Robert Schifreen

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Robert Jonathan Schifreen (born October 1963) is a former UK-based computer hacker and magazine editor, and the founder of IT security awareness training programme He was the first person charged with illegally accessing a computer system, but was acquitted because there was no such specific criminal offence at the time. Later in life he became a computer security consultant, speaking at many conferences on information security and training banks, large companies and universities in the UK on IT security. In 2014 he began developing the software on which SecuritySmart runs from scratch which reached completion and product launch in June 2016.[edit]

The idea of came to Robert after speaking to many CISOs at conferences and repeatedly hearing that the biggest problem with traditional methods of IT security training was that they lacked any tangible way of measuring success. SecuritySmart is a micro-learning platform which sends an email a week to trainees on one security-related topic, ending in a multiple choice question to test trainee understanding. Managers have access to a dashboard that contains analytics related to trainee response to the training emails, including when they were opened, how long they took to answer the question and how regularly they got the answers right.


He was arrested in 1985 for hacking into a British Telecom computer and accessing the Telecom Gold emails of Prince Philip. As there was no specific law against hacking at this time, in June 1985 he became (together with his co-defendant, Steve Gold) one of the first two people to be charged under section 1 of the Forgery and Counterfeiting Act 1981 with forgery which deceived a non-human target.[1] When the case came to trial in April 1986, Schifreen was said to have used an unprotected top level account identified as "2222222222" with a password of "1234"; Schifreen was said to have admitted obtaining user passwords but denied doing so for personal gain and said that his activities prompted Prestel to increase security.[2] On 24 April 1986 Schifreen was convicted on six counts of forgery and fined £750.[3]


Schifreen's appeal to the Court of Appeal was heard by three judges including the Lord Chief Justice, Lord Lane; judgment was given on 21 July 1987, and found that the use of a charge of forgery was inappropriate and that an application that the charges should be dismissed as giving no case to answer should succeed. The judgment expressed the hope that "the Procrustean attempt to force the facts into the language of an Act not designed to fit them" would not be repeated.[4]

Law Lords[edit]

The Crown then appealed to the House of Lords, but the appeal was turned down in April 1988.[5] The Law Lords agreed that the "making of a false instrument", a key part of proving a forgery case, revolved around the production of a "memory segment" with false information; as the computer had created this rather than Schifreen himself, the computer had effectively "forged itself".[6] This case led to introduction of the Computer Misuse Act 1990.[6]

Later life[edit]

After his acquittal, Schifreen had to take a judicial review action against the police for the return of his computers.[7] For some years, Schifreen was the editor of .EXE Magazine, a magazine for programmers. 'hex', his online name (shortened from the punning 'hex maniac'), was an active CIXen from the late 1980s, at a time when online communities were still a rare novelty.

Schifreen now lives in East Sussex working as an IT security trainer and web developer at the University of Brighton and runs an IT security consultancy. He regularly speaks at conferences and writes articles for the computer press and other publications. In 2006, John Wiley & Sons published his book, Defeating the Hacker.[8]


  1. ^ "Two face computer charge", The Times, 13 June 1985, p. 2.
  2. ^ "Prestel password 'blunder helped hacker'", The Times, 16 April 1986.
  3. ^ "Hacker who broke into Duke's computer file found guilty of forgery", The Times, 25 April 1986.
  4. ^ 'Hacking' into Prestel is not a Forgery Act offence" (Law Report), The Times, 21 July 1987.
  5. ^ "Computer 'hacking' is not forgery" (Law Report), The Times, 22 April 1988.
  6. ^ a b "BCS Computer Bulletin: September 2002 Interview". British Computer Society. Retrieved 2 October 2010.
  7. ^ Wendy Grossman, "The strong arm of the law", The Guardian, 22 September 1994, p. 5.
  8. ^ "Robert Schifreen - biography". Retrieved 2 October 2010.