Web developer Marcus Cicero, who told the States four years ago of security problems on its website. (Picture by Adrian Miller, 0552060)
MARCUS CICERO accused the States yesterday of vilifying him for exposing a fault in the government’s internet system.
He refuted allegations by the States that he copied any information he discovered on Maison Maritaine residents via a vulnerability in the gov.gg sites and denied looking at the files.
‘They’ve just made me out to be the villain, when all I wanted to do was expose this vulnerability, not use it to my gain,’ he said. ‘If I had wanted to do anything untoward with those sites then why would I leave my calling card all over them? The main thing is that the States have acknowledged the existence of the records and they themselves have deleted them from their server.’
Police confirmed yesterday that they were investigating a suspected breach of the Computer Misuse Law in relation to the unauthorised access of a States of Guernsey internet site, although would not confirm whether Mr Cicero was the focus of it, or if any offences had indeed been committed.
The Guernsey Press provides daily in-depth coverage of life in the Bailiwick. Subscribe here. View a demo and subscribe to our online edition here.
Loading ...
2 Article Comments
Mr Cicero might be amused to read the following tongue in cheek posting on the IT leakage on the Editors Blog
“…the blame lies squarely with someone else. The CS fight tooth and nail not to allow their members to take responsibility for anything. Your suggestion that they have been negligent in permitting one, or a number of their own, to be exposed to a possibility of criticism, by being put in a position of responsibility is beyond the pale.
The systems breach is purely and simply the fault of (delete those which do not apply): the Press/ the IT bloke that tipped the press off/ the IT consultants that designed the system/ the system engineers/ the politicians that authorised them to hire the consultants that recommended the engineers that built the system/ the old people whose records were so negligently given to the department/ scrutiny - for not picking up on the breach earlier, or making a fuss about the budget/ global warming/ the EC/ Alderney’s breakwater.
Interesting to note the immediate reaction - shoot the whistleblower - as usual.”
The States reacted the same in 2000, when an unprotected security utility part of Guernsey Telecoms (at the time) gtonline website exposed Internet users details and passwords. Those who discovered the problem tried to tell the right people (States, DP commissioner, police, advocates), and only went to the media because nobody was interested. Those same people ended up in the interview room of the police station. It seems to be the States knee-jerk reaction to stamp on anyone that exposes the embarrassment, rather than those that cause it.