A student who hacked into Facebook from a bedroom in his parents’ Yorkshire home has been jailed for the “most extensive and grave” attack on social media ever to come before a British court.
The California-based website spent more than £126,000 dealing with the security breach, which risked destroying “the whole enterprise” and was investigated by the FBI, a judge heard yesterday.
US authorities suspected the hacking had been industrial espionage but later found it to be the work of Sherlock Holmes fan Glenn Mangham, who was able to steal “invaluable” intellectual property while sitting at his computer in a bedroom in York.
Southwark Crown Court in London heard Mangham, 26, was a “computer nerd” and “ethical hacker” who had described himself as a security consultant.
In April and May last year he targeted multiple servers, bypassing Facebook’s security, and obtained restricted internal data after hacking into the account of one of the website’s employees.
He then tried to hide his actions, but the breach was picked up in a routine security review by the website and he was arrested by the FBI at his “middle class family” home in Cornlands Road, York.
Mangham, whose arrest last June was exclusively revealed by the Yorkshire Post, admitted infiltrating Facebook but said he had intended to show the website how it could improve its security. Giving evidence during his sentencing hearing yesterday, the software development student said he had provided a similar service for the search engine Yahoo.
“It was to identify vulnerabilities in the system so I could compile a report that I could then bundle over to Facebook and show them what was wrong with their system,” he said.
But Mangham’s claims were rejected by prosecutor Sandip Patel, who said: “This represents the most extensive and grave incident of social media hacking to be brought before the British courts.”
The court heard Mangham showed strong signs of Asperger’s syndrome, and may have been trying to prove himself to his father, who works in the computer industry.
Judge Alistair McCreath jailed Mangham for eight months and told him his actions had “real consequences and very serious potential consequences,” which could have been “utterly disastrous” for Facebook.
The judge acknowledged that Mangham had no previous convictions and never intended to pass on the information to anyone else, but added: “This was not just a bit of harmless experimentation. You accessed the very heart of the system of an international business of massive size, so this was not just fiddling about in the business records of some tiny business of no great importance.”