Data breaches’ handling policies/stance of GLA were not followed when I was there. Here they are in their own words:

Meanwhile in the news:

Also this past weekend:

Summary: This past weekend Greater London Authority’s managers came under fire for mishandling of data (this went on for months!) and it wasn’t even the first time; usually they keep quiet about such things and hope nobody will notice while IT people — including Sirius ‘Open Source’ — are retroactively ‘fixing’ these issues

Summary: Data security and system security at Greater London Authority’s Web site haven’t been good; today we share just a couple of examples which help refute statements issued by Greater London Authority after a scandal that had made it to the mainstream media

Y! It really takes a liar to progress to management. The better the liar, the higher up the role.

As I mentioned the other day, there’s somewhat of a blunder since Friday when the news broke:

The following conspicuous statement is worth assessing, as I was working on the sites (various aspects, some microsites too) for 9 years.

You would expect them to say that, wouldn’t you?

As I said on Saturday morning, this has deja vu written all over it.

to give one example (there are more):

It wasn’t Sirius stuff (and certainly wasn’t me) who configured those terribly buggy forms.

As lying bosses at Sirius might say, “it doesn’t look good…”

It’s not the fault of Sirius either, at least not in this case.

The worst part of it is, as far as I’m aware GLA never publicly reported or disclosed this incident (sometimes this is legally required upon discovery or within a number of days, including informing those potentially affected, like people with their identity cards uploaded and widely available to the general public).

This isn’t the only such example.

2 years later even malicious scripts/programs could be uploaded. It was only detected after it had happened. Here are some fragments of old messages:

This is a penalty for not scanning/sanitising uploads/input.

Why am I publishing these (redacted sensibly)? Because lying is wrong and privacy problems are the problem, speaking about them is not the problem. It is the moral thing to do — to point out it is a repeat offender so to speak. There is an obligation here to debunk false assurances, as this has gone on for years already.

Summary: The London Municipality, also known as Greater London Authority (GLA), turns its back on people who worked on its computer systems for nearly a decade; it’s not convenient to deal with victims of a crime, especially when the crime was committed on GLA’s watch while GLA was sponsoring the perpetrators of the crime

THE series about crimes of Sirius ‘Open Source’ is far from over. What we have here a formerly OK company that even funded the Free Software Foundation (FSF) for a couple of years turning into a criminal organisation, taking bribes in secret from Bill Gates (under an NDA) while besieging and bullying its own staff. This must be treated as a criminal matter, not a civil matter. Arrests should be made as soon as possible.

But what happens when the perpetrators of the crimes are connected to the British government, not just local authorities but also Home Office? Then it gets a little… “tricky”… or “complicated” for them to handle. It’s almost like they’re asked to investigate themselves and hold themselves accountable.

As a recap, so far I’ve contacted:

1. Greater Manchester Police (repeatedly insisting I defer to Action Fraud after nearly 40 minutes on the phone)
2. Action Fraud (4 weeks, no action)
3. My MP contacting Action Fraud (4 weeks, no response)
4. GLA (London Municipality), whose computer systemd I’ve worked on since 2013
5. ECVCU Victim Contact/City of London Police
6. The equivalent of the ombudsman next

It should be strongly emphasised that:

1. I’m not the only victim. Men and women I worked with are also victims.
2. None of the steps above resulted in any real progress, except proving that this whole “law enforcement” system is trash
3. The perpetrators of the pension fraud crime (other crimes aside) got in touch with me personally and did not deny committing the crime

About 5 days ago I sent the following message to GLA, especially senior people there (they know me in person):

City of London Police Does Not Protect GLA Staff Victimised by the Employer

Two weeks ago I wrote to you regarding Action Fraud not taking action and not even replying to my MP upon escalation. After I sent the E-mail to GLA all of a sudden I received a mostly template-like message from the City of London Police E-mail system (ECVCU Victim Contact) and the Sirius Director who was in charge at the time contacted me not denying the abuses but basically trying to discourage me from pursuing criminal enforcement. I assume City of London Police messaged me because you had asked them to. Maybe they even contacted the above-mentioned Director because she contacted me at 2AM.

