“Abracadabra-Glitch” – Software glitch allowed a Police Constable prohibited access to system he was barred from!

There is a clear question about an abuse of power here, as well as the fact that this amounts to a potential breach of supposedly secure data.

Police Constable Andrew Green accessed a number of intelligence systems in which he had been prohibited access from previously. It’s reported that a ‘software glitch’ allowed PC Green access to the system he wasn’t supposed to be able to get in to, which is serious enough; but this also raises questions about the cyber-security of the system, and how PC Green could even have access to the system again at all.

It’s not clear what the ‘software glitch’ was, but PC Green was banned from using the software from December 2012 to September 2015. However, when he moved from his previous role in Scunthorpe to his current role in Hull, the glitch allowed him access to the system again.

It was reported that the files he was banned from were restored during the process of moving his computer file. This was an error, Craig Hassall said, on behalf of the Humberside Police.

But what this importantly shows: is that even the police force are sometimes unable to prevent serious breaches occurring.

The failure to stop him using the system highlights a lack of procedural guidelines which could lead to an abuse of power, as PC Green was allegedly aware of the ban on accessing the system.

It could be argued that there was no abuse of power here, but instead misconduct on the part of PC Green. This could have disastrous consequences, and may send out a message that it’s possible to access a system that you should not be able to.

Music to the cyber criminal’s ears!

Part of PC Green’s defence is that he was unaware of his ‘banned’ status from the system. He continued to say that his sergeant at the time, Sgt Mick Stevenson, knew that he was accessing the system, as he would seek assistance when he had troubles accessing them. It can therefore be seen as a systematic failure from the policing organisation to have allowed PC Green unauthorised access, and it’s time that the they had a second look at its cyber-security, before an unauthorised access from the outside causes irreversible consequences.

Let this be a lesson learned as cyber-security is something that organisations must take seriously – especially the police! The Humberside police should be wary of outside cyber-criminals that could take personal data to an extent of selling them on the ‘darkweb’, as was demonstrated in the recent sale of 10 million NHS medical records.