HACKGATE DAY 199: HOW THE AUTHORITIES WERE WARNED ABOUT HACKING DANGER IN 1999

Steve Nott

Concerned salesman went to Mirror….but Piers Morgan’s paper behaved suspiciously, did nothing

___________________________________

Vodafone blithely gave out information about how to hack to anyone who asked, claimed on radio there was ‘no risk’

___________________________________

How Steve Nott’s account suggests that TV news media might also have used hacking

___________________________________

Has he unearthed a broader security conspiracy?

Slog comment threader Steve Nott has revealed how he went to the police, the newspapers and other key institutions in 1999. He devoted a year thereafter to warning anyone who’d listen about how easy it was to hack a mobile phone. The cynicism of the tabloids in the way they handled his campaign is exactly what you’d expect….and Morgan’s Mirror was the worst of the lot. It was not until July 18th this year that Operation Weeting finally interviewed Mr Nott for three hours. He is to be called by the Leveson Inquiry.

In late 1998, salesman Steve Nott lost his mobile phone network coverage, and rang Vodafone from a service station – to ask how he could access his message. Vodafone told him exactly how – without making any checks – and helpfully added that Steve could use this to get into anyone’s mobile at any time. Says Nott:

I was gobsmacked that it was so easy to be able to do this, and spent the next couple of months having fun and games with my mates phones, work colleagues phones and so on. I realised that this issue of easily being able to intercept voicemail, change welcome greetings, delete messages and change the voicemail PIN was too serious to play about with and decided to make some noise about the risks to National Security I’d stumbled across.”

The response wherever he went was an unhelpful yawn. “I called Vodafone and told them of my worry. They weren’t helpful. I called them on various occasions explaining my concerns and still no joy.” In fact, the situation was serious because none of Vodafone’s handbooks told phone users how to protect themselves by using their own secret pin to block unauthorised entry to messages.

Steve in turn got nowhere when he spoke to Orange about it. Imagine that. So he decided that, in this our country with a free press, he’d go to the media about it. His first stop was The Mirror….edited at that time by Piers Morgan. Steve again:

“I was in London and made a phone call to the Daily Mirror and explained to them I had a story. They were very interested and after giving them the instructions to ‘hack’ into the voicemails they said it’s possibly going to be one of the biggest stories that decade and would make front page and couldn’t believe how easy it was to do and the fact that nobody knew about it. They said they were going to try it out for themselves and see how it all works. I called the Daily Mirror a few times and they kept saying they were working on it and to be patient as it was going to be a massive story.  Twelve days went by, still waiting for front page headlines as promised, I rang them up and they said they weren’t interested anymore. I was amazed, one minute, massive news story promises and excitement then ‘nothing’.”

It’s highly probable that Steve had given the Mirror a rather ‘good’ idea. Or it could be that the story (having reached Piers Morgan, as it inevitably would do) was squashed. If it was, then you don’t have to be a genius to work out why: either Morgan was already using the scam….or he’d seen it’s potential.

Then in June 1999, Steve took the story to News International’s head of Consumer Affairs, Paul Crosbie.

” Paul asked me to demonstrate how anyone’s voicemail system was accessed,” says Nott, “and called some colleagues in the office, asked them to not answer the next call so I could call them and show him. Paul Crosbie explained to me that it was a massive story and thanked me for coming to see him and expect the story to be in the paper within 48 hours on the front page. He said I was going to be a public hero because of the risk to National Security which I had brought to the media’s attention. Guess what…..no news story, not a dickie bird. I couldn’t get hold of Paul Crosbie again after the first meeting.”

If the saga had only gone this far, Steven Nott’s well-documented account would be further damning evidence of how both NI and MGN grabbed an idea and used it or nefarious ends. But for me, the real tragedy – the real scandal – in his story is that none of the institutions supposed to protect the citizen gave a monkey’s as Steve’s one man campaign sought to alert someone in authority.

He called the Security Services, who thanked him for the information…and did nothing. He spoke to New Scotland Yard, and also wrote them a detailed letter explaining his findings. The Yard didn’t reply.

