This week marks the 30th anniversary of arrests in the infamous Prestel hack case. It led to arrests, breached the Royal Family's security and helped give birth to the UK's first computer crime law.
What began as a hack against the Prestel Viewdata system – which opened up access to Prince Philip's mailbox – later led to the arrest of two tech enthusiast journalists and a prosecution, culminating in the UK's first computer crime law.
Prestel started in the late '70s but was not commercially successful. Live systems were used for home banking, among other applications. There were also dummy systems. Login credentials used by these dummy systems were shared with those that authorised access to live systems.
Steve Gold and fellow journalist Robert Schifreen managed to hack into BT's Prestel Viewdata service, famously accessing the personal message box of Prince Philip in the process.1 The Prince Philip incident occurred as the culmination of a number of successively more exasperated attempts to shock BT into action after BT showed no interest in bolstering the security of its system.
Schifreen explained: "I came across a Prestel test ID by accident – I was testing a modem and just typed random numbers, basically. That got me into a BT internal Prestel page containing the phone numbers of the dev mainframes.
"After I'd tried those for ages, one day someone left the system manager credentials on the login page of the dev mainframe. So I phoned Steve (who'd been pursuing Prestel in other ways). I then went and told Micronet what I'd done, and they told Prestel... who called in the Met."
Former Detective Inspector John Austen, who founded and led the Computer Crime Unit at New Scotland Yard, arrested Steve Gold at his home address in Sheffield before he was transferred to London for interview, "which was quite friendly as I recall", according to Austen.
"There were five charges on different computers within the BT Prestel system between October 1984 and January 1985," Austen told El Reg. "All charges were of 'Forgery' contrary to Section 1 of the Forgery & Counterfeiting Act 1981."
"The ‘forgery’ directly related to forging the password (or PIN) to gain System Administrator privilege and thereafter causing some disruption (of different minor types) to the system. No financial gain was involved."
Austen, who has retired from policing and now works part-time as a visiting lecturer at Royal Holloway, University of London, explained that police responded to a complaint from BT Security, who held the evidence of what had happened.
Gold and Schifreen were subsequently charged and convicted of offences under the Forgery & Counterfeiting Act. This verdict was successfully overturned on appeal.