Feeds

Powergen sets legal attack dogs on security whistle-blower

Breach of confidence claim

  • alert
  • submit to reddit

Top three mobile application threats

Powergen and a customer who highlighted a serious breach in consumer security at the utility more than three years ago are still locked in legal dispute.

John Chamberlain earned the enmity of the British utility company for leaking to Silicon.com a list of credit cards left unprotected on the utility's Web site. He is fighting a breach of confidence suit from Powergen. This civil lawsuit, which arises out of an accusation that Chamberlain failed to keep a promise to destroy customer data obtained from Powergen's site, is to be tried in the Chancery Court at Birmingham on March 12.

Without any legal aid, Chamberlain has been forced to conduct his legal defence in the case. He is searching for a lawyer who is prepared to work on the case pro-bono (without a fee).

Leicester-based former IT consultant Chamberlain described the experience of going through the courts without legal support as "bewildering" and "frustrating".

What’s in a domain?

In a separate action initiated last month, Chamberlain is involved in a domain name over the site Po Wergen.tv. This site was "registered in bad faith" and originally (for a time in October 2003) contained content critical of Powergen, according to Powergen's complaint to ICANN.

At the time of writing the site contained only material about mountain biking. Chamberlain said the site is derived from the Chinese word 'Po' and the German word 'Wergen'.

Chamberlain previously ran a site called www.powergensucks.com and www.powergen.me.uk. Chamberlain transferred ownership of the domain powergen.me.uk to Powergen after reaching a settlement with the utility after Powergen complained to Nominet but before a hearing had taken place in the case. Powergensucks.com is also an ex-parrot.

So why has Chamberlain registered a series of domains that could easily be seen as having a dig at Powergen?

"I'm only exercising my right to freedom of expression. Powergen is a generic term in the electricity industry anyway," Chamberlain told The Register.

Power struggle

The bad feeling between Powergen and Chamberlain began after he found a serious security hole on its site back in July 2000. Rather than thanking him for pointing out that customers' financial details were easily obtainable through simple URL manipulation, Powergen at first denied anything was wrong. After Silicon.com was able to prove the security breach via information turned over to it by Chamberlain Powergen upped the ante by threatening to obtain an injunction against Silicon.com and by branding Chamberlain as a 'hacker'.

But no prosecution was ever brought against Chamberlain. Chamberlain is highly critical of Powergen's initial denials as well as its subsequent aggressive stance.

"Powergen had no procedures in place. They came gunning for me and my career," Chamberlain told El Reg.

Chamberlain concedes that he may have acted "irrationally" when he found his debit cards details left on Powergen's insecure servers. But the subsequent actions of a company he formerly trusted have left him bruised and bewildered.

"It's had a negative effect on me - I haven't worked in two years. I'm sorry I ever went online that day to pay my bill," Chamberlain told The Register.

Neither Powergen nor its lawyers in the domain name dispute, Wragge & Co of Birmingham, responded to our repeated (phone and email) requests for comment in the case. ®

Related stories

Powergen credit card security cock-up
Powergen gives lessons on stupidity
Powergen stems flow to bloody nose
Powergen denies ties with powergenitalia

Combat fraud and increase customer satisfaction

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.