Approaching Zero, Paul Mungo [good summer reads TXT] 📗
- Author: Paul Mungo
- Performer: -
Book online «Approaching Zero, Paul Mungo [good summer reads TXT] 📗». Author Paul Mungo
thus allowing even the least technically-minded access to computing power.
Also among the group in the Chinese restaurant that night was a twenty-year-old
hacker known as Triludan the Warrior, a close friend of Steve Gold’s. Triludan
had discovered Prestel, a data and information service established by British
Telecom (the successor to the GPO) in the early 1980S that contained thousands
of pages of news on finance, business, travel, and sport as well as company
reports. The information, updated regularly, was often supplied by outside
contractors including publishing houses and newspapers. The pages were read
like an electronic news bulletin on the subscriber’s computer screen and were
accessed with the help of the system’s first page, which indexed the
information available. Prestel was also supposed to provide other services,
such as on-line telephone directories and home shopping, but there was never
sufficient demand.
A Prestel subscriber dialed into the service via a normal phone line connected
to his PC by a modem. At Prestel, another modem linked the PC to the system’s
own computer. This arrangement allowed the user to manipulate Prestel’s
computer from his home.
Like all public-access computer systems, Prestel required users to key in their
ID (sometimes called a log-in or a user-name) and their password. These are
personal and known only to the individual subscribers. On Prestel, the ID was a
ten-character string of letters and numbers, and the password was a
four-character string. Prestel also provided subscribers with their own “electronic mailboxes,” or MBXs, in which messages from other subscribers could be
received. The system also included an index of all subscribers and their MBX
addresses, so users could communicate with each other.
Triludan’s penetration of the Prestel system was a lucky fluke. In February
1984 he had dialed up Prestel from his home computer at 2:30 A.M. For no
obvious reason, he entered ten 2’S. To his surprise, a message came back
saying, CORRECT. He assumed that if the ID was that simple, then the
four-character password must be equally obvious. He tried 1234, and WELCOME TO
THE PRESTEL TEST came up on the screen. So this is hacking, he thought to
himself.
The service Triludan had accessed was only the test system, set up for Prestel
engineers to verify that their computers were operating correctly. Prestel
subscribers dialed into any one of ten mainframes scattered around the country;
the test system was confined to four other computers that simply monitored the
mainframes, and because they were isolated from the actual Prestel service, it
afforded few opportunities for exploration. Nonetheless, Triludan continued to
access the test system once a week to see if he could make any progress. One
day in October 1984 he dialed up as usual and found an ID and password on the
front page, just below the WELCOME TO THE PRESTEL TEST message. He then
redialed the test service and entered the new ID. It turned out to be that of
the system manager.
Hacking, Triludan decided, was stumbling across other people’s mistakes.
The ID and password had been listed on the front page for the convenience of
Prestel’s engineers, who would need to know them to roam through the system.
The test service, after all, was itself supposedly secured by a ten-digit ID
and a four-digit password. Prestel had no idea that the test service’s security
had already been blown. Now it was doubly blown, because the system manager’s
codes would allow Triludan to explore anywhere he wanted throughout the entire
Prestel network.
The system manager, or “sysman,” is the person in control of a computer
installation. Like the manager of a large building who has keys to all the
offices and knows the combinations to all of the secure areas, he has the keys-
-IDs and passwords—to all areas of his system: he controls and changes on-line
data, updates indexes, assigns mailboxes, and oversees security. With his
system-manager status, Triludan the Warrior had become king of Prestel. He
could do anything: he could run up bills for any of the 50,000 subscribers,
tamper with information, delete files, and read anything in the mailboxes.
When Triludan told the rest of the group at the meeting that he had captured
sysman status on Prestel, they were amazed. In 1984 British hacking was still
in its infancy; though American techniques were slowly spreading across the
ocean, English hackers, unlike their American counterparts, had never managed
to pull off any of the spectacular stunts that attracted press and publicity.
Their access to Prestel seemed like the ideal opportunity to put British
hacking on the map. They discussed plans and schemes: they knew well that with
sysman status they could easily cripple the system. But none of them was
malicious. Pranks were harder to pull, and they seemed more fun.
Accordingly they broke into the mailbox of His Royal Highness, Prince Philip,
and were rewarded by seeing the message GOOD EVENING. HRH DUKE OF EDINBURGH
come up on the computer screen. They left a message for the real sysman, in his
mailbox, saying, I DO SO ENJOY PUZZLES AND GAMES. TA. TA. PIP! PIP! HRH ROYAL
HACKER. Then they modified the foreign-exchange page on Prestel, provided by
the Financial Times, so that for a few hours on the second of November the
pound-to-dollar exchange rate was a glorious fifty dollars to the pound.
Triludan himself capped all the tricks: when subscribers dial into Prestel,
they immediately see page one, which indexes all other services. Only the
system manager can alter or update listings on this page, but Triludan,
exploiting his sysman status, made a modest change and altered the word Index
to read Idnex. Though it was perfectly harmless, the change was enough to
signal to Prestel that its security had been breached. The other pranks had
been worrisome, but altering the first page was tantamount to telling Prestel
that its entire system was insecure. The company reacted quickly. It notified
all its customers to change their passwords immediately, and then altered the
sysman codes, thus stopping Triludan and his friends from tampering with the
system again.
