[ Pobierz całość w formacie PDF ]
.Since they had between them some freelanceexperience of editing on Prestel, they knew that all Prestel specialfeatures pages are in the *9nn# range: 910 for editing; 920 to changepersonal passwords; 930 for mailbox messages and so.what wouldpages 940, 950, 960 and so on do? It became obvious that these pageswould reveal details of users together with account numbers(systelnos), passwords and personal passwords.There were facilitiesto register and deregister users.However, all this was taking place on a non-public computer.Wouldthe same passwords on a 'live' Prestel machine give the samebenefits? Amazingly enough, the passwords gave access to everycomputer on the Prestel network.It was now time to examine the userregistration details of real users as opposed to the BT employees whowere on the development machine.The hackers were able to assume anypersonality they wished and could thus enter any Closed User Group,simply by picking the right name.Among the CUG services they swoopedinto were high-priced ones providing investment advice for clients ofthe stockbroker Hoare Govett and commentary on international currencymarkets supplied by correspondents of the Financial Times.They werealso able to penetrate Homelink, the telebanking service run by theNottingham Building Society.They were not able to divert sums ofmoney, however, as Homelink uses a series of security checks whichare independent of the Prestel system.Another benefit of being able to become whom they wished was theability to read Prestel Mailboxes, both messages in transit that hadnot yet been picked up by the intended recipient and those that hadbeen stored on the system once they had been read.Among theMailboxes read was the one belonging to Prince Philip.Later, with anewspaper reporter as witness, one hacker sent a Mailbox, allegedlyfile:///E|/Books/Hackers Handbook.htm (89 of 133) [11/28/2000 5:58:50 AM]Hacker's Handbookfrom Prince Philip to the Prestel System Manager:I do so enjoy puzzles and games.Ta ta.Pip! Pip!H R H HackerNewspaper reports also claimed that the hackers were able to gainediting passwords belonging to IPs, enabling them to alter pages andindeed the Daily Mail of November 2nd carried a photograph of aPrestel page from the Financial Times International Financial Alertsaying:** Page 93FT NEWSFLASH!!! S
1 EQUALS $50The FT maintained that, whatever might theoretically have beenpossible, in fact they had no record of their pages actually being soaltered and hazarded the suggestion that the hacker, having brokeninto their CUG and accessed the page, had 'fetched it back' onto hisown micro and then edited there, long enough for the Mail'sphotographer to snap it for his paper, but without actuallyretransmitting the false page back to Prestel.As with so many otherhacking incidents, the full truth will never be known because no oneinvolved has any interest in its being told.However, it is beyond doubt that the incident was regarded with theutmost seriousness by Prestel itself.They were convinced of theextent of the breach when asked to view page 1, the main index page,which bore the deliberate mis-spelling: Idnex.Such a changetheoretically could only have been made by a Prestel employee withthe highest internal security clearance.Within 30 minutes, thesystem manager password had been changed on all computers, public andresearch.All 50,000 Prestel users signing on immediately afterNovember 2nd were told to change their personal password withoutdelay on every computer to which they were registered.And every IPreceived, by Special Delivery, a complete set of new user and editingpasswords.Three weeks after the story broke, the Daily Mail thought it hadfound yet another Prestel hack and ran the following page 1 headline:'Royal codebuster spies in new raid on Prestel', a wondrouscollection of headline writer's buzzwords to capture the attention ofthe sleepy reader.This time an Information Provider was claimingthat, even after new passwords had been distributed, further securitybreaches had occurred and that there was a 'mole' within Prestelitself [ Pobierz całość w formacie PDF ]