I responded to the police twice, but they are not even replying (not responding to my second message for 7 days as of this morning) — that’s basically consistent with my prior experiences. Nobody from GLA bothered to even reply to me, despite me working for GLA for many years while my employer (your contractor) defrauded my colleagues and I. There are many victims here, not one. I am therefore going to escalate this higher than GLA (Sirius worked for government departments above GLA) and perhaps the media too.

It does not look good that GLA does not take crime seriously, even crimes committed against its own people, despite GLA being in charge of the police (Sirius is based in London [1,2]).

_____________
[1] https://find-and-update.company-information.service.gov.uk/company/11014042
[2] https://find-and-update.company-information.service.gov.uk/company/03633198

These messages were definitely received, as there were even auto-responders:

Not only did they never respond. No real action has been taken to remediate things. GLA is swimming in money, it exploits people who do technical work overnight at 13-14 pounds per hour, and when it turns out those people were defrauded GLA just looks the other way. This won’t end well. We’re escalating this further and former colleague speak of legal action. Seeing how GLA and the police handled this, they’re even worse than the pension firms.

Video download link | md5sum ff10727ca3703e6abd1ccf2a43f85a9e
Managers of Police Budget Fail Miserably
Creative Commons Attribution-No Derivative Works 4.0

Summary: It increasingly looks like an elaborate festival of gaslighting if not cover-up; people whom I worked for (or with) for many years don’t want to talk about crimes committed against my colleague and I; police never went any further than sending template-like E-mails which say nothing at all and cops treat my Member of Parliament like she does not even exist to them — a blatant case of chronic contempt

HIS early morning (at around 3AM) marked one week since I last contacted London about the crimes of Sirius ‘Open Source’. Much as I expected all along, there was no reply, not even an acknowledgement that they were handling my E-mails (nothing bounced, those were successfully received at their end).

What does that tell us about British police or about police in general?

What can one conclude about crimes committed by government contractors, which are in turn protected by the government? What if the crimes are committed against the staff? Should that even matter?

If the system of law enforcement has become a system of selective enforcement (wherein selections are done by those in power), then it’s not a functioning system of Law and Order or the Rule of Law. It’s a dictatorship of monarchs widely disguised and sold to the public — even to the whole world — as a democracy. The video above also discusses past engagements with the police. They were never helpful, only polite (to a point).

This saga is far from over. We’ve already escalated the matter today at noon.

Real function? Saving face? Response to bad press? Reaction to betrayed victims?

Summary: The very serious crimes committed by Sirius ‘Open Source’ while I worked there (I didn’t know until this year) are leaving many people in the British government red-faced and the police (at several levels already) is trying to sweep the whole thing under a rug

The pension fraud at Sirius ‘Open Source’ might only be the edge of a very large iceberg. What do managers know? Some contact us with a tone resembling “begging”. If they were not being properly audited due to scale-related exemptions, what other financial crimes were also being committed? Only managers from that time may know the full extent of the fraud, wage theft, etc.

Readers may wonder why we haven’t covered this topic for a week. We just needed to give police as much as a week to reply and since there’s no progress, we’re now escalating further (higher). For those who missed what we covered last month, our regime tried to pretend that pension fraud committed by itself (via a contractor) is like falling for some Nigerian scammer online and victims can be brushed off with some “advice” rather than law enforcement. As if having a chat over the telephone would do; babytalk rather than imprisoning those responsible, i.e. those who were paid by our own regime. We call that “arse-covering” here; they know they’re culpable, so they’re just trying to tire down the complainants.

So later on, maybe later this week, I will report to the Independent Police Complaints Commission (IPCC) or Independent Office for Police Conduct (IOPC); not that they will fix it, I don’t expect the cover-up to stop at the police, but it’ll make a point. It’s all very Kafkaesque. What started as outright fraud at Sirius, a small government contractor, is now a scandal implicating the whole British system. It’s shielding the criminals instead of protecting their victims.

