40 years ago: the Btx hack celebrates a happy birthday

At night from November 16 to 17, 1984, two members of the "Btx editorial team" of the Chaos Computer Club (CCC) dialed into the new Btx system via the local network of the Deutsche Bundespost using the ID and password of the Hamburger Sparkasse. They started a 31-line Basic program that accessed a CCC provider site for 14 hours. It contained only a strange text: "It takes a remarkable team to push back the Gilb and liberate a nation of 60 million people." For every call to this page, there were 9.97 marks, which theoretically went to the CCC. With this "bank robbery", the CCC suddenly became famous.

The story of the famous Btx hack has a prehistory and a posthistory. Let's start with the aftermath: ten years ago, the Wau-Holland Foundation invited two still-living protagonists of the "bank robbery" to an event at the bcc in Berlin, the venue of many Chaos Computer Congresses. Steffen Wernéry, on the move in the Btx system as control center 23, and Erik Danke, technical manager of the Btx system at the then yellow post office, took part in the program. Both stuck to their very different accounts. Erik Danke claimed that someone must have given the CCC a Btx identifier with the corresponding password, Wernéry explained that an identifier was found during a technically provoked page overflow and the password usd7000 was later determined. At the event, which was meticulously documented by the foundation, a young member of the audience called for the source code to be checked. However, this was lost in the IBM archives at an early stage by the supplier of the system.

Not only the public, but also the Btx operators were surprised by the action, with which the CCC was able to collect a virtual DM 134,634.88. Wau Holland wrote a program for the Olivetti M10 programmable pocket calculator to save himself manual work when operating Btx. The program controlled the cassette recorder motor relay of the calculator to automate the keystrokes:

10 REM Bankraub.ba
20 REM Version 1.00
30 REM (c) 1984 by Wau
40 MOTOR OFF:´Relais f. Geldtaste
100 CLS:PRINT"Bankraub.ba -Wiederanlaufprozedur"
110 INPUT "Geldeingang bisher: ";GELD
120 EIN=52:´Timewert Taste an
130 AUS=169:´Timewert Taste aus
150 CLS:PRINT@0,"DM ";GELD,"ein: ";EIN;" aus: ";AUS;
160 PRINT@90,"a<<<< aus >>>>A"
170 PRINT@130,"e<<<< ein >>>>E"
180 PRINT@170,"Halt mit x "
190 PRINT@210,TIME$:GOTO 1100
200 REM Rautenschleife
210 MOTOR ON:PRINT@40,"EIN":PRINT@60,TIME$:FOR I=1 TO EIN:GOSUB 1000:NEXT I
220 MOTOR OFF:PRINT@40,"AUS":FOR I=1 TO EIN:GOSUB 1000:NEXT I
230 MOTOR ON:PRINT@40,"EIN":FOR I=1 TO EIN:GOSUB 1000:NEXT I
240 MOTOR OFF:PRINT@40,"AUS":FOR I=1 TO AUS:GOSUB 1000:NEXT I
250 GELD=GELD+9.97:PRINT@0,"DM";GELD,"Ein: ";EIN;" Aus: ";AUS;
260 GOTO 200
1000 REM Geschwindigkeit
1010 X$=INKEY$:IF X$="" THEN RETURN
1020 IF X$="a" THEN AUS=AUS-1:RETURN
1030 IF X$="A" THEN AUS=AUS+1:RETURN
1040 IF X$="e" THEN EIN=EIN-1:RETURN
1050 IF X$="E" THEN EIN=EIN+1:RETURN
1060 IF X$<>"x" THEN RETURN
1100 PRINT@170,"Weiter mit x "
1110 MOTOR OFF:PRINT@40,"AUS"
1120 X$=INKEY$:IF X$="x" THEN 1150 ELSE 1120
1150 PRINT@170,"Halt mit x ":GOTO 200

The program controlled a Btx donation page set up by the CCC, through which people could send DM 9.97 to the association to demonstrate the vulnerability. On the night in question, the program clicked 13,504 times, totaling 13,504 × 9.97 DM = 134,634.88 DM.

It is not credible that the Btx operators themselves were surprised by the action, because "control center 23" and "control center 5" (Wau Holland) of the club's Btx connection had already written to German data protection authorities and the German Federal Post Office in October 1984 and spoke of worrying gaps in the system, which was still in its infancy after its launch in 1983. The two hackers claimed that messages sent in the Btx system could be subsequently changed in a subscriber's inbox, for example by changing the background color from Btx blue to red (answer!) or even changing the text. "Dear data protectors" would then become "Dear data shits" and the order for 1 data protection brochure would become an order for 1000 brochures. The message ended like this:

"Well, and then came the question about making personal contact. We are available for an open discussion about activities, joint approaches and possibly practical demonstrations (electronic bank robbery by appointment only) on Tuesday from 1 pm.
CHAOS-TEAM, Btx editorial team. Control centers 5 and 23"

So the bank robbery had already been announced in slightly disguised form and a "remarkable team" against the Gilb had also come forward. Deutsche Bundespost did not react even when Wau Holland spoke about the shortcomings of the Btx system at a conference of data protectionists (DAFTA) in early November 1984. The beginning of his speech to the dear data protectionists is also included in the document (PDF) on the history of the hack:

"If we cling tightly to the terms, we are worlds apart: They are supposed to protect the data and we want to use it. Fortunately, things are different. Our common interest is not the protection of data, but the protection of people from data misuse."

The first press release (PDF) from the young CCC entitled "Bank robbery" also tried to convey the dangers of the Btx system. If the Post is not liable for such errors, who bears the risk? The CCC therefore drew attention to the central problem in the statement and called for a "ban on financial transactions" on Btx. Such a ban would have meant the end for the growing system, which set out to reach an audience open to computer technology with offers of shopping, banking and erotic services. Apart from the fact that at the time there was no "hacker paragraph" under which the CCC's action would have been punishable, as the subsequent "Btx interrogation" (PDF) revealed. The press release soberly stated:

"Swiss Post requires all participants in the videotex service to be aware of the risks and makes individuals responsible for all processes that
responsible for all processes that take place under their access code. This is not realistic."

The response to the hack was enormous, and not just in the media. The reputation of Btx was damaged for years and the growth of new users was disrupted for years, compared to the Minitel system in France. But it also had one good thing for the small CCC. At the memorial event ten years ago, Steffen Wernéry spoke of a "hyperspace acceleration effect" triggered by the action. The hackers had the courage to meet between the years at a Chaos Computer Congress, which in today's nomenclature would have to be called 1C3. The participants had fun and passed a resolution in the style of the then legendary TV series "Raumpatrouille" about the gilb that must be removed from the data networks:

"What sounds like a fairy tale today may be reality tomorrow. Here is a fairy tale from the day after tomorrow. There are no more copper cables, only fiber optics and terminals in every room. People live on remote computers. The mailboxes are developed as living space. Computer clubs rush through our data network system at speeds that are still unimaginable today. One of these computer clubs is the CCC. A gigantic part of a tiny security system that protects the Earth from threats from the Gilb."

(dmk)