He wrote to the DTI, and never received a reply. He then contacted the BBC, who at last showed some interest. Steve was interviewed by Radio 5 Live, the show airing on October 22nd 1999. It was presented by Adam Kirtley. Steve remembers:

“During the programme, Vodafone’s Mike Caldwell said he didn’t know why I was making such a fuss, as it never has and never would cause a problem.”

Then something happened that should set every nose in Fleet Street twitching. Steve Nott continues:

“I also spoke to Chris Choi from ITN and he was very excited about the implications and massive security flaw. I had an ITN newscrew at my house the same day and was filmed in my back garden about the story. Chris Choi said it was going to be breaking headlines. Guess what…..nothing happened. No broadcast, nothing.”

You can read the full, fascinating story of Steven Nott’s fight against disgraceful Establishment apathy (or – see below – something worse) by going to his website Hackergate. This has only been up and running for a few days, but has already attracted great interest. If nothing else, the site contains a host of chaaracters and evidence offering both Sue Akers and Lord Leveson lots of other names to put on the grilling list. Paul Crosbie, I would think, has some explaining to do: likewise Piers Morgan and Chris Choi.

UPDATE 11th January 2012: I have been in communication with Paul Crosbie, and I am satisfied that any malign role on his part is unfortunately exaggerated in this piece – for which I unreservedly apologise. I’m sorry if this retraction appears to have been displayed on P. 56 among the postal bargain ads: perhaps this is something we can all work together to change in the near future.

But returning to the wider issue of the authorities doing nothing, was it just apathy….or something more sinister?

I have blogged for years on the subject of how most ISPs and phonecos are allowed to behave like pirates and avoid legal regulation with any teeth because the police and security services need them. The one big nuisance for our interior security Ministries about Hackgate is that it has made public something they’ve probably been doing with impunity for twenty years or more, going back to the dawn of mobiles.

It seems very odd indeed that for most of those years, the biggest mobile operator in the UK, Vodafone, produced no details about personal security protection in their manuals….and then blatantly tried to downplay the danger on national BBC Radio. Were they asked to leave out these details by more shadowy characters? Was the unwillingness of either tabloid or ITN to run the story as much a case of being warned off by the security services?

Nobody should regard those questions as wild, paranoid conspiracy theory. All the ISPs now have GCHQ monitoring software installed that covers every email written in, and received by, Britain. We know from our unhappy time under the Home Secretaryship of Jacqui Smith that she blithely gave these and more powers to GCHQ – whose demands to monitor the ‘danger’ posed by a tiny minority of militants has given them carte blanche to watch, listen to and transcribe every human contact we have with one another in the UK. We also know that Ms Smith lied to Parliament about having cancelled a ‘test’ programme of monitoring that would’ve cost a staggering £13 billion. The test went on secretly to become the real thing – and the £13 billion was duly spent.

One suspects that this won’t come under Lord Leveson’s remit. But it ought to.


38 thoughts on “HACKGATE DAY 199: HOW THE AUTHORITIES WERE WARNED ABOUT HACKING DANGER IN 1999

  1. L&G – for those who can be bothered (e.g. terrorists with something to hide) there has been a solution at least to the e-mail monitoring for many years. It is called PGP (GNUPG is a nice variant). For reasons I will not go into here I know it works.

    Of course, the free, user friendly web based mail systems we all love and enjoy don’t support it easily – but that is a separate issue.

  2. With this – and yesterdays EOTD comment about the involvement in Common purpose ‘gradutes’ sitting on the enquiry board – one has to wonder how much of a hash up this enquiry may turn out to be.

    Government is showing itself to be dispicable and dishonest throughout its whole remit. Thus one cannot assume that any enquiry established by the government with its nominated inquisitors will come to any conclusions which is likely to establish ‘conspiracy’ but the evidence appears clear that there is and has been collusion across the board to the detriment of the law abiding person. The enquiries are apparantly established to get them off the hook rather than deal with the problem.