“I hope that it had a specific enough (and accurate enough) call to action for them to work with,” one person advised me last month. “It’s good that there are still additional options in reserve. However, this one might take a lot of back-and-forth negotiation before moving forward. It’s very important to emphasise that many former employees were also ripped off by Sirius in this manner. And that the manner of the ripoff is very likely a serious crime in the UK.”

We’ve just spoken to additional informed people and escalating this to the British media (mainstream press) is still in the cards. But the higher up we go now, the bigger this blunder becomes. The chain of complicity becomes longer.

Speaking to supervisory agencies is just one of 10 escalation steps ahead (we have them written down; it’s a checklist for a broken system). As a reminder, on the last Monday of June things escalated to London’s authorities (they know me in person because I worked for them and went there in person), which in turn referred the case to ECVCU Victim Contact/City of London Police. Knowing the people will help a lot, I think, but the people they referred me to don’t know me.

As a recap, it all started in March with Greater Manchester Police (repeatedly insisting I defer to Action Fraud after nearly 40 minutes on the phone), then Action Fraud (4 weeks, no action), then my MP contacting Action Fraud (4 weeks, no response), then London’s authorities (GLA), then ECVCU Victim Contact/City of London Police. Exactly one week ago (Saturday morning) I wrote to them:

We have received a referral in relation to the report you made to Action Fraud, crime reference number [redacted] refers.

As part of our service we are contacting you to offer further advice, guidance and support regarding your fraud, which you will find below. In addition, if you would like us to make contact with you to discuss further, could you please provide us with your telephone number and one of our Victim Contact Advisors will attempt to call you on a day and at a time convenient to you. We operate Monday to Friday from 0900-1800.

If you have any concerns regarding the authenticity of this email, please refer to our website for reassurance and further information, http://www.actionfraud.police.uk/vcoa-unit

Hi, City of London Police,

It is now July. What is the latest progress on this? Have arrests been made yet? If you are not progressing the case, I will escalate higher.

Regards,

They did not even bother responding to me. It was my second message to them.

They don’t even respond.

Typical, more of the same.

And to repeat what was said here before, the complaint to HMRC regarding Sirius went nowhere. Now almost 2.5 months without even a reply. One must thus deduce that unless one is an oligarch or a King, operating through a network/legion of well-connected lawyers, HMRC (HM stands for His Majesty’s) is unresponsive to reports of tax fraud. HMRC (cherry-) picks on the vulnerable, who lack legal defence. It’s “cheaper” this way.

So what comes next is a referral to the Independent Police Complaints Commission (IPCC). It’s now known as the Independent Office for Police Conduct (IOPC) and except in Northern Ireland there seems to be no ombudsman for the police, so this seems to be the last resort at this level. The police level. The cops have political masters too, so we’ve not exhausted the options.

A lot of people have understandably become cynical about “the system” and how it’s definitely not working. But proving this or demonstrating that as an actual victim of a crime takes a lot of work.

While we still have some remnants of democracy and free speech it is still feasible to safely or almost safely criticise and challenge key institutions, even courts and police. If we don’t exercise those freedoms, we’ll lose them and criminals/oligarchs will control everything, like in Russia or China.

As a side note, the police does not even name its unit consistently. It seems to be more about keeping up appearances rather than doing anything. For instance, what London municipality called “Economic Crime Victim Care Unit” is not consistent with E-mails that say “Economic Crime Victim CONTACT Unit”. A cynic might say that maybe they changed names as they decided they did not CARE and would just CONTACT instead (but would not even respond to messages from the victims whom they contact!). A care unit became contact unit (same acronym) and there is also National Economic Crime Victim Care Unit (NECVCU), albeit not the same thing. They’re not even sure what to call themselves. Here’s the Victims Commissioner. Someone has told me that in the United States police don’t say victim. They say “complaining witness”.

In short, the police here has made no effort at all to tackle the crime. To make matters worse, they talk to us like we bought fake ‘crypto’ coins or something inane like that; or sent money to a Nigerian prince…

But this is not what happened; it was a well coordinated scam by govornment entities and they don’t want to be left holding the bag. Instead they pretend we’re all just stupid and this won’t end well.

