“Strictly speaking what I did broke the law because at the time and subsequently it was not authorised,” Mangham wrote. “I was working under the premise that sometimes it is better to seek forgiveness than to ask permission.”
Mangham implied he meant to contact Facebook once he had noticed the social-networking site had observed his intrusions, which he did little to hide. He didn’t use proxy servers because he said it made auditing take longer due to the time delay between each request made to a server. He was also hoping that even when he got caught, Facebook would let him off the hook.
Mangham was sentenced to eight months in prison in February, but the sentence was reduced to four months by an appeals court earlier this month. He was then eligible for release, subject to electronic monitoring and restrictions on his internet use.
Mangham portrayed himself as a security researcher who continued to probe Facebook because he wanted to look deeper for other security issues, since most systems have “a tough outer shell and a soft inside.” He wrote that in the past he had been paid by Yahoo for finding vulnerabilities.
Mangham’s copy of the source code would surely have been of interest to cybercriminals who attempt to use Facebook to perpetuate scams. But he wrote he had no intention of selling the code.