    The ex home secretary definitively lying to parliament should be (even amongst the ‘band of crooks’) unacceptable. Yet this has not been exposed as such by the current government who have therefore sanctioned this lying by their ‘silence’ on the matter. They MUST know she blatently lied yet they say and do nothing – which shows collusion.

    It makes me sick ! And thoroughly destroys what little faith I had left in our system of government !

  3. I like your broader security conspiracy theory, it goes a long way to explaining why everyone was doing it, but no one would admit to it.
    Before you’re taken off the air by the security services, I just wanted to say, hiw much I enjoyed your blog these past few momths

  4. Government have the taste for living high on the hog…..
    they need and depend on YOUR MONEY.

    Operor non adepto iratus,adepto vel.

  5. It’s patiently obvious that the major players in IT in agreement with government have placed backdoors for security agencies to monitor what users get up to under the premise of national security, Nothing new here mate !

  6. ……..”revealed how he went to the police, the newspapers and other key institutions…….”
    Unfortunately we now know that these are where one does not go.
    I would suggest that today, it would be more effective to write to the CEO of the phone companies with confirmation by letter from your solicitor and let them do the work.

    http://www.ceoemail.com/

  7. “Thus one cannot assume that any enquiry established by the government with its nominated inquisitors will come to any conclusions which is likely to establish ‘conspiracy’ but the evidence appears clear that there is and has been collusion across the board to the detriment of the law abiding person. The enquiries are apparantly established to get them off the hook rather than deal with the problem.”

    Indeed. And it’s the same with public authorities’ (all of them, local gov’ central gov, various agencies) complaints systems: ostensibly the systems are designed to allow a ‘customer’ to raise a complaint and to see it properly looked into, evidence aduced and logical, rational conclusion reached and acknowledged. However, this is a universal sham: in practice the systems are designed to produce a pre-determined conclusion whilst creating the illusion that a compalint is actually being properly investigated.

    You’ve got to have gone through this yourself to even believe that it could happen. Common methods are: Step 1–acknowledge receipt of the complaint but not its nature; Step 2–make it look as though something is being done; Step 3–start answering questions that were not asked/re-state facts which were not at issue/carefully avoid the actual issue; Step 4–reach a conclusion which has no relevance to the issue raised; Step 5–(when the complainant doesn’t accept the first conclusion/attempt to close the case) stonewall; disregard the obvious issue; maintain the pretense that the issue is being addressed and revert to Step 3; Step 6–revert to Step 4….and repeat.

    The pre-determined outcome is always the same, or rather always designed to produce the same conclusion: nothing was wrong in the first place: it was “Nothing To Do With Me, Gov’—NTDWM,G”. (PS—we need a better acronym than this: any suggestions??)

    It took me years to fully appreciate and realise this; as I said, you’ve got to go through it personally. They’re not there for you/us.

    I’ve got one more option now (on a matter which has been on-going for nigh’ on ten years): the civil Courts. I’ll shortly embark on this journey, not with a sense of conviction that, at last, the truth will out, but as an exercise to test how far the Establishment corruption goes. I might be pleasantly suprised and find that a civil Court judge does not get knobbled (just where was it that you thought your career was going?) and my case gets a fair hearing and just outcome. More likely my expectations will be fullfilled and it will be whitewashed.

    Recently I read somewhere that Westminster is about to grant powers to Councils/general public service bodies to unilaterally classify a complainant as ‘persistent’ (or some such word) and thus be able to disregard said complainant as, effectively, a nuisance. So there we are. Job done. Full circle.

    • This is excellent analysis * * * * *

      When one has the passion for the fight, it may mean going to prison at vast government expense. Just not paying anymore because…..
      The people ask why, and nod while secretly pleased that someone had the guts to do something.
      Only the personal sacrifice of imprisonment generates the publicity and the sympathy.
      Complaining meets only a lot of sops.

      • …..don’t forget to give the judiciary a salty piece of your mind while you’re at it, and you’ll get you’re money’s worth and headlines in the local paper..

