Feeds

Powergen sets legal attack dogs on security whistle-blower

Breach of confidence claim

  • alert
  • submit to reddit

Seven Steps to Software Security

Powergen and a customer who highlighted a serious breach in consumer security at the utility more than three years ago are still locked in legal dispute.

John Chamberlain earned the enmity of the British utility company for leaking to Silicon.com a list of credit cards left unprotected on the utility's Web site. He is fighting a breach of confidence suit from Powergen. This civil lawsuit, which arises out of an accusation that Chamberlain failed to keep a promise to destroy customer data obtained from Powergen's site, is to be tried in the Chancery Court at Birmingham on March 12.

Without any legal aid, Chamberlain has been forced to conduct his legal defence in the case. He is searching for a lawyer who is prepared to work on the case pro-bono (without a fee).

Leicester-based former IT consultant Chamberlain described the experience of going through the courts without legal support as "bewildering" and "frustrating".

What’s in a domain?

In a separate action initiated last month, Chamberlain is involved in a domain name over the site Po Wergen.tv. This site was "registered in bad faith" and originally (for a time in October 2003) contained content critical of Powergen, according to Powergen's complaint to ICANN.

At the time of writing the site contained only material about mountain biking. Chamberlain said the site is derived from the Chinese word 'Po' and the German word 'Wergen'.

Chamberlain previously ran a site called www.powergensucks.com and www.powergen.me.uk. Chamberlain transferred ownership of the domain powergen.me.uk to Powergen after reaching a settlement with the utility after Powergen complained to Nominet but before a hearing had taken place in the case. Powergensucks.com is also an ex-parrot.

So why has Chamberlain registered a series of domains that could easily be seen as having a dig at Powergen?

"I'm only exercising my right to freedom of expression. Powergen is a generic term in the electricity industry anyway," Chamberlain told The Register.

Power struggle

The bad feeling between Powergen and Chamberlain began after he found a serious security hole on its site back in July 2000. Rather than thanking him for pointing out that customers' financial details were easily obtainable through simple URL manipulation, Powergen at first denied anything was wrong. After Silicon.com was able to prove the security breach via information turned over to it by Chamberlain Powergen upped the ante by threatening to obtain an injunction against Silicon.com and by branding Chamberlain as a 'hacker'.

But no prosecution was ever brought against Chamberlain. Chamberlain is highly critical of Powergen's initial denials as well as its subsequent aggressive stance.

"Powergen had no procedures in place. They came gunning for me and my career," Chamberlain told El Reg.

Chamberlain concedes that he may have acted "irrationally" when he found his debit cards details left on Powergen's insecure servers. But the subsequent actions of a company he formerly trusted have left him bruised and bewildered.

"It's had a negative effect on me - I haven't worked in two years. I'm sorry I ever went online that day to pay my bill," Chamberlain told The Register.

Neither Powergen nor its lawyers in the domain name dispute, Wragge & Co of Birmingham, responded to our repeated (phone and email) requests for comment in the case. ®

Related stories

Powergen credit card security cock-up
Powergen gives lessons on stupidity
Powergen stems flow to bloody nose
Powergen denies ties with powergenitalia

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.