Meet the Sussex man who became first in world charged with computer hacking

Robert Schifreen pictured at his home in Little Common. SUS-170522-154200001
Robert Schifreen pictured at his home in Little Common. SUS-170522-154200001

In 1985 Robert Schifreen became the first man in the world to be charged with computer hacking.

Three decades on, cybercrime has evolved into a global threat he claims is ‘overwhelming’ police.

“It was widespread then but done by nerdy people in sandals rather than criminals,” he said.

“The number of criminals doing it was very small mainly because there was nothing worth hacking into financially. There weren’t the big commercial databases and we weren’t the computer-based, internet-obsessed society we are today.”

Hacking history

Schifreen’s journey into the hacking history books began purely by chance.

Testing a modem as part of his work as a journalist for EMAP, he dialled up BT’s Prestel information service and keyed in a series of random numbers.

To his surprise, ‘2222222222’ and ‘1234’ were the username and password for a Prestel staffer and he could see pages unavailable to the paying public.

Curiosity got the better of him and, working with friend Steve Gold, the duo spent months of dialling up Prestel test computers to see what they could uncover.

Ten months after his initial discovery, Schifreen stumbled across the username and password of the system manager, left on the system like a virtual Post-it note.

The duo now had the power to change any page on the Prestel system and access anyone’s account, including the emails of Prince Philip.

Schifreen, 53, of Bexhill-on-Sea, East Sussex, insisted there was no malice in their work. He said: “Your first thought was ‘let’s have a look around’. ‘Let’s write it down in my little book’, not ‘what could I do with the information’.”

Shock arrest

The hackers alerted Prestel to the discovery and hoped to be rewarded for exposing the security flaws in the system.

Instead, the duo found themselves arrested by Scotland Yard detectives and charged under the Forgery and Counterfeit Act 1981.

But the legislation did not fit the crime. Schifreen explained: “The story I have heard is the prosecution knew that forgery probably wasn’t going to cut it and wouldn’t get a conviction – and they weren’t particularly bothered because what the Government wanted was a law against computer crime which they knew they couldn’t get until there had been a test case proving the law didn’t work.”

Initially convicted, Schifreen and Gold were acquitted on appeal. The prosecution lost its appeal to the House of Lords.

The collapse of the case ultimately paved the way for the Computer Misuse Act, since refined to include modern-day cybercrimes.

Technology advances aid cyber criminals

The legislation is now in place to act as a deterrent to would-be hackers but the rise of the internet and huge array of devices able to connect to the web has opened endless opportunities for criminals.

Even superfast broadband aids wrongdoing, with those in Schifreen’s day stymied by having to wait until after 6pm when dial-up was cheaper.

Schifreen said: “Police are overwhelmed. They are overwhelmed in terms of the number of cases and in terms of technical ability. Most of them haven’t been trained how to examine a computer. It is a very specialised thing.

“The big, high-profile thing is child abuse and pornography. They have got the resources to investigate most of these but if you walk into a police station and say you have had spam or ransomware and they don’t want to know.

“It doesn’t help that the mechanism for reporting things is incredibly confusing. The one-stop shop for reporting cybercrime is Action Fraud – even for things like cyber bullying.”

Schifreen now runs a consultancy firm, Security Smart, offering IT awareness training. He argued human error was a ‘big issue’, from not taking the correct security steps to opening suspect emails.

It is why people like him advocate education as being crucial in the fight against cybercrime.

He said use of home computers, with increasingly high-specifications, was akin to ‘letting six-year-olds drive cars’.

But by following basic steps, including vigilance over spam emails, installing the latest security updates and backing-up data on external hard drives, businesses and individuals can limit their vulnerability.

Top detective challenges ‘overwhelmed’ claim

Sussex Police’s top cyber crime detective has challenged the view police are overwhelmed by cybercrime.

Detective Inspector Robert Walker admitted there was a wider picture police needed to understand more fully in terms of unreported cybercrime – but he did not agree with Robert’s Schifreen’s assessment of their ability to cope.

He said: “It is right that we do all we can to work very hard to provide information to help with prevention of crime but we also go after offenders and that is a key part of what we are here to do. We have had a number of cases that have ended up with successful prosecutions.”

Det Insp walker warned residents they could not assume they would not fall victim to cybercrime.

He pointed to www.getsafeonline.org as a key source for advice.

Strong passwords were among the tips he advocated. He recommended taking a line from a favourite song and creating a password using the first letters of each word to form a random, hard-to crack, code.