Approaching Zero by Paul Mungo (best way to read e books .TXT) 📕

PCs that were increasingly user-friendly,

thus allowing even the least technically-minded access to computing power.

 

Also among the group in the Chinese restaurant that night was a twenty-year-old

hacker known as Triludan the Warrior, a close friend of Steve Gold’s. Triludan

had discovered Prestel, a data and information service established by British

Telecom (the successor to the GPO) in the early 1980S that contained thousands

of pages of news on finance, business, travel, and sport as well as company

reports. The information, updated regularly, was often supplied by outside

contractors including publishing houses and newspapers. The pages were read

like an electronic news bulletin on the subscriber’s computer screen and were

accessed with the help of the system’s first page, which indexed the

information available. Prestel was also supposed to provide other services,

such as on-line telephone directories and home shopping, but there was never

sufficient demand.

 

A Prestel subscriber dialed into the service via a normal phone line connected

to his PC by a modem. At Prestel, another modem linked the PC to the system’s

own computer. This arrangement allowed the user to manipulate Prestel’s

computer from his home.

 

Like all public-access computer systems, Prestel required users to key in their

ID (sometimes called a log-in or a user-name) and their password. These are

personal and known only to the individual subscribers. On Prestel, the ID was a

ten-character string of letters and numbers, and the password was a

four-character string. Prestel also provided subscribers with their own “electronic mailboxes,” or MBXs, in which messages from other subscribers could be

received. The system also included an index of all subscribers and their MBX

addresses, so users could communicate with each other.

 

Triludan’s penetration of the Prestel system was a lucky fluke. In February

1984 he had dialed up Prestel from his home computer at 2:30 A.M. For no

obvious reason, he entered ten 2’S. To his surprise, a message came back

saying, CORRECT. He assumed that if the ID was that simple, then the

four-character password must be equally obvious. He tried 1234, and WELCOME TO

THE PRESTEL TEST came up on the screen. So this is hacking, he thought to

himself.

 

The service Triludan had accessed was only the test system, set up for Prestel

engineers to verify that their computers were operating correctly. Prestel

subscribers dialed into any one of ten mainframes scattered around the country;

the test system was confined to four other computers that simply monitored the

mainframes, and because they were isolated from the actual Prestel service, it

afforded few opportunities for exploration. Nonetheless, Triludan continued to

access the test system once a week to see if he could make any progress. One

day in October 1984 he dialed up as usual and found an ID and password on the

front page, just below the WELCOME TO THE PRESTEL TEST message. He then

redialed the test service and entered the new ID. It turned out to be that of

the system manager.

 

Hacking, Triludan decided, was stumbling across other people’s mistakes.

 

The ID and password had been listed on the front page for the convenience of

Prestel’s engineers, who would need to know them to roam through the system.

The test service, after all, was itself supposedly secured by a ten-digit ID

and a four-digit password. Prestel had no idea that the test service’s security

had already been blown. Now it was doubly blown, because the system manager’s

codes would allow Triludan to explore anywhere he wanted throughout the entire

Prestel network.

 

The system manager, or “sysman,” is the person in control of a computer

installation. Like the manager of a large building who has keys to all the

offices and knows the combinations to all of the secure areas, he has the keys-

-IDs and passwords—to all areas of his system: he controls and changes on-line

data, updates indexes, assigns mailboxes, and oversees security. With his

system-manager status, Triludan the Warrior had become king of Prestel. He

could do anything: he could run up bills for any of the 50,000 subscribers,

tamper with information, delete files, and read anything in the mailboxes.

 

When Triludan told the rest of the group at the meeting that he had captured

sysman status on Prestel, they were amazed. In 1984 British hacking was still

in its infancy; though American techniques were slowly spreading across the

ocean, English hackers, unlike their American counterparts, had never managed

to pull off any of the spectacular stunts that attracted press and publicity.

Their access to Prestel seemed like the ideal opportunity to put British

hacking on the map. They discussed plans and schemes: they knew well that with

sysman status they could easily cripple the system. But none of them was

malicious. Pranks were harder to pull, and they seemed more fun.

 

Accordingly they broke into the mailbox of His Royal Highness, Prince Philip,

and were rewarded by seeing the message GOOD EVENING. HRH DUKE OF EDINBURGH

come up on the computer screen. They left a message for the real sysman, in his

mailbox, saying, I DO SO ENJOY PUZZLES AND GAMES. TA. TA. PIP! PIP! HRH ROYAL

HACKER. Then they modified the foreign-exchange page on Prestel, provided by

the Financial Times, so that for a few hours on the second of November the

pound-to-dollar exchange rate was a glorious fifty dollars to the pound.

 

Triludan himself capped all the tricks: when subscribers dial into Prestel,

they immediately see page one, which indexes all other services. Only the

system manager can alter or update listings on this page, but Triludan,

exploiting his sysman status, made a modest change and altered the word Index

to read Idnex. Though it was perfectly harmless, the change was enough to

signal to Prestel that its security had been breached. The other pranks had

been worrisome, but altering the first page was tantamount to telling Prestel

that its entire system was insecure. The company reacted quickly. It notified

all its customers to change their passwords immediately, and then altered the

sysman codes, thus stopping Triludan and his friends from tampering with the

system again.

