Feeds

Powergen sets legal attack dogs on security whistle-blower

Breach of confidence claim

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Powergen and a customer who highlighted a serious breach in consumer security at the utility more than three years ago are still locked in legal dispute.

John Chamberlain earned the enmity of the British utility company for leaking to Silicon.com a list of credit cards left unprotected on the utility's Web site. He is fighting a breach of confidence suit from Powergen. This civil lawsuit, which arises out of an accusation that Chamberlain failed to keep a promise to destroy customer data obtained from Powergen's site, is to be tried in the Chancery Court at Birmingham on March 12.

Without any legal aid, Chamberlain has been forced to conduct his legal defence in the case. He is searching for a lawyer who is prepared to work on the case pro-bono (without a fee).

Leicester-based former IT consultant Chamberlain described the experience of going through the courts without legal support as "bewildering" and "frustrating".

What’s in a domain?

In a separate action initiated last month, Chamberlain is involved in a domain name over the site Po Wergen.tv. This site was "registered in bad faith" and originally (for a time in October 2003) contained content critical of Powergen, according to Powergen's complaint to ICANN.

At the time of writing the site contained only material about mountain biking. Chamberlain said the site is derived from the Chinese word 'Po' and the German word 'Wergen'.

Chamberlain previously ran a site called www.powergensucks.com and www.powergen.me.uk. Chamberlain transferred ownership of the domain powergen.me.uk to Powergen after reaching a settlement with the utility after Powergen complained to Nominet but before a hearing had taken place in the case. Powergensucks.com is also an ex-parrot.

So why has Chamberlain registered a series of domains that could easily be seen as having a dig at Powergen?

"I'm only exercising my right to freedom of expression. Powergen is a generic term in the electricity industry anyway," Chamberlain told The Register.

Power struggle

The bad feeling between Powergen and Chamberlain began after he found a serious security hole on its site back in July 2000. Rather than thanking him for pointing out that customers' financial details were easily obtainable through simple URL manipulation, Powergen at first denied anything was wrong. After Silicon.com was able to prove the security breach via information turned over to it by Chamberlain Powergen upped the ante by threatening to obtain an injunction against Silicon.com and by branding Chamberlain as a 'hacker'.

But no prosecution was ever brought against Chamberlain. Chamberlain is highly critical of Powergen's initial denials as well as its subsequent aggressive stance.

"Powergen had no procedures in place. They came gunning for me and my career," Chamberlain told El Reg.

Chamberlain concedes that he may have acted "irrationally" when he found his debit cards details left on Powergen's insecure servers. But the subsequent actions of a company he formerly trusted have left him bruised and bewildered.

"It's had a negative effect on me - I haven't worked in two years. I'm sorry I ever went online that day to pay my bill," Chamberlain told The Register.

Neither Powergen nor its lawyers in the domain name dispute, Wragge & Co of Birmingham, responded to our repeated (phone and email) requests for comment in the case. ®

Related stories

Powergen credit card security cock-up
Powergen gives lessons on stupidity
Powergen stems flow to bloody nose
Powergen denies ties with powergenitalia

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.