[ISN] Energis Forced to Hide Hacker

From: InfoSec News (isnat_private)
Date: Sat Jan 19 2002 - 21:02:08 PST

  • Next message: InfoSec News: "[ISN] Linux Advisory Watch - January 18th 2002"

    Forwarded from: Elyn Wollensky <elynat_private>
    Joey Gardiner
    Tuesday 15th January 2002   
    A war of words has broken out between Energis and a UK webmaster after
    a hacker tried to break into a website from a domain managed by the
    The row erupted after Freeserve user John Chamberlain noticed attempts
    were being made to hack into his website.
    They stemmed from an Energis domain, and although the ISP claims it
    traced the source and took 'appropriate action', it has so far refused
    to name the guilty party.
    Energis says the Data Protection Act (DPA) prevents it from releasing
    that information.
    But Chamberlain is now considering legal action to try to gain access
    to the information, saying he has his own responsibilities to protect
    confidential data under the same legislation.
    Chamberlain is worried about his own liability if he doesn't make
    every effort to keep his alchemyproject.net site secure.
    There is also concern that Energis' commitment to the DPA is forcing
    it to unwittingly cover up the attempted hack, which is a crime under
    the Computer Misuse Act. Lawyers agree the legal position is very
    confused in this area.
    Simon Stokes, head of ecommerce at law firm Tarlo Lyons, said: "It's a
    very grey area indeed. Hacking, and the intent to hack, is illegal, so
    in one sense Energis has a duty to not conceal this. However, it does
    of course have obligations to its users under the DPA."
    Stokes said it is clear Energis has a responsibility to provide all of
    this information to authorities once any kind of civil or criminal
    investigation is launched.
    Other lawyers agree there is a definite conflict between the Data
    Protection Act and the Computer Misuse Act in cases such as these.
    Energis could not provide silicon.com with a copy of its standard
    procedures at the time of publication, but said: "If we believe that a
    criminal act has taken place, we would advise the complainant to
    report the issue to their local police station and we would work
    within the law to identify the alleged offender."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Sun Jan 20 2002 - 01:09:20 PST