Out-Law / Your Daily Need-To-Know

British Facebook hacker sentenced to eight months in jail

Out-Law News | 20 Feb 2012 | 12:58 pm | 2 min. read

A man who hacked into Facebook and claimed he wanted to help the company expose vulnerabilities to its system has been sentenced to an eight month jail term.

Glenn Mangham broke into the account of a Facebook employee and downloaded information to an external hard drive, including intellectual property belonging to the social networking company, in the spring of last year, according to media reports.

Facebook reported the incident to US federal investigators before the UK's Metropolitan Police raided the student software developer's home in York in June.

Monaghan's lawyer had said that the student had been previously "rewarded" by internet company Yahoo! after hacking into their systems and reporting on the security problems he found, according to a report by the BBC.

Mangham had claimed that he undertook a similar 'ethical hack' on Facebook in order to report problems with Facebook's security to the company. However, the judge said that the 26 year old had formed the reason for the hack retrospectively and that it was not his motivation for his actions, according to the Guardian.

"I acknowledge ... that you never intended to pass any information you got through these criminal offences to anyone else and you never did so, and I acknowledge that you never intended to make any financial gain for yourself from these offences," the judge said.

"But this was not just a bit of harmless experimentation. You accessed the very heart of the system of an international business of massive size, so this was not just fiddling about in the business records of some tiny business of no great importance," he said, according to the Guardian's report.

Monaghan had engaged in "persistent conduct, sophisticated conduct and conduct that had at least the risk of putting in danger the reputation of an innocent employee of Facebook," the judge said.

Prosecutors had said Facebook had spent $200,000 dealing with the aftermath of Mangham's actions, according to the BBC's report.

Alison Saunders, chief Crown prosecutor for the Crown Prosecution Service (CPS) London, said Mangham had "pleaded guilty to two computer misuse offences, one of them the most serious offence under the Computer Misuse Act which carries a maximum penalty of 10 years".

"This was the most extensive and flagrant incidence of social media hacking to be brought before British courts. Fortunately, this did not involve any personal user data being compromised. We worked closely with the Met’s Police Central e-Crime Unit, the FBI and the US Department of Justice to prepare a strong and compelling prosecution case and faced with that case, Mangham has admitted responsibility for his acts. He claimed his intention was to improve security but the method he decided to use to achieve this was actually illegal," Saunders said in a CPS blog.

Under the Computer Misuse Act it is an offence for a person to knowingly cause "a computer to perform any function with intent to secure access to any program or data held in any computer, or to enable any such access to be secured" without authorisation. 

Under the Act a person is also guilty of an offence if the unlawful computer access is used to commit, or facilitate, some other offences regardless of whether that subsequent offence is to take place in the future or is indeed possible to commit. A person is also guilty of an offence if they commit any unauthorised act with intent to impair the operation of any computer, prevent or hinder access to any program or data held in any computer, impair the operation of any such program or the reliability of any such data, or enabling those acts to be done. 

Making, adapting, supplying or offering to supply any electronic program or data intending it, or knowingly it is likely, to be used or to assist in the commission of unlawful computer access or impairment is also an offence. Supplying electronic programs or data "with a view to its being supplied for use to commit, or to assist in the commission" of unlawful computer access or impairment is also an offence under the Act.