A computer enthusiast from York has admitted hacking into Facebook. Glenn Mangham, 26, pleaded guilty to hacking into the social networking site between April and May this year at a hearing in London's Southwark Crown Court on Tuesday. The court heard that the incident sparked a major security alert amid fears that some form of …
You do a crime, you get charged with it, you plead guilty, and you don't whine about mental disorders. You take your punishment like a man, and get on with your life afterwards.
Not that there are any parallels with another case in the public eye...
""attack did not involve an attempt to compromise or access user data"."
Well no, it wouldn't. You can get that just by sending a friend request.
'Allo 'allo, wotz been going on 'ere then?
So a “software development student” manages to crack facebork security put in place by a whole team of “security experts”
What was the "highly sensitive intellectual property"? Details of a flawed security application?? And to crown it all facebork only found the activity by accident!!!!
“At Facebork nothing is more important to us than the security and integrity of our site, and we take any attempt to compromise our security network incredibly seriously. We work closely with law enforcement agencies and the police to ensure that offenders are brought to justice”
It was lucky for facebork that Mangham was "of good character", I wonder what would be the outcome if somebody of dubious character did the same thing?
Methinks that facebork should report themselves to the plods for implementing poor security.
I wish they'd make up their minds
>At Facebook nothing is more important to us than the security and integrity of our site
NO, no, and thrice no
At Facebook nothing is more important to us than the privacy of our users
I think they had it right in the first place. How are they going to f**k the FB suckers over again and again if some spotty git simply wanders in and has the ability to syphon out all FB's juicy marketing data that FB were going to sell off to all those slimy, scumbag ad bidders?
I think you ought to learn to read between the lines and not take everything so literally.
We cannot have people like this going around pointing out security flaws.
Security needs to be 100% black-boxed and hidden from view.
Only via total obscurity can we ever have safe systems otherwise people will be able to work out how to circumvent them. Anyone trying to shed light on security matters is clearly dangerous, quite possibly a terrorist and should be dealt with in the most sever terms possible.
Thus the only response from the courts should be to deport him to the USA (Facebook is, after all American) when he can be tried by a military court and executed.
The world will then be a safer place for us all.
Frankly, if you give FB and likes your private information you already hacked yourself.
Further damage is only what you deserve.
While I agree with The BigYin@22:44 you can't go around breaking into sites, hide your tracks, get caught *then* go 'well it was for everyones good'. Its not for everyones good if you don't 'fess up and discuss it with FB but keep it for yourself - thats hard to claim as research
This makes the assumption that he didn't of course. If he did, then FB must have been proper pissed at him
What no extradition to the USA?
Perhaps Facebook could thank the man for pointing out the security holes or give him a job as a security advisor? This isn't a good way of fishing for a job but how else do you get the attention of a potential employer and get to prove how much better you are than their own staff?
At least FB admits there was no attempt to access personal data, that should save a couple of years on the prison sentence or, dare I predict, reduce it to a few months.
A shame Garry Mckinnon can't get quick justice in the UK, get given a few months inside, then that's it's, over and done with, he can then get on with his life. (So long as he doesn't consider a future holiday to Florida, I doubt the US would ever drop the warrant for his arrest.)
Welcome to ostrich land
"This attack did not involve an attempt to compromise or access user data"
Not because FBook actually give a shit but simply because the hacker was not so motivated.
Hmm. They take any attack on their security incredibly seriously, yet they seem to be focusing on prosecuting the attackers rather than saying how they're fixing the security holes?
What I really don't get is why these 'leet hackers do all their 'leet hacking from home, rather than a wifi hotspot, a VPN in the Middle East or both. And then they get caught and plead guilty. Surely if you're smart enough to hack into Facebook you could come up with some reasonable excuse. (My PC must have been compromised, my Wifi was hacked, my girlfriend did it then moved back to Elbonia)...
Another new business idea!
middle-eastvpn.com happens as soon as I get back to Dubai!
are spying on our users! How dare you spy on us??
Seriously, what kind of secret industrial process a company like Facebook could hide???
Now for a lesson in reality.
"At Facebook nothing is more important to us than the security and integrity of our site"...
... as long as they can get some student convicted for it. Otherwise, it's all about selling out the users' data. Just look at facebook's privacy record and how their spin machine regularly resembles a leaf in the wind. "Highly sensitive intellectual property" indeed.
I don't know all the details of the case but with no malicious damage/intent other than access, and from the sounds of it fairly intelligent hacking as opposed to brute force/ddos/script kiddie nonsense, then a little community service and a warning of jail time in Wandsworth should suffice I hope.
A little honesty at last
"At Facebook nothing is more important to us than the security and integrity of our site,..."
Users, privacy etc. all came a poor second.
I hope he's also had the old heave-ho from Uni...
Glenn: Uh Hi, yeah so i'm just going to use your proprietary code for this new social networking site I'm setting up for York Uni students.
Mark: Uh, no thanks, that's ours, Facebook does not steal ideas or code from anyone, therefore you should lead by our example.
Glenn: Uh, okay, I wasn't asking.
Mark: Fair enough, I've been there before, but you will end up in a world of hurt, I can't wait to stand over your shoulder and watch you write me a cheque.
"nothing is more important to us than the security and integrity of our site"
Nothing, especially not our users, whose security just gets in the way of selling the data we gathered on them...
compare and contrast
"Mangham had downloaded and stored code he wanted to work with offline."
"resulted in the extraction of what prosecutor Sandip Patel described as "highly sensitive intellectual property""
Facebook: "This attack did not involve an attempt to compromise or access user data."
What kind of data could Facebook *possibly* have which a) some random geek would want to 'work with offline' and which b) could be described as 'highly sensitive intellectual property', but which is not 'user data'?
I call BS, facebook.
'At Facebook nothing is more important to us than the security and integrity of our site, and we take any attempt to compromise our security network incredibly seriously.'
'All your data are belong to us and if you hack us we can't monetise it as effectively.'
'At Facebook nothing is more important to us than the security and integrity of our site...'
Nothing. Not even the security, integrity and privacy of your personal information.
Precident being set here?
with respect for another hacker then?
Oh silly me.
He hacked some US Gov sited looking for details on Aliens. That must make him an 'uber terrorist' and deserves 10 lifetimes in jail with no chance of parole.
But why didn't the US try to extradite this guy with the same gusto that they have been doing with other cases?
Double standards then.
anon for fear of real black helicopters coming to my house.
So all hacking attempts are the same in the same way that all other offences are the same?
Whilst I feel a little sorry for McKinnon, hacking into military computers is always going to get you into hot water. Its not so much what he was looking for as to what access to the systems he hacked would give you the ability to see.
Oh, we can't be bothered to do security properly
So let's shoot the messenger instead... In fact let's get the UK taxpayer to fund the messenger-shooting exercise for us. Facebook is well renowned for its almost comically amateurish approach to security (let alone privacy), seemingly doing just about enough to fend off the worst critics, but beyond that, little more.
Prosecutions like this do nothing for internet security. Odds are the next person to find a security hole will be better at covering their tracks, will live in a juristiction without such an obliging police force (to Facebook, that is), and/or they'll be more malevolent.
If anything prosecutions send the message: If you've found a security hole, don't tell anyone about it - and don't investigate - leave that to the black hats..
The irony is delicious after all it's how TheFacebook first got it's own data..........
but apparently that was ok!