Incident: Hacking Incident at Facebook by Glenn Mangham in 2011

Published Date: 2012-02-17

Postmortem Analysis
Timeline 1. The software failure incident involving the hacking of Facebook by Glenn Mangham happened between April and May of the previous year before the article was published on February 17, 2012 [10142].
System 1. Facebook servers [10142] 2. Puzzle server [10142] 3. Mailman server [10142] 4. Phabricator server [10142]
Responsible Organization 1. Glenn Mangham - The individual who hacked into Facebook's servers and caused the software failure incident [Article 10142].
Impacted Organization 1. Facebook - The software failure incident involving the hacking by Glenn Mangham impacted Facebook as he accessed and stole valuable computer code and intellectual property from the company, causing panic among authorities including the FBI [10142].
Software Causes 1. Exploiting vulnerabilities in Facebook's system by impersonating an employee and hacking into three of its servers to steal valuable computer code [10142] 2. Accessing and stealing highly sensitive intellectual property, including internal communications and code of Facebook, from the puzzle server, mailman server, and phabricator server [10142] 3. Bypassing security measures and resetting an employee's password to gain unauthorized access to protected internal systems [10142]
Non-software Causes 1. The student impersonated an employee of Facebook while on holiday to gain unauthorized access to the servers [10142]. 2. The student breached the security of Facebook's servers by hacking and hijacking an employee's account to reset the password and access sensitive intellectual property [10142]. 3. The student's actions were described as disruptive and intentionally malicious, indicating a deliberate attempt to exploit vulnerabilities for personal gain [10142]. 4. The student did not immediately disclose the vulnerabilities he found to Facebook, instead choosing to keep it a secret for a dramatic effect [10142].
Impacts 1. The software failure incident led to panic among authorities, including the FBI, who suspected it was a case of industrial espionage [10142]. 2. The incident caused disruption and potential risk to Facebook's operations, with the judge stating that the hacker could have potentially brought down the entire Facebook empire [10142]. 3. Facebook had to conduct a time-consuming investigation involving authorities in America, including the FBI, and the Metropolitan Police in the UK [10142]. 4. The breach resulted in Facebook paying out $200,000 for investigating the security incident [10142]. 5. The hacker, Glenn Mangham, was jailed for eight months as a consequence of the software failure incident [10142].
Preventions 1. Implementing stricter access controls and monitoring systems to prevent unauthorized access to sensitive intellectual property [10142]. 2. Conducting regular security audits and penetration testing to identify and address vulnerabilities in the system [10142]. 3. Enhancing employee training on cybersecurity best practices to prevent social engineering attacks like password resets [10142]. 4. Encouraging ethical hacking through bug bounty programs to incentivize individuals to report vulnerabilities rather than exploit them [10142].
Fixes 1. Implementing stronger security measures to prevent unauthorized access to sensitive intellectual property [10142] 2. Conducting regular system checks and audits to detect any potential security breaches [10142] 3. Enhancing employee training on cybersecurity best practices to prevent social engineering attacks like password resets [10142]
References 1. Glenn Mangham 2. Judge Alistair McCreath 3. Prosecutor Sandip Patel 4. Facebook 5. FBI 6. Met police 7. Tony Ventham 8. Stefan Parker 9. Mark Zuckerberg 10. Yahoo! 11. Southwark Crown Court 12. e-Crime unit 13. Arthur Conan Doyle fan The articles gather information from these specific entities [10142].