We’ll escalate this matter further and then escalate to media/press, as legal action is too slow. We might follow up with GLA (London Municipality; the company is based there) and local MPs to remind them what sort of police forces they’re funding. It generally signals to everyone out there that crime pays off and if one commits a crime and gets caught, no punishment will follow. Even if one lives in the UK and still operates in the UK, with impunity.

Video download link | md5sum 9626365333766dabc4d34d12ae13a6a6
Getting Down to Arrests, Compensation, Gates NDA
Creative Commons Attribution-No Derivative Works 4.0

Summary: The crimes of Sirius ‘Open Source’ are believed to be investigated right now, but it is important to note just how much effort is required — even some connections — to get things rolling and actually get law enforcers to do their job rather than send bot messages acknowledging the receipt of something never handled by an actual person

THE video above is an outline or an overview of some recent developments in the quest to hold Sirius ‘Open Source’ management accountable for very serious crimes. The clients included very high-profile government departments, so we don’t expect this to be easy. Generally speaking, the government tends to protect itself from accountability or from ‘embarrassment’, perhaps even prosecution and jail time. In this case, there are many victims and they’re GNU/Linux system administrators, sometimes programmers too. We expect this series to last until the end of the year, maybe even next year, judging by how slowly “the system” is moving, both by intention and by design. We’ll document the failings and the shortcomings of this system. We’ve seen similar things in the EU when it comes to EPO corruption.

See disclaimer below^* regarding this seemingly daring metaphor

Summary: Just 4 hours after escalating the matter of Sirius ‘Open Source’ fraud to its (previously) biggest client, which oversees police budget, the Economic Crime Victim Contact Unit (VCoA) got in touch with me regarding my Action Fraud crime report (many victims; not handled for almost 10 weeks despite escalation to my Member of Parliament), saying they “offer free [editor’s note: taxpayer-funded actually] help and advice to people who have been the victims of fraud and cyber-crime to try to help prevent them from becoming a repeat victim.” But we need action, we need law enforcement, not “advice” (action is well overdue, several months already).

MORE than a month ago I received an “(in)action fraud” message that was timed exactly 4 weeks after its submission (weekend outside working hours), specifying nothing about my crime report. I’m certain it was automated. Nobody bothered looking into that and it seems endemic at Action Fraud (it has been even worse for some; they’re literally being insulted by Action Fraud; the cops are attacking the victims of crime!^** ). On Monday I received the following after Greater London Authority (London Municipality) got contacted, so it’s safe to assume someone there nudged the police to stop ignoring victims of crimes committed against staff of London Municipality (by contract; we worked on their system for many years).

Here’s a portion of what they sent (some redaction applied) and my response:

Action Fraud Report

ECONOMIC CRIME VICTIM CONTACT UNIT (VCoA)

To: Roy Schestowitz

The Economic Crime Victim Contact Unit (VCoA) is part of the Action Fraud National Fraud and Cyber Reporting Centre service. We deliver a support service for victims of fraud and cyber-crime in England, Wales and Northern Ireland.

We offer free help and advice to people who have been the victims of fraud and cyber-crime to try to help prevent them from becoming a repeat victim. We do not investigate crime and we cannot assist in the recovery of any losses. We will never ask you for anything as our purpose is to provide information, help and guidance.

We have received a referral in relation to the report you made to Action Fraud, crime reference number [redacted] refers.

A serious crime was committed. It was committed not just against myself but also against my colleagues. It went on for years. We’re not gullible, we are well-educated people who are literate in this domain. There was a chain of enablers in this crime. The legitimacy came from various separate factors, including some which are connected to the government. I can elaborate on this as the need arises.

The perpetrators of the crime have names. They have home addresses. You know where they live. They need to be interrogated and held accountable. The evidence is overwhelming and they do not deny the crime was committed.

