nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

How a hack on Prince Philip's Prestel account led to UK computer law

Thatcher, Buckingham Palace & BT left red-faced by historic techno romp

By John Leyden, 26 Mar 2015

This week marks the 30th anniversary of arrests in the infamous Prestel hack case. It led to arrests, breached the Royal Family's security and helped give birth to the UK's first computer crime law.

What began as a hack against the Prestel Viewdata system – which opened up access to Prince Philip's mailbox – later led to the arrest of two tech enthusiast journalists and a prosecution, culminating in the UK's first computer crime law.

Prestel started in the late '70s but was not commercially successful. Live systems were used for home banking, among other applications. There were also dummy systems. Login credentials used by these dummy systems were shared with those that authorised access to live systems.

Steve Gold and fellow journalist Robert Schifreen managed to hack into BT's Prestel Viewdata service, famously accessing the personal message box of Prince Philip in the process.1 The Prince Philip incident occurred as the culmination of a number of successively more exasperated attempts to shock BT into action after BT showed no interest in bolstering the security of its system.

Schifreen explained: "I came across a Prestel test ID by accident – I was testing a modem and just typed random numbers, basically. That got me into a BT internal Prestel page containing the phone numbers of the dev mainframes.

"After I'd tried those for ages, one day someone left the system manager credentials on the login page of the dev mainframe. So I phoned Steve (who'd been pursuing Prestel in other ways). I then went and told Micronet what I'd done, and they told Prestel... who called in the Met."

Former Detective Inspector ‪John Austen, who ‬founded and led the Computer Crime Unit at New Scotland Yard,‪ arrested Steve Gold at his home address in Sheffield before he was transferred to London for interview, "which was quite friendly as I recall"‬, according to ‪Austen‬.

"There were five charges on different computers within the BT Prestel system between October 1984 and January 1985," ‪Austen‬ told El Reg. "All charges were of 'Forgery' contrary to Section 1 of the Forgery & Counterfeiting Act 1981."

"The ‘forgery’ directly related to forging the password (or PIN) to gain System Administrator privilege and thereafter causing some disruption (of different minor types) to the system. No financial gain was involved."

Austen, who has retired from policing and now works part-time as a visiting lecturer at Royal Holloway, University of London, explained that police responded to a complaint from BT Security, who held the evidence of what had happened.

Gold and Schifreen were subsequently charged and convicted of offences under the Forgery & Counterfeiting Act. This verdict was successfully overturned on appeal.

Brief encounter

‪Alistair Kelman‬, Gold's barrister throughout the case and Schifreen's representative by the time the case went to the House of Lords in 1987, told El Reg he was teaching police officers in Hendon on how to investigate computer crime at around the time he was approached by Gold at a conference, who "nabbed" him as his barrister.

He first became interested in the area after writing a report for the British Computer Society on the admissibility of computer evidence in court, which led on to writing a book called The Computer in Court. ‪Kelman‬, who read minerals engineering at Birmingham University before re-qualifying as a barrister, told us about the circumstances that led up to the hack, which exposed lax security practices at BT.

"Schifreen found semi-dead systems, which he dialled into using a Spectrum," ‪Kelman‬ explained. "The welcome screen displayed sysman and syspass. These were the same as the live system, so Schifreen was able to get in as root."

Schifreen changed the master page to prove he had root before Gold and Schifreen went to the media with the story, which subsequently featured on BBC News and ITV's News at Ten. Then-prime minister Maggie Thatcher "went ballistic" when she saw the report, according to ‪Kelman‬.

Thatcher handbagged BT's then chief exec over the bad publicity in the run-up to BT's flotation, prompting the telco to call in the police. It was this that lead to the arrest and prosecution of Gold and Schifreen. The duo had been open about what they had done and the case had been written up in the press, so they weren't difficult to identify as suspects.

"They were identified by BT, who had engineers and traced all the calls," ‪Austen‬ explained. "The evidence of what they did was complete, and at interview both Steve and Rob admitted their actions. It was a ‘not guilty’ plea at Crown Court, but that was on the basis that they had not broken the law."

Police had tapped the phones of Gold and Schifreen prior to arresting them at home and seizing computer equipment. But the law at the time (years before the RIPA Act) did not permit them to look at messages.

"At the original trial I tried to get this evidence thrown out as inadmissible," ‪Kelman‬ explained. This submission wasn't unsuccessful and a guilty verdict was returned at the original trial.

This verdict was, however, overturned on appeal. Austen explained: "They were convicted at Crown Court (with a jury) but the case was dismissed at the Court of Appeal – we appealed to the House of Lords and it ended as case dismissed on a point of law (that the forgery was only for a millionth of a second and had no degree of permanence)."

Lord Justice Lane in the appeal court ruled that the Forgery Act was inappropriately applied to treat unauthorised logins to the Prestel system as a "false instrument that told a lie about itself".