    • I too have done the complaining thing. The only way one got anything done was by threats of retribution via politicians, private civil suits, going to the media etc etc. The gargoyle in our UK community I blogged about six years ago is still free, still going broke every 18 months, still ripping money out of bank accounts, and still beating up anyone who grasses him up.
      But not to worry, because our Chief Constable is a leader in cultural diversity.
      Always remember though, that outside pols and coppers, a lot of the judiciary are like Justice Vos, ie, they believe in what’s right – and they don’t take sh*t from anyone, rich, poor, powerful or weedy. It’s chiefly a question of how one gets things to that stage.

      • Well thanks for that last para’ particularly, John—encouraging. I do expect some hidden rocks on the way to getting a civil claim (against a Gov’ ‘agency, albeit one which has recently paid out £6m in damages–taxpayers’ money, you understand) actually accepted into the Court process thing: its in navigating this stage that I may be sunk.

        …but if I can make to the harbour it will be like triples all round in a warm ,friendly pub compared with the voyage so far.

        Cheers

  8. When ( or IF, I could be bumped off by then ) I am asked in the Leveson Inquiry about my thoughts. They won’t be able to stop me. I will ‘bellow’ my answers so loud, they’ll have to hold onto their hats and ipads. My answer will always be.
    “I TRIED TO STOP IT AND I WAS IGNORED – MY COUNTRY WHO I’VE BEEN BROUGHT UP TO TRUST AND BE LOYAL TO, HAS LET ME AND EVERYONE ELSE TOO”

    I

    • If they are taking verbatim notes try also to get pointed questions included and then cross refer to them later so that the removal would be obvious

  9. When ( or IF, I could be bumped off by then ) I am asked in the Leveson Inquiry about my thoughts. They won’t be able to stop me. I will ‘bellow’ my answers so loud, they’ll have to hold onto their hats and ipads. My answer will always be.
    “I TRIED TO STOP IT AND I WAS IGNORED – MY COUNTRY WHO I’VE BEEN BROUGHT UP TO TRUST AND BE LOYAL TO, HAS LET ME DOWN AND EVERYONE ELSE DOWN TOO”

  10. We were a lot more trusting of the establishment in 1999.
    Now you can’t trust them as far as you can throw them, and they are increasingly regarded with utter contempt.
    Full credit to Steven Nott, who deserves all the respect and support for standing up for what is right, and never letting go or being fobbed off.
    Keep up the good work.

  11. The reason for official inactivity all makes sense now. What is mildly surprising is how active they were in 1999, 2 years before they had the rather lame excuse of 911 (let’s not go there but it was remarkable how prepared the US was that it could produce the totalitarian Patriot Act on 912.)

    • Ever get the feeling the Establishment is turning a blind eye to the Mirror and Moron? Maybe he has something on them too.

  12. How terrifying that Steve’s battle to bring this into the public eye since 1999 has been ignored by every UK institution and establishment. As soon as I read the names of all of the ‘apparatchiks’ who are leading this enquiry, I felt despondent, and thought that it would follow the lines of previous enquiries ie. Chilcot, Dr. David Kelly and that the findings and eventual outcome would be the usual whitewash. The public must not accept this any more, Britain is being run like a banana republic and it’s difficult to have any faith in some form of justice being meted out to the main protagonists. Thank goodness for all the so called ‘conspiracy theorists’ and brave websites like this one. Let’s hope we eventually win the day.

  13. Pingback: Rejoyce, rejoyce rejoyce! - Page 11

  14. Funny how a lot of Chinese/Russian hacking occured within a year of chips being shipped to Intel from Chinese factories.According enlightened minds the mathematics at the root of PGP has been superseded,remember the solution for root minus one was solved in the UK in the late 1960s and the security forces via GCHQ used it ,only to be horrified at PGP commercial usage in the late 1970s.The Brit lost out-surprisingly!We have been under cyber attack for years and security services have been complicit and ignorant of it.The best software engineers drained away to American corporations leaving Britain denuded.Meanwhile China’s educated populace realised that they could not only hack computers but make a good living doing so,they worked initially for Koreans who have been susperseded by Russians and mid East oil oligarchs in recent years.A lot of these hackers fly below the radar as they are not “acceptable”to higher education,just as in the UK.
    As before we all need encryption technology for all our communications with painfully difficult backdoors.Funny how the Chinese/Russian hackers seem to have this.

