How a hack on Prince Philip's Prestel account led to UK computer law

Thatcher, Buckingham Palace & BT left red-faced by historic techno romp

Forging ahead

‪Kelman‬ concluded that a case showed that a new law – which arrived in the form of the Computer Misuse Act – was needed, even though cases involving computer crime had gone through the UK courts prior to the Prestel hacking case. One earlier case involved the alleged misuse of time-sharing systems.

"The Prestel case involved curious journalists who told BT about what they had done," according to ‪Kelman‬, who continued that the case and even the subsequent Computer Misuse Act might have gone down differently if profit-motivated cyber-criminals had come across the same hole.

Schifreen added: "The prosecution case was that typing someone's password into a computer in order that the computer can check whether it's correct or not, is the same as writing their signature on a cheque. The Lords decided that there's a difference between a short, transient episode and something more permanent, and threw it out. Or rather, the High Court threw it out, then the prosecution went to the Lords, who threw it out again. I always like to say that Steve and I won 2-1 on aggregate."

The case exposed gaps in the law and led to the introduction of the 1990 Computer Misuse Act, the UK's first computer hacking law. "It is a precedent in English criminal law that new laws will not be considered unless existing law is shown to be inadequate," Austen explained. "We tested forgery for hacking cases and it failed – a new law was required – as agreed by both the English and Scottish law commissions (post the House of Lords ruling)."

Austen doesn't think that the case would have been handled differently even if profit-motivated cybercriminals rather than well-intentioned individuals had hacked in Prestel's systems.

"At that time, hacking was fairly prevalent – and some books had been published (The Hackers Handbook) that encouraged this practice," according to Austen. "The early hacking cases, in general, did not involve any sort of profit. But having said that, we could forsee that it would in the future (hence Section 2 of the Computer Misuse Act), and that turned out to be the case."

The Computer Misuse Act, criticised by some, nonetheless became a model for later computer crime laws in other countries. The Act was later modified so that denial of service attacks were specifically outlawed. The maximum jail term for breaching the Act changed from six months to two years under provisions made in the Police and Justice Act 2006, which also made making, supplying or obtaining articles for use in computer misuse offences in themselves. ®

How the Prestel Viewdata system worked

A Viewdata system resembles an old Teletext or Ceefax page. Each page is 40x24 characters, and can support some block graphics; Mode 7, in BBC Micro terminology. It is based on a hierarchy of pages, each with a unique page number of up to 9 digits. The hierarchy is important because that's how the database and the permissions work. For example, if you have permission to see or edit page 1234, you can also see/edit 12345 and 12346 and 123477289, but not page 1232.

Each page has 10 built-in single-digit hyperlinks, assigned to the digits 0 to 9. And the editor of the page can set those links to go to anywhere they want. So when you're editing a page on Micronet 800 (which starts on page 800), which comprises a news story that's on page 8001234, you might set link 0 to go to 800 (the home page), link 1 to go to 8001 (the news home page, perhaps), and link 2 to 8001235 (the next story). Users access the link by simply pressing the corresponding digit on their keypad (remember that you can navigate all of a Viewdata system without needing an alpha keyboard).

The other keys on the keypad are * and #. To go directly to a page, if you know its number, type *pagenumber#. Such as *800# for the Micronet homepage. Pretty much all Information Providers (publishers on Prestel, known as IPs) had 3-digit root pages. Unless you were a sub-IP, in which case you were allocated a chunk of someone else's space, so you might start at 8002 or 800456. You could then edit any pages below that.

Internal Prestel pages often had 2-digit numbers. The most notorious and mysterious was page 99, which was alleged to be the sysadmin menu. When Steve and I first attained root access to Prestel, that's the first page we tried. And it worked!

Interestingly, if you tried to go to a page on Prestel and you couldn't reach it for some reason, you'd get a standard "Page not found" error at the bottom of the screen. But depending on whether the message started right at the far left of the screen, or 1 character in, you would know whether the page really didn't exist or whether you merely weren't allowed to see it. So it was easy to work out where the "fun" pages were hidden!!

Finally, each page could have up to 26 sub-pages. So page 1234 could actually have 1234a to 1234z. They were known as frames, I think. This was mainly designed for hosting software downloads (known as telesoftware). A downloadable program had to fit on 26 frames, and each frame was 40x24 characters. So around 24 KB per program.

Oh, and it was all on dial-up of course. At 1200/75, ie 1200 bps download and 75 bps upload. Which was plenty. Especially as you could press a link on a page before that page had finished loading.

Robert Schifreen

Bootnote

1 Prince Philip's mailbox mostly contained birthday greetings to Princess Diana from random members of the public. There was no sign of any actual royal usage of the account, we're reliably informed. Even though he wasn't affected personally, nevertheless "Prince Philip himself delivered a blistering laser-beam of disapproval from Buck House" towards BT.

Source: Photo of Prince Philip.

Sponsored: Beyond the Data Frontier




Biting the hand that feeds IT © 1998–2019