Landmark computer hacking archive deposited at TNMOC

Prince Philip Prestel hack preserved for posterity


An archive that tells the story of how the 1980s hack of Prince Philip’s mailbox led to UK anti-hacking legislation has been deposited at The National Museum of Computing (TNMOC).

Robert Schifreen, the "white hat" at the centre of the 1980s controversy, compiled the archive, which details Schifreen’s two-year-long legal travails following his open hack of Prestel, BT’s pre-web online service. Schifreen and the late Steve Gold managed to hack into BT's Prestel Viewdata service, famously accessing the personal message box of Prince Philip in the process.

The Prince Philip incident only happened following a number of attempts to shock BT into action after the telco showed no interest in bolstering the security of its system. Involving the Royals prompted BT into calling in the police, setting off a chain of events that led to the the arrest of Schifreen and Gold in March 1985 and the subsequent prosecution of the two tech enthusiast journalists.

With no anti-hacking law in existence at the time, the archive gives details of the passage of what turned out to be in effect a test case through three courts ending in the acquittal of Schifreen and Gold in the House of Lords (at that time the highest UK court) in 1987.

The archive includes Schifreen’s '80s-era hacking password book, transcripts of his interviews with police, legal correspondence, the jury bundle and a substantial number of press cuttings.

Evening white hats

In presenting the archive, Robert Schifreen explained the context of 1980s hacking to an audience at TNMOC. In 1985, the internet did not exist, home computing was beginning to take off, Prestel had recently become the first online service available to the UK public but there was no real awareness of the need for computing security and no law explicitly against computer hacking.

Schifreen, aged 22 at the time, collected user names and passwords and investigated computer databases not supposedly open to the public but accessible all the same.

In a statement, Schifreen explained: “Hackers in those days never started until 6pm because it was so expensive to go online with a dial-up connection before that. But 6pm was a significant start-time because the Prestel security staff had gone home and weren’t there to deal with automated messages telling them that there had been three unsuccessful attempts at a log-on to Prestel.

“I could read the messages, delete them to cover my tracks before security arrived for work next morning. In effect I was a Prestel System Manager. I even managed to hack Prince Philip’s Prestel Mailbox and was quite open about it,” he added.

Schifreen was surprised at how Prestel handled his reports of issues with its systems, which these days would have earned him a bug bounty payout. Thirty years ago he was treated to arrest and trial.

“I made no secret of what I was doing,” Schifreen explained. “It was 1985. The Computer Misuse Act came into existence in 1990. I was doing nothing illegal!

“I phoned Prestel and told them what I could do. I thought they might give me a job. They didn’t. They called Scotland Yard,” he added.

Initially charged and convicted of forgery at Southwark Crown Court, that decision was overturned on appeal by the Lord Chief Justice. After a further appeal by the prosecution, the Lord Chief Justice’s decision to acquit was upheld by the House of Lords.

Relic of an age when security wasn’t treated seriously

Schifreen, who has gone on to enjoy a successful career as a security journalist and later consultant, currently at SecuritySmart, an IT security awareness training company, concluded: “I think the police were quite happy that I was acquitted as it demonstrated the need for a computer hacking act of some sort. The Computer Misuse Act of 1990 resulted.”

Receiving the archive, TNMOC trustee Margaret Sale commented: “We are extremely grateful to Robert Schifreen for donating his fascinating archive to TNMOC and giving us an insight into what now seems a very strange world in which computer security was not treated very seriously.”

These days firms such as TalkTalk, in some ways a modern-day successor to Prestel, go to great lengths to tell everyone that they take security seriously. Well, they do after they’ve been breached, anyway.

But we digress.

The archive at TNMOC, which is located at Bletchley Park, is available to bona fide researchers. It is growing rapidly and already contains the entire 45-year print history (1966-2011) of Computer Weekly, the world's first weekly computer publication, 26 years of Personal Computer World, and many other magazines, the complete ICL manufacturing archive, the entire Digital Equipment Corporation microfiche and more.

Prestel started in the late '70s but was not commercially successful. Live systems were used for home banking, among other applications. ®

Bootnote

The Reg's take on how a hack on Prince Philip's Prestel account led to UK computer law - featuring interviews with Schifreen, former Detective Inspector ‪John Austen, a senior investigating officer in the case, and Alistair Kelman‬, Gold's barrister throughout the case - can be found here.

