Micronet Advert - November 1983
From Electronics and Computing Monthly
Micronet 800: Tunes your BBC into a new channel of news, views, facts and fun
Micronet was a popular subsection of the dial-up information system Prestel. Prestel - which shared a technological specification with television Viewdata systems like Ceefax and Oracle - had been launched in 1979.
It was never hugely popular, and it had even been rumoured that it was closing down the year before this advert. At the time it had only 20,000 users, despite having 250,000 pages of information available[1].
In April 1982, Bob Denton of Prism - one of Sinclair's distributors - launched a Prestel-based electronics magazine called Electronics Insight. He subsequently met Richard Hease, the owner of ECC - the publisher of Educational Computing - whereupon the two realised their shared interest in Prestel networks.
In June 1982, ECC sold some of its titles to East Midland Allied Press, or EMAP. EMAP's Prestel division, known as Telemap and which was already a top-20 Prestel information provider thanks to its 60,000 accesses per month from 18,000 users, bought up Electronics Insight and the two systems went on to form the basis of Micronet 800 - the 800 being the page number in Prestel where the service was originally located[2]
Prince Philip and the Prestel Hack
The following year, in 1984, Prestel was subject to a famous early hacking case, when Robert Schifreen and Stephen Gold, who described themselves as freelance journalists, hacked into various parts of the system, including the mailbox of the Duke of Edinburgh.
Predating any sort of actual computer mis-use laws, the pair were committed at Southwark Crown Court under Section 1 of the Forgery and Counterfeiting Act 1981[3].
The case came about not because the "hack" had been detected, but because Schifreen, who had broken in to Prince Philip's mailbox and had even impersonated the Duke in email replies, had made the mistake of selling his story to the papers.
The pair were arrested following a "late-night swoop on their homes in London and Sheffield", with Schifreen being charged for "forging an electronic device for recording information" from Prestel computers known as Gateway and Kipling, whilst Gold had "forged computer discs" from information stored on Keats and Dickens.
During the trial, it was revealed that Prestel's security relied on nothing more than a ten-digit user ID, followed by a 4-number password, whilst users with "top-level security" who could edit stuff only had to enter a second 4-digit password.
Schifreen had used his BBC Micro to randomly type in a user ID of 2222222222 followed by a password of 1234 and was "surprised" to be welcomed as the user Mr. G Reynolds, who unfortunately for Prestel happened to be a user that had access to a testing facility that had access to all Prestel accounts.
On-line banking from the Bank of Scotland, © Personal Computer World November 1985From there, Schifreen gained access to the royal mailbox - after all, as another hacker had put it "everyone and their granny was hacking the system" since it had emerged that Prince Philip even had a Prestel mailbox in the first place.
Schifreen had even reported these text-book security lapses to Prestel as far back as October 1984, with the hope of maybe getting a job offer.
BT's response to the debacle, apart from adding wiretaps after Schifreen had reported the security holes, was to tip off Scotland Yard before changing all its suppliers' "Information Provider" codes as well as changing all the editing passwords to be the same as the intial password.
The whole "security" set-up provided almost no real security whatsoever, which was especially surprising considering that Prestel was also home to the world's first Viewdata banking system[4].
Cloak and dagger: the BT Mole
At first, it had been thought that there might have been a BT "mole" operating, who was supplying important confidential system information to hackers, with the allegations being levelled by Prestel's second-largest information provider, Timeframe International, which swiftly posted BT's claims against it in its "letterbox" - the front window in Prestel.
BT responded by blacklisting Timeframe, claiming that there was a clause in its suppliers' contracts which meant they should not bring BT or Prestel into disrepute[5], an action which led to Timeframe starting on preparations for a retaliatory injunction against BT.
The incumbent telco later backed down, but not before three hackers had used a VTX 5000 modem attached to a Sinclair Spectrum to break into ICL Telecom's mailboxes, with one of them claiming that the passwords needed had been left in his email inbox by someone signing themself as "BT Mole".
The hackers had also accessed ICL's Telex mailbox and had sent Telexes to various ICL offices as well as Steve Clark, the news editor of ITN.
Meanwhile, whilst BT was vigorously denying that there ever was a Prestel Mole, ICL had put in measures to thwart more hacking, with a spokesman suggesting that "Since the hacking, those mailboxes have had passwords put into them, so they are now protected"[6].
There was some support for Timeline's whistle-blowing actions from MPs (via post and not email) as well as the editor of Micronet's Micromouse database.
It had originally been suggested by Popular Computing Weekly that hackers had broken into Micronet/Micromouse on the 2nd of December to promote support for Timeline, but it was actually the editor of the database who posted the message - with what could be considered an early hashtag of "Bring back Timeframe *8181 # R A-OK" - with the full knowledge of Micronet[7].
Schifreen and Gold were eventually convicted under the Forgery Act at the end of April 1986 and were fined £750 and £600 respectively, with £1,000 in costs each[8].
They appealed immmediately, and as the appeal rumbled on at the High Court, it looked like they were actually benefitting from all the fame.
