Aside from maintenance, advice and both hardware and software installation, computer security is one of the most important long-term IT support roles and it is essential to work closely with a partner organisation to ensure that your data is kept safe and secure.
In the 2020s, most businesses are well aware of the consequences of lax data security, both in terms of business disruption and in terms of financial penalties, some of which can cost a company millions of pounds depending on the nature of the offence.
However, viruses, data breaches and malware have existed for decades before laws such as the Computer Misuse Act 1990 made them far easier to prosecute, and the rise of the personal computer thanks to Windows 95 and 98 increased the stakes and the dangers for users.
Before this, there was one major incident that highlighted, either by accident or by design, the importance of protecting computers and being responsible programmers, advisors and journalists.
Security In The Pre-Internet Age
The Computer Misuse Act 1990 was enacted into law partly due to the increasingly widespread use of computers and the very early Internet, but also because of the unusual and highly publicised breach of a very early email and personal messaging service.
Prestel was the Post Office implementation of the videotex information system that allowed information to be sent and broadcast on television systems.
Whilst it took many forms, most notably a very early form of online shopping, the most relevant service available through Prestel with regards to computer security was Telecom Gold, a very early messaging and email service that was home to one of the first online communities in the UK.
What was notable about it is that it used an account system with usernames and passwords, and some of the earliest users included heads of state and members of the Royal Family.
Unfortunately, it had a huge vulnerability, one that allegedly was found by accident by two computer hackers.
The Great Prestel Hack
Steven Gold and Robert Schifreen, both relatively young computer hackers in a young industry, were using a modem to scan random phone numbers in a crude form of hacker attack known as war dialling.
Mr Schifreen, quite by accident, managed to log into Prestel, and by an even more unfortunate coincidence, managed to log into account “2222222222” with the password “1234”.
This turned out to be a test and debug account, and whilst it did not by itself have access to any administration privileges, dialling a number revealed on one of its pages revealed a phone number which revealed the password for the system manager.
Even more unfortunately, the test system used live data, which included live passwords, allowing them to get administrative high-level access to the whole Prestel system.
They reported this claim repeatedly, only for owners and managers ofPrestel, British Telecom, to ignore the claims, despite growing evidence of their veracity.
What ultimately caused them to act was Mr Schifreen’s claim to have accessed Prince Philip’s private messages and altered the main login page. Ultimately they called Scotland Yard and the pair were arrested.
Under what charges they could be prosecuted became a matter for the courts.
No Crime To Commit
The case of R v Gold and Schifreen was the first case brought against a computer hacker, but the problem was that there was no actual law preventing computer misuse, hacking, unauthorised data access or other cyber-crimes.
This meant that the charge was forgery, brought under the Forgery and Counterfeiting Act 1981, but the problem with that is that said law was designed for forgery that deceived a human being. Breaking into a computer security system did not seem to really count.
The facts of the case were freely admitted to, but the crime did not seem to fit these actions. However, Mr Schifreen and Mr Gold were convicted in 1986 of “uttering a forgery”, despite no proof of material gain.
Following a swift appeal, the Court of Appeal overturned the conviction, arguing that the charge did not fit the facts of the case despite attempts at legal linguistic gymnastics to do so.
This led to a final, controversial, appeal to the House of Lords, one that was swiftly denied in 1988, two years after the initial charges were brought.
The Law Lords pointed out that forgery was an inappropriate charge as the computer had “forged itself” under the language of the 1981 Act.
This acquittal led to the development of the Computer Misuse Act 1990 and a much greater awareness of computer security that shaped the development of IT systems and online commerce.