Glenn Mangham Sentenced To Prison After 'Extensive' Facebook Hack
LONDON -- A British student who stole sensitive information from Facebook's internal network was sentenced to eight months in prison Friday in what prosecutors described as the most serious case of social media hacking ever brought before the country's courts.
Prosecutor Sandip Patel said that Glenn Mangham, 26, had hacked into the social networking giant's computers from his bedroom in the northern England city of York and stole what was described as "invaluable" intellectual property.
"He acted with determination, undoubted ingenuity and it was sophisticated, it was calculating," Patel told London's Southwark Crown Court ahead of sentencing Friday. He added later: "This represents the most extensive and grave incident of social media hacking to be brought before the British courts."
London Chief Prosecutor Alison Saunders echoed Patel's description, saying in a statement that Mangham's actions were "extensive and flagrant." It was not immediately clear exactly what he stole, although Saunders said that no personal user data had been compromised.
Scotland Yard said in a statement that the breach had occurred "over a short period of time" in April of last year. The court was told that Mangham had obtained the information after hacking into the account of a Facebook employee while the staff member was on vacation.
The police statement said that Facebook Inc. discovered the breach in May and alerted the FBI, who traced the source of the attack back to Britain. Scotland Yard's e-crimes unit raided Mangham's home on June 2.
The software development student pleaded guilty on Dec. 13. His lawyer, Tony Ventham, described Mangham as an "ethical hacker" who saw the stunt as a challenge – and stressed that his client had never tried to sell the stolen data or pass it on to anyone else.
"This is someone who in previous times would have thrown everything aside to seek the source of the Nile," Ventham said. "He was in his own world, his own bedroom, his own mind, his own project and certainly his intention throughout was to contact Facebook in due course when he had rectified their problems."
But while Judge Alistair McCreath accepted that Mangham had not tried to profit from his crime, he said that the defendant's actions still had "very serious potential consequences" which could have been "utterly disastrous" for Facebook.
"This was not just a bit of harmless experimentation," McCreath told Mangham. "You accessed the very heart of the system of an international business of massive size, so this was not just fiddling about in the business records of some tiny business of no great importance."
The Palo Alto, California-based Facebook said in a statement that it applauded police and prosecutors' efforts in the case, adding: "We take any attempt to gain unauthorized access to our network very seriously."
The company, which boasts some 845 million users worldwide, recently filed papers for its initial public offering at the beginning of this month, putting it on track to price its stock in May or June.
Facebook is expected to be valued at $75 billion to $100 billion.
Online:Check out the most common Facebook hacks and attacks.
Clickjackers on Facebook entice users to copy and paste text into their browser bar by posting too-good-to-be-true offers and eye-catching headlines. Once the user infects his own computer with the malicious code, the clickjackers can take control of his account, spam his friends and further spread their scam. For example, clickjacking schemes hit Facebook soon after bin Laden's death and spread like wildfire by purporting to offer users a glimpse at <a href="http://www.huffingtonpost.com/2011/05/04/bin-laden-death-video-hoax_n_857730.html" target="_hplink">video or photos of bin Laden's death</a>.
Fake Polls Or Questionnaires
If you click on an ad or a link that takes you to questionnaire on a site outside Facebook, it's best to close the page. When you complete a fake quiz, you help a scammer earn commission. Sometimes the quiz may ask you to enter your mobile number before you can view your results. If the scammers get your number, they could run up charges on your account.
Phishers go after your credentials (username, password and sometimes more), then take over your profile, and may attempt to gain access to your other online accounts. Phishing schemes can be difficult to spot, especially if the scammers have set up a page that resembles Facebook's login portal.
Phony Email Or Message
<a href="http://www.facebook.com/help/?page=1187" target="_hplink">Facebook warns</a> users to be on the lookout for emails or messages from scammers masquerading as "The Facebook Team" or "Facebook." These messages often suggest "urgent action" and may ask the user to update his account. They frequently contain links to malware sites or virus-ridden attachments. They may even ask for your username and password. The best advice Facebook offers is to report the sender and delete the messages without clicking anything.
Money Transfer Scam
If a friend sent you a desperate-sounding Facebook chat message or wall post asking for an emergency money transfer, you'd want to help, right? Naturally. That's what makes this scam so awful. The point is to get you to wire money to scammers via Western Union or another transfer service.
Fake Friend Request
Not all <a href="http://www.huffingtonpost.com/2011/02/10/facebook-friend-request-spam_n_821584.html?page=1" target="_hplink">friend requests</a> come from real people, despite Facebook's safeguards against bots. Some Facebook accounts exist purely to establish broad connections for spamming or extracting personal data from users, so watch out whose friend requests you accept.
Fake Page Spam
Malicious pages, groups or event invitations aim to trick the user into performing actions that Facebook considers "abusive." For instance, a fake invite might offer a prize if you forward it to all your friends or post spammy content on their walls. Sometimes a scammer will set up fake pages as a front for a clickjacking or phishing scheme.
Malicious apps are pretty common on Facebook these days. They can be a cover for phishing, malware, clickjacking or money transfer schemes. Oftentimes, the apps look convincingly real enough for users to click "Allow," as they would do with a normal Facebook app. However, rogue apps use this permission to spread spam through your network of friends. For example, the recent "<a href="http://www.huffingtonpost.com/2011/04/08/facebook-closing-accounts-scam-app_n_846737.html" target="_hplink">Facebook Shutdown</a>" scam spread by claiming that Facebook would delete all inactive accounts except those that confirmed via app installation.
The Koobface Worm
The <a href="http://en.wikipedia.org/wiki/Koobface" target="_hplink">Koobface worm</a> is getting on in years (it first appeared in late 2008) and has been mostly scrubbed from the site, but Facebook still warns users to look out for it. Koobface spreads across social networks like Facebook via posts containing a link that claims to be an Adobe Flash Player update. Really, the link downloads malware that will infect your computer, hijack your Facebook profile and spam all your friends with its malicious download link. This worm affects mostly Windows users.