Feeds

Powergen sets legal attack dogs on security whistle-blower

Breach of confidence claim

  • alert
  • submit to reddit

Build a business case: developing custom apps

Powergen and a customer who highlighted a serious breach in consumer security at the utility more than three years ago are still locked in legal dispute.

John Chamberlain earned the enmity of the British utility company for leaking to Silicon.com a list of credit cards left unprotected on the utility's Web site. He is fighting a breach of confidence suit from Powergen. This civil lawsuit, which arises out of an accusation that Chamberlain failed to keep a promise to destroy customer data obtained from Powergen's site, is to be tried in the Chancery Court at Birmingham on March 12.

Without any legal aid, Chamberlain has been forced to conduct his legal defence in the case. He is searching for a lawyer who is prepared to work on the case pro-bono (without a fee).

Leicester-based former IT consultant Chamberlain described the experience of going through the courts without legal support as "bewildering" and "frustrating".

What’s in a domain?

In a separate action initiated last month, Chamberlain is involved in a domain name over the site Po Wergen.tv. This site was "registered in bad faith" and originally (for a time in October 2003) contained content critical of Powergen, according to Powergen's complaint to ICANN.

At the time of writing the site contained only material about mountain biking. Chamberlain said the site is derived from the Chinese word 'Po' and the German word 'Wergen'.

Chamberlain previously ran a site called www.powergensucks.com and www.powergen.me.uk. Chamberlain transferred ownership of the domain powergen.me.uk to Powergen after reaching a settlement with the utility after Powergen complained to Nominet but before a hearing had taken place in the case. Powergensucks.com is also an ex-parrot.

So why has Chamberlain registered a series of domains that could easily be seen as having a dig at Powergen?

"I'm only exercising my right to freedom of expression. Powergen is a generic term in the electricity industry anyway," Chamberlain told The Register.

Power struggle

The bad feeling between Powergen and Chamberlain began after he found a serious security hole on its site back in July 2000. Rather than thanking him for pointing out that customers' financial details were easily obtainable through simple URL manipulation, Powergen at first denied anything was wrong. After Silicon.com was able to prove the security breach via information turned over to it by Chamberlain Powergen upped the ante by threatening to obtain an injunction against Silicon.com and by branding Chamberlain as a 'hacker'.

But no prosecution was ever brought against Chamberlain. Chamberlain is highly critical of Powergen's initial denials as well as its subsequent aggressive stance.

"Powergen had no procedures in place. They came gunning for me and my career," Chamberlain told El Reg.

Chamberlain concedes that he may have acted "irrationally" when he found his debit cards details left on Powergen's insecure servers. But the subsequent actions of a company he formerly trusted have left him bruised and bewildered.

"It's had a negative effect on me - I haven't worked in two years. I'm sorry I ever went online that day to pay my bill," Chamberlain told The Register.

Neither Powergen nor its lawyers in the domain name dispute, Wragge & Co of Birmingham, responded to our repeated (phone and email) requests for comment in the case. ®

Related stories

Powergen credit card security cock-up
Powergen gives lessons on stupidity
Powergen stems flow to bloody nose
Powergen denies ties with powergenitalia

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
Plug and PREY: Hackers reprogram USB drives to silently infect PCs
BadUSB instructs gadget chips to inject key-presses, redirect net traffic and more
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?