Tuesday, 2nd December 2008

News from the Guernsey Press

We’ll tell public what went wrong

By Nicci Martel

keyboard-typing.jpgTHE findings of an internal inquiry into how bank details of Maison Maritaine patients could be accessed online will be made public, the Treasury Minister promised yesterday.

Deputy Lyndon Trott said those responsible for the fault in the States internet security system would be found out. ‘There will be full inquiry to find the identification of those responsible, and I give my word those details will be made public – whatever it reveals.’

Treasury and Resources denied Marcus Cicero’s claims that a vulnerability on gov.gg sites meant that anyone with basic computer competence could get control of the main server. But T&R admitted that personal information, including some bank details, of nearly 40 care home residents, some deceased, had been accessible, but only to someone with extensive computer knowledge.

Jane Wonnacott, director of ICT for the States, said it was not known why that information was even on the system but that was being investigated, as was Mr Cicero’s assertion that he had contacted the States four years ago to report the fault.

She did not know why staff had not discovered it earlier.

‘We cannot say why the vulnerability was not spotted, but in our view this was a determined effort to access the States system and could only have been achieved with expert knowledge and specialist software.’

But a local IT expert, who asked to remain anonymous, supported Mr Cicero’s claims that this was a low-grade hack. He said the custom plug-in used by Mr Cicero, which detected the vulnerability, was a common tool used on the internet.

Mr Cicero denied he had set out to access the system.

Chief Minister Mike Torode said: ‘If we put it in perspective, people break into sites worldwide and this is fairly insignificant in real terms – think about the Ministry of Defence in Whitehall – but for someone to go in and look at data belonging to the elderly and infirm residents of the island, it is a despicable act.’

Article posted on 18th March, 2008 - 2.29pm

Have your say on 'We’ll tell public what went wrong', comment below

Subscriptions

The Guernsey Press provides daily in-depth coverage of life in the Bailiwick. Subscribe here. View a demo and subscribe to our online edition here.

Article filed under: News

Other Articles

« Airtel ‘will meet March deadline’
Early runners differ over electorate’s main issues »
Classifieds - 468
Rota Chemists - 230Useful Numbers - 230
eCycle - 468

One Article Comment

  1. Chris A
    | March 18, 2008 at 5:04 pm

    I think it’s astounding that Deputies Dave Jones et al. are keen to condemn the individual that
    unveiled the flaw in the States-administered computer system, rather than apologise for not
    protecting the information of the Maison Maritaine patients in the first place!

    You’re just lucky that Mr. Cicero had the good grace to point out your errors rather than exploit
    them!

    A lucky escape for the States … on this occasion!

Post a Comment on this Article

Your email address is never published nor shared. Required fields are marked *

*
*

Disclaimer: This comment area is moderated by the Guernsey Press, which aims to create a valuable forum for the expression of views by all who have an interest in Guernsey. Contributors are expected to respect the opinions of others and all submissions may be edited. In particular, our policy is not to allow defamatory, gratuitously offensive, factually inaccurate or self-promotional statements to be posted. The moderators will not enter into e-mail correspondence about the editing of individual submissions.

Your Shout: View all recent comments. More detail on the comment icons.

If you wish to make a comment about this website, please use our feedback form.