Six months later Triludan was arrested. Though he had lost sysman status, he
had continued hacking the system, using other four-digit combinations. He even
continued to leave messages for the system manager, just to prove that he could
still gain access, and his games had badly embarrassed Prestel and its owner,
British Telecom. The revelation that hackers had penetrated the Prestel system
and broken into Prince Philip’s mailbox had proved irresistible to the British
press, which had cheerfully hyped the story into page-one news. The royal
connection ensured that the item got international coverage, most of it
implying that hackers had breached royal security systems and read Prince
Philip’s private and confidential electronic mail.
To catch their hacker, Prestel put monitors on the incoming lines. These
filtered all calls to the system, looking for unusual activity such as users
trying different passwords or repeatedly failing to key in correct IDs. After
watching the lines for a month, the authorities were convinced that they had two
intruders, not one. The first was calling from London; the second appeared to
be dialing in from Sheffield. British Telecom traced the two callers and put
supplementary monitors on their home lines.
Despite the fact that the company had evidence from the messages to the system
manager that Triludan was still breaking into the system, they needed hard
evidence, so they continued monitoring the lines in London and Sheffield,
carefully noting the times the two callers dialed into Prestel. Finally they
decided to mount simultaneous raids.
On April 10, 1985, a posse of three British Telecom investigators and four
policemen raided the north London address. Just after ten P.M. the police
knocked on the door, which was opened by a young man who was six feet four
inches tall with thick black hair. His name was Robert Schifreen, and yes, he
was Triludan the Warrior—as well as Hex and Hexmaniac, two other hacker
aliases that had appeared on Prestel. He was arrested and his equipment
confiscated. The police were civil and polite, and they allowed the suspect to
bring his bottle of antihistamine tablets with him. Its brand name was
Triludan.
Schifreen was taken to Holborn police station to spend the night in the cells.
He was charged and released on bail the next day.
At the same time Schifreen was arrested, another raid was taking place in
Sheffield at the home of Schifreen’s friend and companion, Steve Gold. Gold had
also continued to hack Prestel. Along with Schifreen, he had been the most
excited by the chance to play with the system. Gold remembers the knock on his
door as coming at eight minutes past ten P.M. When he answered, he found three
policemen and three British Telecom investigators, who read him his rights and
promptly took him down to the local police station, where he spent an
uncomfortable night. At nine the next morning he was driven down to London to
be charged.
Because there were no laws in Britain addressing computer hacking at the time,
the two were charged with forgery—specifically, forging passwords. Five
specimen charges were listed in the
warrant for Schifreen, four for Gold. The charges involved a total loss of
about $20 to the Prestel users whose IDs had been hacked. What became known as
the Gold and Schifreen case was Britain’s first attempt to prosecute for
computer hacking.
The case was tried before a jury some twelve months later. At the beginning of
the trial the judge told counsel: “This isn’t murder, but it’s a very important
case. It will set a very important precedent.” After nine days the two were
found guilty. Schifreen was fined about $1,500, Gold about $1,200; they had to
pay the court almost $2,000 each for costs.
The duo appealed the verdict, and after another twelve months the case was
heard in Britain’s highest court of appeal by the Lord Chief Justice, Lord
Lane, who ruled that copying an electronic password was not covered by the
Forgery Act, and overturned the jury’s verdict. The prosecution appealed that
decision, and after another twelve-month delay, the House of Lords—which
carries out many of the functions of America’s Supreme Court—upheld Lord
Lane’s decision. Gold and Schifreen were acquitted.
Since then, Gold and Schifreen have both gone on to respectable careers in
computer journalism. And from time to time they still meet in Chinese
restaurants, though neither continues to hack.
But their case, which cost the British taxpayers about $3.5 million, gave a
misleading signal to the country’s hackers and phreakers. Because Gold and
Schifreen had admitted hacking while denying forgery, it was assumed that the
courts had decided that hacking itself was not against the law.
That’s certainly what Nick Whiteley believed.
Briefly, in 1990, Nick Whiteley was the most famous hacker in Britain. A quiet,
unremarkable young man with a pedestrian job at a chemical supplies company, by
night he became the Mad Hacker and roamed through computer systems nationwide.
To the alarm of the authorities, he was believed to have broken into computers
at the Ministry of Defense and MI5, Britain’s counterintelligence security
service. More troublesome still, there were messages sent by the Mad Hacker
that strongly suggested he had evidence that some type of “surveillance” had
been carried out against the opposition Labor party, the Campaign for Nuclear
Disarmament (CND), and even the British Cabinet. It was unclear who was
supposed to be carrying out the surveillance, but it was presumed to be MI5.
When Nick was arrested in 1988, he was interviewed for up to six hours by
agents he believes were from the Ministry of Defense and MI5. They were
accompanied by an expert from International Computers Limited (ICL), at the
time Britain’s only independent mainframe computer manufacturer
Comments (0)