"It wasn't an appropriate way to use legislation that had been taken well outside its field," ‪Kelman‬ told The Register. "The Forgery Act could have been applied to the production of counterfeit ATM cards, as I was telling police at the time, and this is perhaps where the prosecution got the idea to use that law."

Forging ahead

‪Kelman‬ concluded that a case showed that a new law – which arrived in the form of the Computer Misuse Act – was needed, even though cases involving computer crime had gone through the UK courts prior to the Prestel hacking case. One earlier case involved the alleged misuse of time-sharing systems.

"The Prestel case involved curious journalists who told BT about what they had done," according to ‪Kelman‬, who continued that the case and even the subsequent Computer Misuse Act might have gone down differently if profit-motivated cyber-criminals had come across the same hole.

Schifreen added: "The prosecution case was that typing someone's password into a computer in order that the computer can check whether it's correct or not, is the same as writing their signature on a cheque. The Lords decided that there's a difference between a short, transient episode and something more permanent, and threw it out. Or rather, the High Court threw it out, then the prosecution went to the Lords, who threw it out again. I always like to say that Steve and I won 2-1 on aggregate."

The case exposed gaps in the law and led to the introduction of the 1990 Computer Misuse Act, the UK's first computer hacking law. "It is a precedent in English criminal law that new laws will not be considered unless existing law is shown to be inadequate," Austen explained. "We tested forgery for hacking cases and it failed – a new law was required – as agreed by both the English and Scottish law commissions (post the House of Lords ruling)."

Austen doesn't think that the case would have been handled differently even if profit-motivated cybercriminals rather than well-intentioned individuals had hacked in Prestel's systems.

"At that time, hacking was fairly prevalent – and some books had been published (The Hackers Handbook) that encouraged this practice," according to Austen. "The early hacking cases, in general, did not involve any sort of profit. But having said that, we could forsee that it would in the future (hence Section 2 of the Computer Misuse Act), and that turned out to be the case."

The Computer Misuse Act, criticised by some, nonetheless became a model for later computer crime laws in other countries. The Act was later modified so that denial of service attacks were specifically outlawed. The maximum jail term for breaching the Act changed from six months to two years under provisions made in the Police and Justice Act 2006, which also made making, supplying or obtaining articles for use in computer misuse offences in themselves. ®

How the Prestel Viewdata system worked

A Viewdata system resembles an old Teletext or Ceefax page. Each page is 40x24 characters, and can support some block graphics; Mode 7, in BBC Micro terminology. It is based on a hierarchy of pages, each with a unique page number of up to 9 digits. The hierarchy is important because that's how the database and the permissions work. For example, if you have permission to see or edit page 1234, you can also see/edit 12345 and 12346 and 123477289, but not page 1232.

Each page has 10 built-in single-digit hyperlinks, assigned to the digits 0 to 9. And the editor of the page can set those links to go to anywhere they want. So when you're editing a page on Micronet 800 (which starts on page 800), which comprises a news story that's on page 8001234, you might set link 0 to go to 800 (the home page), link 1 to go to 8001 (the news home page, perhaps), and link 2 to 8001235 (the next story). Users access the link by simply pressing the corresponding digit on their keypad (remember that you can navigate all of a Viewdata system without needing an alpha keyboard).

The other keys on the keypad are * and #. To go directly to a page, if you know its number, type *pagenumber#. Such as *800# for the Micronet homepage. Pretty much all Information Providers (publishers on Prestel, known as IPs) had 3-digit root pages. Unless you were a sub-IP, in which case you were allocated a chunk of someone else's space, so you might start at 8002 or 800456. You could then edit any pages below that.

Internal Prestel pages often had 2-digit numbers. The most notorious and mysterious was page 99, which was alleged to be the sysadmin menu. When Steve and I first attained root access to Prestel, that's the first page we tried. And it worked!

Interestingly, if you tried to go to a page on Prestel and you couldn't reach it for some reason, you'd get a standard "Page not found" error at the bottom of the screen. But depending on whether the message started right at the far left of the screen, or 1 character in, you would know whether the page really didn't exist or whether you merely weren't allowed to see it. So it was easy to work out where the "fun" pages were hidden!!

Finally, each page could have up to 26 sub-pages. So page 1234 could actually have 1234a to 1234z. They were known as frames, I think. This was mainly designed for hosting software downloads (known as telesoftware). A downloadable program had to fit on 26 frames, and each frame was 40x24 characters. So around 24 KB per program.

Oh, and it was all on dial-up of course. At 1200/75, ie 1200 bps download and 75 bps upload. Which was plenty. Especially as you could press a link on a page before that page had finished loading.

Robert Schifreen

Bootnote

1 Prince Philip's mailbox mostly contained birthday greetings to Princess Diana from random members of the public. There was no sign of any actual royal usage of the account, we're reliably informed. Even though he wasn't affected personally, nevertheless "Prince Philip himself delivered a blistering laser-beam of disapproval from Buck House" towards BT.

Source: Photo of Prince Philip.

The Register - Independent news and views for the tech community. Part of Situation Publishing