Feeds

Powergen sets legal attack dogs on security whistle-blower

Breach of confidence claim

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Powergen and a customer who highlighted a serious breach in consumer security at the utility more than three years ago are still locked in legal dispute.

John Chamberlain earned the enmity of the British utility company for leaking to Silicon.com a list of credit cards left unprotected on the utility's Web site. He is fighting a breach of confidence suit from Powergen. This civil lawsuit, which arises out of an accusation that Chamberlain failed to keep a promise to destroy customer data obtained from Powergen's site, is to be tried in the Chancery Court at Birmingham on March 12.

Without any legal aid, Chamberlain has been forced to conduct his legal defence in the case. He is searching for a lawyer who is prepared to work on the case pro-bono (without a fee).

Leicester-based former IT consultant Chamberlain described the experience of going through the courts without legal support as "bewildering" and "frustrating".

What’s in a domain?

In a separate action initiated last month, Chamberlain is involved in a domain name over the site Po Wergen.tv. This site was "registered in bad faith" and originally (for a time in October 2003) contained content critical of Powergen, according to Powergen's complaint to ICANN.

At the time of writing the site contained only material about mountain biking. Chamberlain said the site is derived from the Chinese word 'Po' and the German word 'Wergen'.

Chamberlain previously ran a site called www.powergensucks.com and www.powergen.me.uk. Chamberlain transferred ownership of the domain powergen.me.uk to Powergen after reaching a settlement with the utility after Powergen complained to Nominet but before a hearing had taken place in the case. Powergensucks.com is also an ex-parrot.

So why has Chamberlain registered a series of domains that could easily be seen as having a dig at Powergen?

"I'm only exercising my right to freedom of expression. Powergen is a generic term in the electricity industry anyway," Chamberlain told The Register.

Power struggle

The bad feeling between Powergen and Chamberlain began after he found a serious security hole on its site back in July 2000. Rather than thanking him for pointing out that customers' financial details were easily obtainable through simple URL manipulation, Powergen at first denied anything was wrong. After Silicon.com was able to prove the security breach via information turned over to it by Chamberlain Powergen upped the ante by threatening to obtain an injunction against Silicon.com and by branding Chamberlain as a 'hacker'.

But no prosecution was ever brought against Chamberlain. Chamberlain is highly critical of Powergen's initial denials as well as its subsequent aggressive stance.

"Powergen had no procedures in place. They came gunning for me and my career," Chamberlain told El Reg.

Chamberlain concedes that he may have acted "irrationally" when he found his debit cards details left on Powergen's insecure servers. But the subsequent actions of a company he formerly trusted have left him bruised and bewildered.

"It's had a negative effect on me - I haven't worked in two years. I'm sorry I ever went online that day to pay my bill," Chamberlain told The Register.

Neither Powergen nor its lawyers in the domain name dispute, Wragge & Co of Birmingham, responded to our repeated (phone and email) requests for comment in the case. ®

Related stories

Powergen credit card security cock-up
Powergen gives lessons on stupidity
Powergen stems flow to bloody nose
Powergen denies ties with powergenitalia

Secure remote control for conventional and virtual desktops

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.