If somebody gets raped, you don’t simply lecture them on how not to become “repeat victim”, you go out there and apprehend the rapist. Here too, a crime was committed, repeatedly, for years, against many people. They only found out about it this year, as there was obstruction and stonewalling, including from pension providers. The accountants and IFA refuse to even answer queries about it. They may be culpable too.

Anything short of action from Action Fraud would seem inadequate. I first contacted the police back in March after it got confirmed to me that a crime had been committed. I am not a law enforcer, so the role of the police forces is crucial.

We’re almost in July already. Is it considered normal for a case to take almost 4 months from initial report to action? You say you “do not investigate crime”, so who will investigate it and when? When will action be taken?

The message from the Economic Crime Victim Contact Unit (VCoA) — not from Action Fraud — came out of the blue as a reaction to escalation to Greater London Authority, GLA. In fact, only 4 hours passed since I contacted GLA on the matter. So it seems that in order to progress these things one needs to have special connections, e.g. working for GLA as a contractor for nearly a decade.

They have not even responded since then. Not a word. They have my postal address, my phone number, my E-mails.

But not a word. My response to them did not bounce, so it’s safe to assume they received it.

It also worries me that they got a person to respond to me only after months of efforts, including an escalation to my Member of Parliament, a former client (that it in charge of police budget), and public shaming. Not many people have time and capacity to do this. Some are too busy working all day long and are impatient, moody, helpless, and utterly frustrated.

How to get UK Action Fraud to take “affirmative action” against crime^***? I can only speak from my own experience.

It goes like this:

Contact with crime report/evidence, wait 4 weeks, then escalate to MP, wait 4 weeks, then escalate to London’s authorities, then they might escalate to City of London Police (if you worked for London’s authorities) and there MIGHT be a chance of them actually taking action. Ridiculous.

If this is how law enforcement works here (or elsewhere^****), then I am deeply concerned. This is the blueprint for monarchy-type regimes with immunity and impunity, where police exists only as a sort of “formality”.
_____
^* Regarding the skirt thing, the metaphor is not mine but Rianne’s as she found their language rather patronising and offensive. “Not sure the skirt metaphor helps,” one person remarked, as “maybe it is better to just say right out that the cops are engaged in victim blaming” and one “might then add that they are patronising and offensive, too, in addition to blaming the victims, as it appears standard operating procedure for them across a wide range of crime categories.”

^** Remember the undercover investigation of Action Fraud, which was accused of insulting victims instead of helping them. Inadequate training and poor recruitment can lead to such low standards of response. This needs to become widespread knowledge and even mainstream TV (public broadcasting) took note of it in recent years.

^*** Cops should really be more than just some folks in uniform with a public-facing Web site. Work needs to be done, otherwise crime flourishes and criminals are emboldened to commit more crime, seeing they suffer no consequences. They become “repeat criminal“.

^**** As we stated some hours ago, this isn’t some “uniquely British” thing. As Ryan from Illinois (United States) recalls: “You might mention that while the police had no time to take a report of Maricel’s murder-for-hire scheme and insurance fraud, they had plenty of time to come out and frame me for being the responsible party in a car accident, and they even cited a law and showed a diagram of the accident that showed I did nothing wrong. I still had to pay $700 to fix my car and $400 for a traffic lawyer to beat the ticket. They let people who were on parole in another state that didn’t have a driver’s license or any form of insurance go. They have plenty of time to come out and frame people they don’t like. Maybe the Waukegan police saw that I was gay (there with my spouse) and shoved the ticket in my hand and laughed. Maybe they really are that stupid. Who knows? When you call the police and they show up, they’re as dangerous to you as they are to anyone else. They may take no action against the criminal and frame you while they’re there. They seem to have a rule in Waukegan that every time there’s an accident, someone gets a ticket. It’s a way for them to make money. You should see how the traffic courts work here. Boom boom boom. Hundreds of thousands of dollars a day in ticket revenue. Everyone pleading guilty to something to avoid their insurance going up. The judge doesn’t even pretend to care if any of them have done something wrong or they just want it to stop. It’s like criminal court only worse. I think I was the only one to fight them and they were so unprepared to stop and handle it that they actually let me go.”