote in his verdict.

"This was not just fiddling about in the business records of some tiny business of no great importance and you acquired a great deal of sensitive and confidential information to which you were simply not entitled... Potentially what you did could have been utterly disastrous to Facebook."

The judge's statement is odd nd almost sounds like hacking would've been okay had it been a small company and not a huge and well-known Internet giant such as Facebook. It almost seems like Mangham was made an example by the British court. Frankly, 8 months in prison seems harsh when the judge conceded he did not believe the hacker breached security for monetary gain and agreed that none of the data was leaked for personal gain. What do you think?