  15. wardy.

    why hasn’t anybody from any party had a pint, sandwich,cup of tea or a general discussion with anyone from the bbc? or don’t they count as a media outlet?

    i trust you have an insider at that great leftist organisation.

    o’d

    • O’D
      It’s a funny old world.
      The Tories see the Beeb as a Communist cell, and Labour thinks the BBC no longer matters, as it was neutralised by their Fuhrer Alistair Campbell during the Iraq War.
      In turn, the Corporation is run by Mark Thompson, “a man who bites arms” as Cooky might have said: a spectacularly spineless prick full of more management-speak quantums than James Murdoch and John Birt put together.
      The sadness is, one good conversation with Nick Robinson could save everyone a lot of time. Robinson is unique in the annals of the Beeb in that Labour thinks he is a closet Thatcherite. Tory conspiracy theorists meanwhile think Bobby ‘knickers’ Peston is a Common Purpose spy specially flown in from Mars.
      Nobody asks Jeremy ‘Y-Fronts’ Paxman what he thinks, as they’re scared he’ll go “Eeeeeez” at them. This can be a terrifying experience.
      I do hope this answers your enquiry.

  16. Oh how he laughed. I would love to tell you what really happened, but as I signed the official secrets act I can only give you a glance of the real world which is devious slimy and corrupt.We had a meeting with all the chiefs of staff plus MOD.Little did we know but also in the huge room were the FBI and the CIA. We demonstrated an algothym that could as you say block the back door. With 10 billion combinations it was impossible to hack.Within one week we were banned from selling it to anyone in the world, or face unlimited prison. One of the team is insane on permanent drugs. One dead, a brilliant Polish guy. It was the yanks who took the devise moderated it and then sold it commercially. Our guys just stood by and let them do it. We are spineless weak and stupid. Long live Brittania.LOL

      • My guess is encryption algorithms. The last thing any security service really wants is an unbreakable code. It is naive to think they can keep one to themselves (I am sure they exist) but it has been rumoured for many years that commercially available options are a total no no.

        It is in fact illegal to use any form of unbreakable encryption, and all encryption keys must be revealed to the authorities if requested.

  17. Pingback: HACKGATE DAY 199: HOW THE AUTHORITIES WERE WARNED ABOUT HACKING DANGER IN 1999 | The Slog « jhnbxtr

  18. Pingback: Balloon Juice » Murdoch’s Media, National Security & “The Innocent Have Nothing to Hide”

  19. Excellent article, and by the time you get to the ITN bit, very thought-provoking, however I must take issue with one point. I’m almost certain that when I first got voicemail on Vodafone sometime back in the 90s, the manual DID come with full instructions on how to remotely access voicemails, together with strong advice and instructions on how to change the PIN from the default 1234.

    So I did so after a week or two, even though I remember chuckling to myself “not that anyone would want to listen to my voicemails anyway”.

    Perhaps they were encouraged to remove those instructions from the manuals a bit later on?

    • Reply to ‘random guy’. Vodafone voicemail Recall Service PIN was set at a default of 3333 and not 1234. I’ve never seen instructions or manuals or even handbooks with any advice to do with voicemail security. Vodafone admitted in a Mail on Sunday article dated May 7th 2000 called ‘Mobile Snooper Scam’ that it not always included the instructions and most had to be requested through customer services. Oftel said it would have to investigate this matter. If you haven’t read the article from that newspaper why don’t you visit my blog where it is visible for all to see at http://www.hackergate.co.uk

  20. Pingback: HACKGATE DAY 202: Can we please focus on the Mirror Group horse – before it bolts too? | The Slog

  21. Pingback: HACKGATE DAY 199: HOW THE AUTHORITIES WERE WARNED ABOUT HACKING DANGER IN 1999 | The Slog « Soreal it Must be True

  22. For a the full story on common purpose check out ukcolumn.org in the UK, and its so called leadership workshops that lead to the suicides of atleast 19 child suicides in Bridgend south wales.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s