Gold was interviewed at the 1987 PC User show and told Your Computer's Phil Rotsky that "It's done neither of us any harm. If it wasn't for all the publicity I'd probably still be freelancing part-time and working during the day as an accountant". Schifreen, meanwhile, had landed a job at a leading computer magazine[9].
Their convictions were eventually quashed in the middle of July 1987, with their fines rescinded and them being awarded costs. They were reported to be "utterly ecstatic" at the result, whilst Your Computer noted that "if the duo's alleged activities had been more serious there might have been some point in bringing a prosecution, but regardless of the verdict it is difficult to see what this case has achieved[10].
Schifreen and Gold's appeal had been on the basis that the "false instrument" upon which the case rested had not been clearly defined.
The case relied on the instrument being defined as the actual electronic impulses sent down the telephone line, which led Lord Lane, the Lord Chief Justice, to suggest that if it had been forgery, it was "of an unusual kind".
It clearly didn't take long for the three appeal judges to quash the case, as Gold reported "We appeared in court at 10.00 [on July 17th] and by 10.30 we were looking for somewhere to buy champagne"[11].
Schifreen went on to clarify exactly what the case rested upon in a letter to Personal Computer World in its September 1988 edition, as confusion still seemed to reign over the whole affair.
Referring to the uncertainty about what exactly the instrument was that the pair had forged, he wrote that BT and the police had never actually stated what the instrument was, but that a BT drone suggested that it would have to have been "an instrument in the user segment", as in part of the actual Prestel computer.
This led to a something of a paradox, because the Prestel computer was also the machine that was being deceived by the false instrument, which is where the prosecution started to get tangled in knots.
Schifreen continued "the other reason is this: the instrument that we allegedly forged is, according to the law [Section 8(1) of the Forgery and Counterfeiting Act 1981], 'a disk, tape or soundtrack, or any other device on or in which information is recorded or stored'".
The prosecution had argued that as passwords were held in the user segment for the purposes of validation, then that was the false instrument. The Lords, however, insisted that 'recorded or stored' should be given their day-to-day meanings, which implied being held for a fairly long time, which the passwords were clearly not[12]. It was all very confusing.
The Computer Misuse Act 1990 is born
The outcome of the Schifreen/Gold case almost led to the release of a pair of "multi-million pound computer hackers" when their guilty charge for forgery had to be quashed, since the Prestel-hack case had set a precedent which meant that certain acts of forgery using computers were actually legal, albeit temporarily.
The pair - Lamberti and Filinski - had used an ancient Texas Instruments Silent 700 data terminal[13] to access secret data from Lamberti's employer Prudential Basche Securities and were planning to shift £5 million in Euro bonds to a Swiss account controlled by a criminal gang they both belonged to. Unfortunately, such transactions took seven days to complete and the fraud was discovered after five.
Although charges for forgery were out, thanks to the failure of Gold/Schifreen, the pair were still convicted under a charge of conspiracy to defraud, but it also meant that the Crown punted the whole area of law to the Attorney General, Patrick Mayhew, for review[14].
Between them, the two cases did achieve an eventual change in the law. In an interview with The Register in 2016, Schifreen suggested that "I think the police were quite happy that I was acquitted as it demonstrated the need for a computer hacking act of some sort. The Computer Misuse Act of 1990 resulted."[15]
The Misuse Act became law at the end of August 1990, making the UK one of the last major economies to pass such legislation - a point of much previous criticism from Europe and the US.
Lack of legislation had also been a worry for Clifford Stoll, author of The Cuckoo's Egg - a great story about Stoll's uncovering of a KGB spy on a computer network which stretched from the US to Hamburg, who was first spotted thanks to a 75 cent accounting discrepancy.
Stoll had apparently revealed to MP Emma Nicholson, sponsor of the "misuse" act, that the FBI had told him that if the hacking trail he was following finished in the UK, he could forget about any prosecution[16]. Luckily it didn't, otherwise the book would have had a much more boring ending.
The act itself covered three levels of offence: unauthorised access to computer material; unauthorised access with intent to commit or facilitate commission of further offences; and unauthorised modification of computer material.
The first two were broadly similar, but were framed with a bit of leniency for a first, or one-off, offence - the penalty for this being up to six months, whilst that of hacking with the intention of continuing had a tarrif of up to five years in the slammer.
Perhaps unsurprisingly, then-former hacker Schifreen was largely unimpressed with the new legislation, with a particular concern being that large businesses might start assuming that their systems were now somehow more secure because of the threat of imprisonment.
He also suggested that the law rested too much on the intent of a would-be hacker, in that it was easy enough to catch someone at a terminal, but much harder to prove that they intended to do any damage - in the same way as it was much harder to prove murder over manslaughter.
The other thing that act didn't, and perhaps couldn't, do was to differentiate between old-school hacking "for fun", and the growing industry of hacking as a means of making money, where legislation wasn't really going to deter large-scale criminals anyway.
Schifreen said on the subject that he couldn't "help the feeling that the Computer Misuse Act is a waste of time. Senior lawyers are reported to have [said] that if this act had existed a few years ago, I would have been convicted and imprisoned for my part in the Prestel hack. Personally, I doubt that".
