Hacker who bypassed Facebook security pleads guilty

Graham Cluley
Graham Cluley
@[email protected]

Glenn Steven ManghamA British student has pleaded guilty to charges that he breached security at Facebook earlier his year, despite arguing that his intentions were not malicious.

York computer science student Glenn Steven Mangham, 26, attempted to bypass security on the company’s internal systems, raising alarm amongst the FBI that industrial espionage was occurring, according to media reports.

Mangham, who had previously been rewarded by Yahoo for finding vulnerabilities in its systems, discovered that Facebook was far from amused by his activities.

The social networking giant discovered evidence that pointed back to Mangham and he was arrested by the Metropolitan Police Central e-Crime Unit (PCeU) in June.

Sign up to our free newsletter.
Security news, advice, and tips.

Specifically, Mangham was accused of using a computer program to secure unauthorized access to Facebook, of attempting to hack into Facebook’s Mailman server (used to run internal and external email lists), and attempting to secure access to the Facebook Phabricator server used by internal developers.

Southwark Crown Court was told Mangham produced software scripts that could hack into Facebook’s Phabricator server to download “highly sensitive intellectual property”.

In addition, the student was said to have breached a webserver used by Facebook to set software development puzzles to programmers who might be interested in working for the company.

Facebook software engineering puzzle website

Mangham’s defence team has argued that he was an “ethical” or “white-hat” hacker, whose intentions – rather than being malicious – were to uncover security vulnerabilities at Facebook with the intention of getting them fixed.

Facebook users will be relieved to hear that the social network told BBC News that the attack “did not involve an attempt to compromise or access user data.”

Thank goodness for that.

Of course, Facebook founder Mark Zuckerberg’s past is not necessarily entirely squeaky clean itself. In the past, he has been accused of hacking into a rival social network, breaking into journalists’ email accounts, and calling Facebook’s early adopters “dumb f**ks” for sharing their email addresses, photos and other personal information.

Some people just get lucky I guess.

Mangham is scheduled to be sentenced on 17 February 2012.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.