 

Six months later Triludan was arrested. Though he had lost sysman status, he

had continued hacking the system, using other four-digit combinations. He even

continued to leave messages for the system manager, just to prove that he could

still gain access, and his games had badly embarrassed Prestel and its owner,

British Telecom. The revelation that hackers had penetrated the Prestel system

and broken into Prince Philip’s mailbox had proved irresistible to the British

press, which had cheerfully hyped the story into page-one news. The royal

connection ensured that the item got international coverage, most of it

implying that hackers had breached royal security systems and read Prince

Philip’s private and confidential electronic mail.

 

To catch their hacker, Prestel put monitors on the incoming lines. These

filtered all calls to the system, looking for unusual activity such as users

trying different passwords or repeatedly failing to key in correct IDs. After

watching the lines for a month, the authorities were convinced that they had two

intruders, not one. The first was calling from London; the second appeared to

be dialing in from Sheffield. British Telecom traced the two callers and put

supplementary monitors on their home lines.

 

Despite the fact that the company had evidence from the messages to the system

manager that Triludan was still breaking into the system, they needed hard

evidence, so they continued monitoring the lines in London and Sheffield,

carefully noting the times the two callers dialed into Prestel. Finally they

decided to mount simultaneous raids.

 

On April 10, 1985, a posse of three British Telecom investigators and four

policemen raided the north London address. Just after ten P.M. the police

knocked on the door, which was opened by a young man who was six feet four

inches tall with thick black hair. His name was Robert Schifreen, and yes, he

was Triludan the Warrior—as well as Hex and Hexmaniac, two other hacker

aliases that had appeared on Prestel. He was arrested and his equipment

confiscated. The police were civil and polite, and they allowed the suspect to

bring his bottle of antihistamine tablets with him. Its brand name was

Triludan.

 

Schifreen was taken to Holborn police station to spend the night in the cells.

He was charged and released on bail the next day.

 

At the same time Schifreen was arrested, another raid was taking place in

Sheffield at the home of Schifreen’s friend and companion, Steve Gold. Gold had

also continued to hack Prestel. Along with Schifreen, he had been the most

excited by the chance to play with the system. Gold remembers the knock on his

door as coming at eight minutes past ten P.M. When he answered, he found three

policemen and three British Telecom investigators, who read him his rights and

promptly took him down to the local police station, where he spent an

uncomfortable night. At nine the next morning he was driven down to London to

be charged.

 

Because there were no laws in Britain addressing computer hacking at the time,

the two were charged with forgery—specifically, forging passwords. Five

specimen charges were listed in the

warrant for Schifreen, four for Gold. The charges involved a total loss of

about $20 to the Prestel users whose IDs had been hacked. What became known as

the Gold and Schifreen case was Britain’s first attempt to prosecute for

computer hacking.

 

The case was tried before a jury some twelve months later. At the beginning of

the trial the judge told counsel: “This isn’t murder, but it’s a very important

case. It will set a very important precedent.” After nine days the two were

found guilty. Schifreen was fined about $1,500, Gold about $1,200; they had to

pay the court almost $2,000 each for costs.

 

The duo appealed the verdict, and after another twelve months the case was

heard in Britain’s highest court of appeal by the Lord Chief Justice, Lord

Lane, who ruled that copying an electronic password was not covered by the

Forgery Act, and overturned the jury’s verdict. The prosecution appealed that

decision, and after another twelve-month delay, the House of Lords—which

carries out many of the functions of America’s Supreme Court—upheld Lord

Lane’s decision. Gold and Schifreen were acquitted.

 

Since then, Gold and Schifreen have both gone on to respectable careers in

computer journalism. And from time to time they still meet in Chinese

restaurants, though neither continues to hack.

 

But their case, which cost the British taxpayers about $3.5 million, gave a

misleading signal to the country’s hackers and phreakers. Because Gold and

Schifreen had admitted hacking while denying forgery, it was assumed that the

courts had decided that hacking itself was not against the law.

 

That’s certainly what Nick Whiteley believed.

 

Briefly, in 1990, Nick Whiteley was the most famous hacker in Britain. A quiet,

unremarkable young man with a pedestrian job at a chemical supplies company, by

night he became the Mad Hacker and roamed through computer systems nationwide.

To the alarm of the authorities, he was believed to have broken into computers

at the Ministry of Defense and MI5, Britain’s counterintelligence security

service. More troublesome still, there were messages sent by the Mad Hacker

that strongly suggested he had evidence that some type of “surveillance” had

been carried out against the opposition Labor party, the Campaign for Nuclear

Disarmament (CND), and even the British Cabinet. It was unclear who was

supposed to be carrying out the surveillance, but it was presumed to be MI5.

 

When Nick was arrested in 1988, he was interviewed for up to six hours by

agents he believes were from the Ministry of Defense and MI5. They were

accompanied by an expert from International Computers Limited (ICL), at the

time Britain’s only independent mainframe computer manufacturer