Zen and the art of hacking
He continued "the majority of hackers hack for fun. They do it because they want to show companies just how insecure their computer systems are. Had I used my hacking knowledge to move money into my own bank account, or deliberately crashed the entire Prestel network, there would have been no need for specialist legislation".
Indeed, existing laws on fraud, theft or criminal damage would have covered this sort of attack already, but Schifreen was also worried about the case of the "curious schoolboy", wandering into a system with no security to speak of. "Is he going to get five years? Of course not. He'll probably get a fine of a couple of hundred pounds".
Schifreen then got nicely Zen in his September 1990 article for Personal Computer World when he posed the question "if [a hacker] deletes data, but a backup copy is available, then has he really deleted the data?"[17].
Meanwhile, back in the summer of 1987, The tables were somewhat turned on the erstwhile Prestel hacker when Schifreen, who by now was writing for Personal Computer World, discovered that his Telecom Gold mailbox had been under observation since Christmas 1986.
When Schifreen called the not-Stephen Gold up to ask why there were some strange open files on his sytem, including a tell-tale one called "SECURITY>VNU209.0" - Schifreen's user ID but with an extra ".0" on the end - he was met with the response "OK, it seems like we're monitoring your mailbox. Let me find out why and get back to you".
Apparently, the monitoring had started after an unknown third party had accessed Schifreen's account and tried to access a file that users shouldn't even know about - a file which as it turned out was actually mentioned in all the manuals for the Prime mainframes that Telecom Gold ran on.
Schifreen got some payback by referring to matter to the Office of Telecommunications - Oftel - which started investigating BT under the terms of the Interception of Telecommunications Act 1985, as well as its operating licence[18].
Script kiddies
In modern terms, the Prestel hack was clearly not a hack, as trying out a few random numbers on a system so devoid of any real security can hardly be compared to state-sponsored operations like Stuxnet, which briefly shut down Iran's entire nuclear programme[19].
It also did little to encourage other industries to beef up their security, as demonstrated nicely when a couple of years later, in 1989, a 17-year-old managed to steal nearly £1 million from his employer - the National Westminster Bank.
NatWest junior clerk - Tim Fox - had first used the bank's computer to move just over £12,000 of customers' cash into his own account. Emboldened by the ease and the subsequent lack of detection of his deeds, he went on to move an additional £948,252 into the account of a friend, whereafter the two immediately went on a champagne and electric-guitar spending spree.
It was only after Fox admitted the original fraud that the bank knew anything about it, with Fox going on to 'fess up to the bigger deed after NatWest launched an extensive probe.
Fox and his friend, who had paid back all but around £15k of the stolen loot, were eventually sentenced to 12 months' youth custody, but the judge pointedly refused to order them to pay the rest of the money back, stating that it was clearly a poor indictment of banking computer security that a kid just out of school could "work [the] system in Nat West on a number of occasions without being found out".
The case coincided with a government review which suggested that computer hacking be made a criminal offence, and that infecting computer systems with a virus should be "made illegal".
The Treasury and the Bank of England had instigated the government committe as it was becoming clear that some computer hackers were getting quite handy at breaking into banking systems and generating their own PINs for stolen cash-machine cards[20].
Electronic frontiers
A few years later, the tables seemed to turn again, at least in the US, as by the beginning of the 1990s organisations like the Electronic Frontier Foundation were being set up.
Created by Mitch Kapor - the founder of the company that produced what was then the world's biggest-selling spreadsheet, Lotus - the EFF offered to help hackers accused of criminal activity, as well as carry out research into the legal issues surrounding computer communications.
In the summer of 1990 Kapor, who had by now left Lotus to start his own "software ideas company", poked the wasps' nest with a big stick when he suggested that there should actually be some sort of civil right to hack, and that people who trespass into others' computers should have some protection when they do.
He also suggested that prosecutions by US law enforcement was risking "stifling the creativity of teenage hackers" and was otherwise threatening a "harmless activity".
Not unexpectedly, these law enforcement bodies were claiming that they were not stifling anything, but were merely "cracking down on people who exploit loopholes in computer security to steal credit card numbers". Whilst most in the industry seemed to be of the mind that Kapor was a bit "off his trolley", as Keynew put it, he did manage to get Apple co-founder Steve Wozniak on board[21].
---
Back in 1987, Prestel - which was never financially successful - picked up some competition towards the end of the year in the form of Istel. Istel was a successful national Viewdata network that had been set up by automotive basket-case British Leyland, which by 1987 was known as Austin Rover, to provide a dealer communications network.
It was sold in the autumn of 1987 to a management and employees consortium which was backed by financial institutions including Lloyds Bank, Kleinwort Benson and Barclays, for the sum of around £75 million - not bad for a network that almost no-one had heard of[22].
Date created: 14 December 2023
Sources
Text and otherwise-uncredited photos © nosher.net 2024. Dollar/GBP conversions, where used, assume $1.50 to £1. "Now" prices are calculated dynamically using average RPI per year.