Software Taxonomy of Faults

Category Option Rationale
Recurring unknown <Article 10142> does not provide information about the software failure incident happening again at either the same organization or at other organizations. Therefore, the answer to the question is 'unknown'.
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase can be seen in the case of Glenn Mangham hacking into Facebook's servers by impersonating an employee and stealing valuable computer code. This incident was a result of a failure in the system's design that allowed unauthorized access to sensitive intellectual property [10142]. (b) The software failure incident related to the operation phase is evident in how Glenn Mangham bypassed security measures, accessed protected internal systems, and hijacked an employee's account to gain access to Facebook's most sensitive intellectual property. This failure was due to factors introduced by the operation of the system, where security measures were not robust enough to prevent unauthorized access and misuse [10142].
Boundary (Internal/External) within_system (a) within_system: The software failure incident in this case was primarily due to contributing factors that originated from within the system. Glenn Mangham, the student who hacked Facebook, impersonated an employee of the social networking site and hacked into three of its servers, stealing valuable computer code and intellectual property [10142]. He breached the security of Facebook to find vulnerabilities within the site, which he believed he could then report to the developers for strengthening. This indicates that the failure was caused by actions taken within the system itself, such as unauthorized access and theft of sensitive information.
Nature (Human/Non-human) non-human_actions (a) The software failure incident in this case was primarily due to non-human actions. The failure occurred when Glenn Mangham, a student, hacked into Facebook's servers and stole valuable computer code, causing panic among authorities including the FBI who suspected industrial espionage [10142]. The incident was a result of a security breach and unauthorized access to sensitive intellectual property within Facebook's systems, which was initiated by the actions of the hacker rather than any direct human error within Facebook's development team.
Dimension (Hardware/Software) software (a) The software failure incident in the article was not due to hardware issues but rather due to the actions of the individual, Glenn Mangham, who hacked into Facebook's servers from his bedroom in York. The incident was a result of his unauthorized access and theft of valuable computer code from the company's servers, causing panic among authorities including the FBI who suspected industrial espionage [10142]. (b) The software failure incident was primarily due to contributing factors originating in software. Glenn Mangham hacked into Facebook's servers, impersonated an employee, and stole sensitive intellectual property, including valuable computer code that gives Facebook its value. His actions were described as sophisticated, calculating, and ultimately disruptive and intentionally malicious by the prosecutor. The incident involved bypassing security measures, accessing protected internal systems, and hijacking employee accounts to gain access to sensitive intellectual property [10142].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident in this case was malicious. Glenn Mangham, the student who hacked Facebook, accessed and stole valuable computer code from the company with the intent to find vulnerabilities within the site. He impersonated an employee, downloaded sensitive intellectual property, and breached the security of the social networking site [10142]. The prosecutor mentioned that Mangham's actions were ultimately disruptive and intentionally malicious, not simply aimed at exploiting vulnerabilities [10142]. Additionally, Facebook discovered the security breach during a system check, leading to Mangham's arrest by the Met’s e-Crime unit [10142]. (b) There is no information in the articles to suggest that the software failure incident was non-malicious.
Intent (Poor/Accidental Decisions) poor_decisions (a) The intent of the software failure incident was not accidental but rather due to poor decisions made by the individual involved. The individual, Glenn Mangham, intentionally hacked into Facebook's servers, impersonated an employee, stole valuable computer code, and downloaded it to his hard drive [10142]. Despite claiming his actions were for "ethical hacking" to find vulnerabilities within the site, the judge emphasized that his actions were not harmless experimentation but a serious breach of an international business's system [10142]. Additionally, the prosecutor stated that Mangham's actions were ultimately disruptive and intentionally malicious, indicating a deliberate intent behind the software failure incident [10142].
Capability (Incompetence/Accidental) accidental (a) The software failure incident in this case was not due to development incompetence but rather intentional hacking by a student named Glenn Mangham. He hacked into Facebook's servers and stole valuable computer code, causing panic among authorities including the FBI who suspected industrial espionage [10142]. (b) The software failure incident was accidental in the sense that Glenn Mangham's actions were not accidental but intentional. He deliberately hacked into Facebook's servers and stole sensitive intellectual property, triggering a time-consuming investigation involving authorities in America and the UK [10142].
Duration temporary The software failure incident described in the article was temporary. Glenn Mangham, the student who hacked Facebook, accessed and stole valuable computer code from the company's servers, causing panic among authorities including the FBI. The breach triggered a time-consuming investigation involving the FBI and the Met police in the UK [10142]. This incident was due to specific circumstances introduced by the actions of the hacker, rather than being a permanent failure inherent in the system.
Behaviour value, other (a) crash: The software failure incident in this case did not involve a crash where the system lost state and did not perform any of its intended functions. The incident was more focused on unauthorized access and theft of valuable computer code from Facebook's servers [10142]. (b) omission: The software failure incident did not involve the system omitting to perform its intended functions at an instance(s). Instead, the incident revolved around the unauthorized access and theft of sensitive intellectual property from Facebook's servers [10142]. (c) timing: The software failure incident was not related to the system performing its intended functions too late or too early. The focus was on the unauthorized access and theft of valuable computer code from Facebook's servers by the individual involved [10142]. (d) value: The software failure incident can be categorized under the value type, as it involved the unauthorized access and theft of valuable computer code from Facebook's servers. The stolen code was described as the "secret code that gives Facebook its value" [10142]. (e) byzantine: The software failure incident did not exhibit a byzantine behavior where the system behaves erroneously with inconsistent responses and interactions. The incident primarily involved unauthorized access and theft of sensitive intellectual property from Facebook's servers [10142]. (f) other: The behavior of the software failure incident can be categorized as unauthorized access and theft of valuable computer code from Facebook's servers. The individual involved impersonated an employee, hacked into servers, and downloaded sensitive intellectual property, causing panic among authorities including the FBI [10142].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, theoretical_consequence (d) property: People's material goods, money, or data was impacted due to the software failure - Glenn Mangham hacked into Facebook's servers and stole valuable computer code, including highly sensitive intellectual property, which could have potentially brought down the entire £31 billion empire [10142]. - Facebook had to pay out $200,000 in investigating the breach caused by Mangham's hacking [10142].
Domain information, finance (a) The failed system was related to the information industry as it involved the hacking of Facebook, a social networking site that deals with the production and distribution of information [10142]. (h) The incident also had implications for the finance industry as the stolen intellectual property from Facebook was related to the way the company is run internally, which is crucial for its financial operations and valuation [10142]. (m) Additionally, the incident could be linked to the technology industry as it involved hacking into servers and stealing valuable computer code, which is a significant aspect of the technology sector [10142].

Sources

Back to List