[ISN] Energis Forced to Hide Hacker

From: InfoSec News (isnat_private)
Date: Sat Jan 19 2002 - 21:02:08 PST

Next message: InfoSec News: "[ISN] Linux Advisory Watch - January 18th 2002"

Previous message: InfoSec News: "Re: [ISN] Exploding chips could foil laptop thieves."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: Elyn Wollensky <elynat_private>

http://www.silicon.com/a50435

Joey Gardiner
Tuesday 15th January 2002   

A war of words has broken out between Energis and a UK webmaster after
a hacker tried to break into a website from a domain managed by the
ISP.

The row erupted after Freeserve user John Chamberlain noticed attempts
were being made to hack into his website.

They stemmed from an Energis domain, and although the ISP claims it
traced the source and took 'appropriate action', it has so far refused
to name the guilty party.

Energis says the Data Protection Act (DPA) prevents it from releasing
that information.

But Chamberlain is now considering legal action to try to gain access
to the information, saying he has his own responsibilities to protect
confidential data under the same legislation.

Chamberlain is worried about his own liability if he doesn't make
every effort to keep his alchemyproject.net site secure.

There is also concern that Energis' commitment to the DPA is forcing
it to unwittingly cover up the attempted hack, which is a crime under
the Computer Misuse Act. Lawyers agree the legal position is very
confused in this area.

Simon Stokes, head of ecommerce at law firm Tarlo Lyons, said: "It's a
very grey area indeed. Hacking, and the intent to hack, is illegal, so
in one sense Energis has a duty to not conceal this. However, it does
of course have obligations to its users under the DPA."

Stokes said it is clear Energis has a responsibility to provide all of
this information to authorities once any kind of civil or criminal
investigation is launched.

Other lawyers agree there is a definite conflict between the Data
Protection Act and the Computer Misuse Act in cases such as these.

Energis could not provide silicon.com with a copy of its standard
procedures at the time of publication, but said: "If we believe that a
criminal act has taken place, we would advise the complainant to
report the issue to their local police station and we would work
within the law to identify the alleged offender."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.

Next message: InfoSec News: "[ISN] Linux Advisory Watch - January 18th 2002"
Previous message: InfoSec News: "Re: [ISN] Exploding chips could foil laptop thieves."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jan 20 2002 - 01:09:20 PST