Similar topics

Broader topics

Narrower topics


Other stories you might like

  • World Economic Forum wants a global map of online crime
    Will cyber crimes shrug off Atlas Initiative? Objectively, yes

    RSA Conference An ambitious project spearheaded by the World Economic Forum (WEF) is working to develop a map of the cybercrime ecosystem using open source information.

    The Atlas initiative, whose contributors include Fortinet and Microsoft and other private-sector firms, involves mapping the relationships between criminal groups and their infrastructure with the end goal of helping both industry and the public sector — law enforcement and government agencies — disrupt these nefarious ecosystems.  

    This kind of visibility into the connections between the gang members can help security researchers identify vulnerabilities in the criminals' supply chain to develop better mitigation strategies and security controls for their customers. 

    Continue reading
  • Cops' Killer Bee stings credential-stealing scammer
    Fraudster and two alleged accomplices nabbed in joint op

    An Interpol-led operation code-named Killer Bee has led to the arrest and conviction of a Nigerian man who was said to have used a remote access trojan (RAT) to reroute financial transactions and steal corporate credentials. Two suspected accomplices were also nabbed.

    The trio, aged between 31 and 38, were detained as part of a sting operation involving law enforcement agencies across 11 countries: Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Nigeria, Philippines, Singapore, Thailand, and Vietnam. 

    The suspects were arrested in the Lagos suburb of Ajegunle and in Benin City, Nigeria. At the time of their arrests, all three men were in possession of fake documents, including fraudulent invoices and forged official letters, it is claimed.

    Continue reading
  • Cloud services proving handy for cybercriminals, SANS Institute warns
    Flying horses, gonna pwn me away...

    RSA Conference Living off the land is so 2021. These days, cybercriminals are living off the cloud, according to Katie Nickels, director of intelligence for Red Canary and a SANS Certified Instructor.

    "It's not enough to pay attention to the operating systems, the endpoints, said Nickels, speaking on a SANS Institute panel about the most dangerous new attack techniques at RSA Conference. "Adversaries, a lot of their intrusions, are using cloud services of different types."  

    And yes, living off the land (or the cloud), in which intruders use legitimate software and cloud services to deploy malware or spy on corporations and other nefarious activities, isn't a new type of attack, Nickels admitted. "But what's new here is the levels to which using cloud services [for cyberattacks] has risen." 

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Ransomware encrypts files, demands three good deeds to restore data
    Shut up and take ... poor kids to KFC?

    In what is either a creepy, weird spin on Robin Hood or something from a Black Mirror episode, we're told a ransomware gang is encrypting data and then forcing each victim to perform three good deeds before they can download a decryption tool.

    The so-called GoodWill ransomware group, first identified by CloudSEK's threat intel team, doesn't appear to be motivated by money. Instead, it is claimed, they require victims to do things such as donate blankets to homeless people, or take needy kids to Pizza Hut, and then document these activities on social media in photos or videos.

    "As the threat group's name suggests, the operators are allegedly interested in promoting social justice rather than conventional financial reasons," according to a CloudSEK analysis of the gang. 

    Continue reading
  • South Korean and US presidents gang up on North Korea's cyber-offensives
    Less than two weeks into his new gig, Yoon cozies up to Biden as China and DPRK loom

    US president Biden and South Korea's new president Yoon Suk Yeol have pledged further co-operation in many technologies, including joint efforts to combat North Korea.

    While the US agreed to deploy physical weapons and hold military drills if necessary to defend the South against the North, the pair together vowed to "significantly expand cooperation to confront a range of cyber threats from the DPRK, including but not limited to, state-sponsored cyber-attacks."

    This cooperation will include working groups attended by law enforcement and homeland security agencies from both nations.

    Continue reading
  • State of internet crime in Q1 2022: Bot traffic on the rise, and more
    According to this cybersecurity outfit that wants your business, anyway

    The fraud industry, in some respects, grew in the first quarter of the year, with crooks putting more human resources into some attacks while increasingly relying on bots to carry out things like credential stuffing and fake account creation.

    That's according to Arkose Labs, which claimed in its latest State of Fraud and Account Security report that one in four online accounts created in Q1 2022 were fake and used for fraud, scams, and the like.

    The biz, which touts device and network defense software, said it came to this conclusion after analyzing "billions of sessions ... across our global network" during the first three months of the year. These sessions apparently spanned account registrations, logins, and interactions with financial, ecommerce, travel, social media, gaming, and entertainment services. Take all these numbers with a grain of salt as ultimately Arkose wants you to buy its stuff to prevent all this kind of crime.

    Continue reading

Biting the hand that feeds IT © 1998–2022