Security leak at the CSA, or intelligence leak at the source?

One of the many websites that I administer is the very popular (or unpopular, depending on your stance) advice website CSAhelll.com. The website features daily stories from parents, both mothers and fathers, who are tearing their hair out due to the incompetencies, errors and bullying tactics at the hands of the Child Support Agency.

One post the site had recently was particularly funny because the woman who posted it came back a few days later, after receiving advice and comments to her post, wondering how her story had wound up on the website in the first place. This woman’s story (which I won’t link to) was sent in to the website by the aforementioned woman using the contact form on the website, yet she was dumbfounded as to how we received her information and were able to post it.

Had there been some sort of security leak at the CSA itself, you may ask? This wouldn’t have been uncommon, seeing as their data is hardly secure anyway. They once posted a woman’s bank details to me by mistake, after printing them out and leaving them on the printer for some idiot to pick up and shove in a letter bound for my address. They have also famously lost data, and had staff sacked for accessing adult websites and material online using supposedly secure computers; their information security is basically a mess, something which I personally told their head of security, Bernard Devaney, when I last spoke to him in reference to the CSA staff member who tried to coerce fathers into killing themselves via Facebook. He agreed, although couldn’t go into detail.

However, this time the error wasn’t the agency’s, not that they couldn’t do without recruiting a few more people to information security jobs anyway. No, this error was the fault of the woman who rather stupidly pasted her entire story into the CSAhell.com website thinking she was contacting the CSA and, even when she returned to the website to retrieve her feedback didn’t remember being there in the first place.

No wonder her life’s in a mess.

Darren Jamieson, aka MrDaz, is the Technical Director and co-founder of Engage Web and has been working online in a career spanning two decades. His first website was built in 1998 and is still live today.

Facebook Twitter LinkedIn Google+ 

Leave a Reply

Your email address will not be published. Required fields are marked *