Urban myth or fact: altruistic hacking for the good of mankind? British student, Glenn Mangham, infiltrated Facebook’s internal networks from the comfort of his bedroom in his parent’s house last year. So why did the software development student do it? According to Mangham, the reason was simple. To prove major security flaws. Not to cause any damage or steal information.
Facebook first learned about the webserver breach in April 2011 and contacted the FBI. Given that valuable source code was exposed, the consequences could have been disastrous. They reported spending over $200,000 to deal with the security risk. Naturally, they were not looking favorably upon the hacker, despite the fact that zero personal data was compromised.
So what’s the right approach? Exposing security flaws without malicious intent can be extremely valuable for any company. Whitehat hacking has helped many companies to improve their security before the hackers get in there and cause massive damage. Shouldn’t these companies be rejoicing and relieved? Especially when you learn that Mangham had previously received a reward from Yahoo for helping them to improve security.
Well in this case, the court did not agree. They claimed it’s one of the most serious cases they’ve ever seen. The judge, Alistair McCreath, did not accept that Mangham’s actions were harmless. Regardless of his motivation, the punishment for accessing the heart of a major business was eight months in jail plus a five-year computer ban.
If you do the crime, you should be prepared to do the time, but has justice really been served? Is it right to protect the business who created the flawed design? Or is hacking so dangerous – even whitehat hacking, that it should be treated as a serious crime? Well that’s up to you to decide, but I’ll leave you with this thought. Just like the movie Catch Me If You Can, perhaps Facebook might have been better off offering the clever 26-year-old a job.