Sunday, July 28, 2013

BPN 1650: Government becomes hacker

This morning I was on Dutch radio (program OVT of VPRO). Using a radio fragment as flash back in history on the subject of hacking, I was asked to comment. Exactly to date, 27 years ago, on July 28, 1986 two 17 years hacked the Dutch consumer system Viditel.

The two high school boys got into the system and were able to reach travel shops and banks. It was an innocent hack. These days sentences for hacks are high and persons behind Anonymous and Wikileaks are seen and treated as top criminals.

The interview was cut short by the actuality of the death of Barnaby Jack. This US hacker was a good guy, who loved to demonstrate how ATM spit out money at wish without using a card at hackers’ conventions. More recently he got involved in medical devices and and showed how sensitive these were. He was able to hack a pace maker and send 380 Volt through a virtual heart. He worked in computer security for companies like McAfee and IOActive.
Barnaby Jack was only eight years old when the Viditel hack took place in the Netherlands 28 July 1986. Viditel was the first online consumer system which was launched in 1980 on 7 August by the Dutch PTT, copying the British Prestel system. It used a central computer , telephone line, telephone and adapted television set for sending and receiving information.

The Viditelcomputer was a GEC 408 2 with an internal memory of 384Kb and had six disc units of 70Mb, good for 60.000 videotex pages.  The system could serve 192 concurrent users (something a present ISP would be unable to serve his clients with).

In 1986 the Viditelsystem was hacked by two boys, 17 years old. The hack was reasonably simple, no rocket science, no logarythms. You just call up people who have Viditel, tell them that you are representatives of the Dutch PTT and ask them for their access codes and passwords. The trick is still used by people representing themselves as Microsoft representatives who want to help you speeding up your PC.

It was not the first time the Viditel system was being hacked. IN 1983 it had been already hacked from London by Hugo Cornwall, alias Peter Sommer, the author of Hacker’s Handbook published in 1985. Hugo Cornwall visited an exhibition at which Prestel and Viditel were demonstrated. By carefully checking the finger movements of the British Telecom employeer, he was able to figure out the access code and password. Before the end of the day Higo Cornwall had penetrated the Dutch system. In fact it was not too difficult to crack the system, as the operator send on passwords by fax for everyone to be seen.

Hacking in the eighties
Hacking started with getting into the telephone system. One of the persons who did dthis was Susan Headley in 1977. Hacking the telephone system was partly a sport, partly a way to avoid telephone ticks tobe paid. From 1980 onwards computers were the subjects of hacks. An early example was the breaking into a live television broadcast by the BBC about computers, during which a small poem was projected on the screen.

This incident was rather innocent, but by 1984 more tseps wer made. The Hamburg based Computer Chaos Club (CCC) hacked the BTX system, the German counterpart of Prestel and Viditel. The hackers succeeded to enter a bank’s system and put in a routine which generated an access from the bank’s account to a CCC page every three seconds. As the page had been valued on 10 DM the CCC made 134.000 DM (roughly 75.000 euro). The bank had claimed before that the system was absolutely safe to use. The CCC showed that the bank’s BTX system could ruin any customer. The next day after publication the money was returned to the bank.

In the UK Prince Phillip’s e-mail box on Telecom Gold was hacked. The hackers were able to detect the safelty level of the Prince and discovered that the password consisted of the code 1234.

In the Netherlands also computers were being hacked. Jan Jacobs, a free-lance journalist, made contact from his study at home with the Government’s Institute for Health and Environment, RIVM. Jacobs was able to look into confidential medical dossiers of patients and many other data. An amateur hacker had lended the access code and password to the journalist.  

In the same year two Delft students penetrated into the network of the PTT with 14 connected computers. Names of bad paying clients, secret numbers, but also telephone numbers of private people, companies and government institutions became public. The students, encouraged by Bob Herschberg, professor operating systems, did not have bad intentions and only were willing to show the leaks in the system. Soon after this hack the Dutch government started a commission to research cybercriminality.

Criminal hackers
By the end of the eighties things became more serious. Hacking became ambivalent. You had ethical hackers and criminal hackers. It was shown by a group of hackers who accessed computers of the US government and companies for access codes and passwords. Once they had these codes they started to sell them to the Russian KGB. This was seen by Germany and the USA as cybercriminality.

In the late eighties and the beginning of the nineties criminal hacking could not be prevented. Police statements on hacking still were type on old fashioned typing machines. Even now criminal hacking is difficult to prevent as so many parties, choices and mistakes are involved. The Dutch organisation for computing the public transport ticket organisation chose for a low level security. Within no time the system was cracked. Besdies you can secure a system, but theer are always people who will transfer their codes to complete strangers. In order to fight this habit you will have to start an awreness campaign.   

Government as hacker
Hacking computer was a playful business beginning 1980. But with the banking incident in Hamburg in 1984 and the cybers espionage in 1989, hacking was beyond innocence. Hacking was more difficult to discern into ethical and criminal hacking by the day.  And as government is using various information systems, data can be compared and systems linked with each other. As such the systems can be used to spy and check on citizens. Whistle blowers like Assange, Manning and Snowdon have demonstrated that governments are becoming hackers. This will put hacking into another and higher gear of the ethical dimension: criminal and political.

If you speak Dutch, listen to the interview.

No comments: