Slashdot Mirror
Identity Theft From Tossed Airline Boarding Pass?
crush writes "The Guardian newspaper has a great story about how the gathering of information for 'anti-terrorist' passenger screening databases allowed a reporter and security guru Adam Laurie to lay the groundwork for stealing the identity of a business traveller by using his discarded boarding-pass stub." From the article: "We logged on to the BA website, bought a ticket in Broer's name and then, using the frequent flyer number on his boarding pass stub, without typing in a password, were given full access to all his personal details - including his passport number, the date it expired, his nationality (he is Dutch, living in the UK) and his date of birth. The system even allowed us to change the information."
Ever since 9/11, I refuse to travel by air. Not because of the scary terrorists, but because of my scary government. While the article talks about a UK program with bad security, the author is clear that this is all because of pressure from the United States.
I sent an email to the TSA a while ago telling them that I despise their spying programs and I am boycotting the airline industry. I don't want to be treated like a second-class citizen, spyed on, and my rights violated. Sure, the majority of airline passengers don't have a problem, but there are a significant quantity that do hit security snags on a daily basis. What has this increased illusion of security bought us? Pork. We haven't caught terrorists because of spending on ineffective security programs. Each alleged terrorist since 9/11 was caught because of people. People who thought something was wrong -- the shoe bomber who had trouble with his bomb, and passengers and flight attendants handled the situation. Not computers, not databases. People.
As far as I'm concerned, the airline industry can rot in hell for giving in to government pressure. They know these security programs do nothing more than waste money on pork and make certain politicians feel smug, earning brownie points with their constituents. Until the government gets a clue, I will not fly. If the airlines suffer, so be it. Money is what drives this country. Maybe when the government realizes that the airlines aren't making money, someone, somewhere, will get a clue and start implementing good security that does not violate our privacy.
24 beers in a case, 24 hours in a day. Coincidence? I think not!
I doubt "Mrs." Broer will ever throw away her airplane ticket stub again!
My work here is dung.
There are shills on slashdot. Apparently, I'm one of them.
..under the UK's Data Protection Act. See http://www.dataprotection.gov.uk/ for details...
From the artice: Using this information and surfing publicly available databases, we were able - within 15 minutes - to find out where Broer lived, who lived there with him, where he worked, which universities he had attended and even how much his house was worth when he bought it two years ago. (This was particularly easy given his unusual name, but it would have been possible even if his name had been John Smith. We now had his date of birth and passport number, so we would have known exactly which John Smith.)
Laurie was anything but smug.
"This is terrible," he said. "It just shows what happens when governments begin demanding more and more of our personal information and then entrust it to companies simply not geared up for collecting or securing it as it gets shared around more and more people. It doesn't enhance our security; it undermines it.
Anything that has even one piece of critical information on it (name, address, account numer of any sort, etc.) is vulnerable. That's why my shredder works overtime. I don't throw boarding passes away; I have quite a collection of them from my trips to Europe and the ones I don't want get consigned to the shredder. You can't take for granted that once you toss away a piece of paper, it will be on its way to the landfill soon enough. Trash may sit unattended for hours, even at a busy airport, and is a ripe picking ground. Mind you, I think airport security might look at you funny if you were poking around in all the trash cans, but you never know.
GetOuttaMySpace - The Anti-Social Network
I even shred my scratch pad, sticky notes and code written on napkins.
He who knows best knows how little he knows. - Thomas Jefferson
Shredder? I really don't know if this is common knowledge/thought/attitude, but keep everything with your name and and identifying number on it until you have access to a shredder.
Shred anything with more then one piece of identifying information on it. Examples: Name and address (junk mail), Name andSSN (should know this by now), Name and phone# (yeah, it's in phone book, but don't let it float around). There are tons of combinations. I'd go so far as to shred directions from and to a destination, or even ATM receipts.
You'd be suprised how much seemingly worthless information can be compiled to gain terrific insight into people.
At the expense of sounding paranoid, I even shred my baggage check tickets (Name+flight#+someID#).
The important thing is that you will not be allowed on an international flight without showing a valid passport. BA boarding procedures mandate a check of the passport against the ticket at the gate. This is kind of necessary now that outbound passengers from the UK are very rarely checked by immigration. True, an airline is unlikely to even have a UV light let alone a scanner there so it may be possible to get through with a forged passport.
See my journal, I write things there
Yesterday I was stopped by a cop in the Concord, MA national park because the muffler on my old vw bus was a bit loud. I handed him my Vermont driver's license, which is a bit of paper with no SSN, only a coded address and no photo. His response- "What's this". "My driver's license" I replied. "Well how do they hope to stop terrorists with this?"
Being an opponent of the current craze for every more comprehensive and intrusive IDs and ID checks here in the US, I hope some proponents of the Real ID act will pay heed to unintended consequences of this absurdity.
You shouldn't be able to use frequent flyer miles without typing a password. I have never been able to buy a ticket at Northwest or Hawaiian Air without my password.
BA needs to oupdate their security.
I dont like all the pointless security either but some of it is defintely neccessary, and that wasn't the case on US internal airlines pre-September 2001. And anyway people need to see security at airports/on planes, in order to allievate fear of flying, which many people had after 9/11 and which would of course impact on the number of passengers.
If this were really happening, what would you think?
Not funny. My employer expects me to do this.
Comment removed based on user account deletion
On 2004 I travelled a lot to USA.
This don't seem to be much, but I was "selected" for manual scanning of my handbag in almost every USA airport.
Common sense and good diplomatics told me to accept that and never question authorities when you are a foreign citizen, but on the last scan, at MIA airport, though I created the guts to ask the nice TSA security agent why I was being scanned over and over. The answer shocked me: "It is all that electronics you carry. Makes very difficult to see what you have". I always carried my cellphone, myPDA, my digital camera and my CD player with me, on the same bag, and it really looked a mess.
The funny thing: I felt safer, because they were really looking at the x-ray. The only time I got stopped by airport security where I live, was because I told the guys my cellphone never made those portals beep... THAT DAY, it beeped!!!
"There is always an easy solution to every human problem -- neat, plausible, and wrong."
H. L. Mencken
We should not do racial or religious profiling at all, since 80 year old mexican catholic ladies and white agnostic american hippies are just as likely to be terrorists as are middle-eastern muslim young adult males. Right? Right? Guys?
First about the BP stubs. Info on the BP stubs, is in plain sight for the TRAVELER information. If the traveller then drop it it is a stupidity concern, not a security concern. For example, Would you throw out a bank receipt with your account sold, bank account, bank name, signature and all the tralala out ? This is the same problem here.
Now the fact they could buy a document in the name of the pax on an unsecurised web site IS a concern.
As for APIS, having worked on the implementation on a main frame for a big airline, we used to joke a LOT about US version of security.
Pay Cash ? You automatically get flagged as suspectful. Pay with CC ? This is seen as OK. Be a frequent traveller ? You are automatically flagged as safe. Take only a one way ticket ? Be preparred for the "glove" search... Knowing the rule it would be blantantly easy to bypass this check (take a round trip, on a frequent flyer, using a CC, do it 10 times, then afterward you are a "safe" traveller...). We always laughed at the stupidity of that. I left shortly afterward so I dunno if the US kept that security concept today.
I have to admit I am shocked, I didin't think they had any right to do so.
I thought that runways were a kind-of international territory? Thereby allowing people to get transferring flights without going through passport control (which acts as the the offical border) and be a passenger on a plane that refuels without getting visas for the land in which they are only sitting on a runway. Does the US government really have the right to do this? I mean they couldn't stop a plane flying from Canada to Mexico because the people inside dont have entry visas for the US or havent taken US mandated security procedures, could they?
If this were really happening, what would you think?
The fact that the information was on the stub and was easily retreivable shouldn't come as a surprise to anyone. Companies are way too free with where they put such information. Companies need to be held accountable for such things. Casinos actually do things the right way in this case. Loyalty cards and cash out tickets are usually encoded only with an ID number and no more. PINs, address information and such are almost never included.
DeviantArt Page
NSFWI have never heard of halal before, what is it? some sort of Arab or Muslim diet, similar to Kosher for the Jews? I have always believed that Arabs and Jews eat about the same things, they belong to the same race (semitic) are original from the same part of the World, their eating habits must be similar.
the author is clear that this is all because of pressure from the United States.
I am a Norwegian, and I am saddened by the new religion that has Europe in it's grips. There are various sects in this religion, but they all have one thing in common, the big "Satan" is the US of effing A. Anything bad that goes on in the world is the fault of the US. This article, and the response to it, is an example of how fanatics suffering from this religion think.
The system they hacked was the BA frequent flyer system. This system has nothing to do with passenger security or US national security. This is a convenience system made so that BA passengers easily can buy tickets, earn miles, buy upgrades etc. This system shouldn't have information such as the passport number. The fact that it does is an internal matter for BA and has absolutely nothing to do with the USA.
I travel a lot for business and I am a member of most of the frequent flyer systems in Europe and the US, but not BA since I am already a member of one of their co-shares. None of the airlines have my passport number stored on the frequent flyer site. Not one of them.
This is an internal BA problem, BA should never have had the passport number stored on the FF site, they should never allow this to be accessed without a password etc.
Blaming the US for this is ridiculous in the extreme. The US has nothing to do with how an airline designs its Frequent Flyer website, and no, the US does not require that your passport number of other personal information is stored on the FF site or anywhere else for that matter. They only require the information be sent before you board the plane.
Sadly, the new European religion requires full frontal lobotomy prior to joining, something that has not reduced the number of Europeans who sign on.
...on my trip to the US (I was actually staying IN the USA for two weeks).
I met with the customs officer, he scanned my passport, asked me some questions and then said something like: "hrm, it doesn't usually do that", and send me off without any fingerprints or photographs being made.
Later I asked the person I was travelling with whether he had his fingerprints taken, and he said he did.
So it's not that important after all it seems - at least when computer breakdowns are concerned.
Well, in that case I say we start nabbing the mexican grannies and the hippies too. Sounds fair to me. ;)
If I was looking for sensitive info on a street on garbage day I'd look for the shredded stuff. Also, of course, you can put it back together.
These security experts are all talk. The big scoup is that he changes his own account details. Big whoppie! I bet the airline website just saved a login cookie. Try changing the personal info for another person. It does not work...
I haven't seen him in forever. All he does is hang out with Krang in Dimension X anymore...
I knew there was a reason my boarding passes went into the shredder when I got home...
Disinfect the GNU General Public Virus!
This whole article sounds like complete and utter bullshit.
e n_gb and look on the right side of the screen, you'll see you need a password along with your ID to access the site. So either 1) the person had no password (doubtful, most sites won't permit a blank password), or 2) he's lying. I'll go with #2 and assume he's lying. Since he's lying about how he got the information, it can be safely assume he made up everything else in the article.
First, the writer said he logged into BA's site, using only the supposed victim's frequent flyer number. But if you go to http://www.britishairways.com/travel/home/public/
As for the rest of the article, it might be accurate, but somehow I doubt that. The whole thing just utterly fails to pass the smell-o-scope test, pegging right between 'horse manure' and 'grade A Kentucky bullshit'.
God invented whiskey so the Irish would not rule the world.
Comment removed based on user account deletion
Ah, but when other people hear about and see this, they'll nod, saying: Our government is doing something with it. and instantly believe that there's more going on. That this is just the surface and so on.
Alas! The government has succeded in their mission; creating a distraction to hide their incompetence. The truth, which anyone with common sense would see, is that nobody has any good idea as to how to stop a would-be illdoer.
Why? Since he's not wearing his Terrorist badge, obviously.
You cannot bind a creative mind.
BTW, the WTC 9/11 was not as original as I first thought. A B-25 bomber crashed into the Empire State Building back in 1945.
Defining Statistics and Social Research
well, being as they tend to be recruiting people who you would never expect to be terrorists, i would say that would be semi-likely.
upon the advice of my lawyer, i have no sig at this time
She looked like she had never seen one before and told me she would have to check with her boss. She walked it over to him, he looked at it with a disbelieving look, looked at me, looked back at the passport, and then shook his head "no". She came back to me and asked if I had a driver's license or state ID or something.
So, I pulled out my Japanese Alien Registration card (which has some English, but is primarily written in Japanese...still it has my DOB on it) and handed it to her while saying, "I don't live in the US."
The waitress looked kind of shocked, and took it over to the manager. He looked shocked. My sister said, "Oh, give us a break. He works in Japan. He has just shown you two IDs. Let him have a beer."
They finally served me, with a snarky comment from the manager saying, "Best fake ID I've ever seen."
"Empathise with stupidity, and you're halfway to thinking like an idiot." - Iain M. Banks
I just got back from Interop in Vegas (yeah, it rocked) and flying just sucks anymore. I was wearing flip flops and they insisted I take them off and send them through the xray machine! Another guy I was traveling with had to go to the counter because his name is "John White" and they thought it might be an alias for some Muslim suicide loser...the dude couldn't be any more gringo! Next time we are just going to drive, since I live in Arizona it shouldn't take much longer.
Bleedin' liberals, always free with the truth.
The only major shift in U.S. airline security practices as they directly affect passengers is that those measures previously ubiquitous in international travel are now used for domestic travel as well--and some of the gizmos have gotten a bit better. I've been travelling internationally for 25 years and save for updating the X-Rays and adding aerosol analyzers to the routine, I feel no more violated by U.S. security measures than I did twenty years ago going through, say, British customs who rifled through every panty and sock of every passenger on every plane...and why was that? Ta-dah, terrorists! Better known as "the Irish."
Want to talk of government policy being _really_ personally invasive? Try Australia in the late 80's--when they mandated that all inbound planes be fumigated with pesticide...with the passengers still inside. I haven't been back, so I don't know if they still do that, but damn, talk about being violated, yet people bitch that the U.S. wants them to take off their shoes--and yes, I got flagged for extra screening twice this weekend, flying domestically and the worst offense I felt was when they confiscated my $0.99 cigarette lighter. Silly? Yeah, maybe, but not as silly as dumping out the entire contents of my luggage to separately send my toothbrush and razor through the X-Ray at Heathrow.
Have you considered that maybe the reason that YOU are treated like shit at airport security is because the security guys sense your Bull Shit Level and are specifically fucking with YOU?
I'm not sure if Halal certification insists on anything more than the way the animal is killed (a neck slash and blood drained from the corpse). I don't think it would insist on non-battery or free-range chickens, for example, but may insist on cattle not fed foodstuffs derived from other animal material.
The target group of these seemingly stupid scans is IMHO the hypothetical "zombied" average grass-roots terrorist, i.e., somebody who isn't an actual operative of a terror cell, but, rather, someone indoctrinated by some extremist brainwash --- doesn't matter what ideology we're talking about. Such person will assumingly be stupid enough to be easily caught in the stupid checks. OTOH, seeking reason behind actions of huge government entities like the military is often stupid in itself, so maybe you should ignore my post altogether...
VKh
Once you do that, shred the shredder. You can't be too careful.
If this is true, then I have alot less respect for the EU and their ability to effectively manage their own security.
A bit amusing, although I doubt this happens all the time.
:wq
They're certainly more likely to be carrying weapons right now. Hey, you're just got to recruit one of them. The six other guys, who are suspicious-looking Arab men, can just get their weapons from that person once they're on the plane.
And how the hell do you know they're those things? I'm pretty certain there's a type of behavior called 'acting', where you pretend to be something you're not.
And I think you're ignoring the 60, in which there were, indeed, 'terrorist hippies'. Have you ever heard of the Weather Underground? They considered themselves at war with the US, and started bombing it. Repeated. While they didn't delibrately target civilians, it's somewhat hard to miss them when you blow up police stations and courthouses. (And they also attacked Gulf Oil offices.)
I can't think of any action in recent years by any 80 year old women, but it's not impossible for a 50 year old women to look and act like an 80 year old women, and assuming that Mexicans would never commit terrorist acts is to not watch the news, because a lot of them are getting rather pissed at the US over this illegal immigration thing. I'm sure there's at least one who could get unstable to the point of attacking the US. (Talk about the ultimate self-defeating action.)
And, of course, this is ignoring one of the biggest risk groups: Americans who are pissed at their government. This can be someone at any end of the political spectrum, from the far-religious to the far-socialist to the far-libertarian. (Who, respectively, tend to be militant about the lack of religion, the government letting poor people die, and too much taxes.) And I'm sure I forgot at least one 'far' in there.
If corporations are people, aren't stockholders guilty of slavery?
We hand the shredded paper to our pet rats to use as bedding. This imparts it with a certain ambience that discourages any further perusal, while simultaneously providing the little ones with nest-building fun.
Comment removed based on user account deletion
There are up to two people involved in an airline ticket purchase: The person taking the flight, and the person PAYING for the flight. Usually they are the same person but sometimes they are not, and if not, you want to know who both people are. It would be handy to know if the president of a terrorist-connected charity is buying airplane tickets for people, for example, so you can give those people an extra look.
You think the system is "Pay with credit card, no suspicion." It's not. The system is "average person pays with credit card for tickets on a flight they are taking, little suspicion". If you pay for someone else's ticket who isn't a family member or employee, that adds scrutiny. If you paid for a ticket on a flight you are not taking, more scrutiny. If you're the president of a non-profit with terrorist ties and buy a ticket for someone else (even using your credit card), that gets even more scrutiny.
Knowing who is paying for the ticket (especially when that person is not flying on that plane) is an important item that figures into assessing the risk posed by particular passengers. You don't know who is paying for the ticket when it is bought with cash, and lacking that information increases the risk posed by that passenger and thus reasonably increases the scrutiny you apply to that passenger.
Tracking the flow of money is a very important part of tracking criminals.
paintball
And yet the little wipe said all was well. Either it's sufficiently selective to spot the difference between propellant and explosives. Or it's nonsense.
ian
Second, and you can quote me on this,
DUH.
You've got a piece of paper with your name and potentially a receipt (some airlines print their receipts on the tickets, which sometimes also form the boarding pass). You should destroy any piece of paper with your name on it. If you don't understand that, then you don't understand how to protect yourself against identity theft. Smart people have been shredding their used boarding passes for years.
-- "In order to have power, I must be taken seriously." -Mojo Jojo
What happens if you refused to be photo'd and fingerprinted?
And I presume that you did not have previous warning about the stop. If you did, then disregard my question. But if it was a surprise to the passengers, I am curious what happens if one of the passengers doesn't cooperate.
On sites like FlyerTalk there are numerous threads about shoe carnival airports. Basically, if you do not take off your shoes and do not set of the alarm, all you have to get is a swab of your shoes to test for explosives residue. If they do anything more to you it's against TSA regulations and you should file a complaint form. Of course you always have a chance at a retaliatory screening. Some airports are better than others. Basically, if we stop taking off our shoes that do not set off the detector, we will teach the TSA that a full secondary screening is unnecessary.
-Palal
Recently, my wife got on my case because I left my mail in the back seat of my car "somebody can see and know your address!"
So? What good does it do a burgler to know my address? Unless that burgler figures that somebody who drive a 1992 Ford Festiva has untold riches. Why would the burgler target my house instead of somebody elses?
Then on the news, I hear that people are stealing cars to steal identies. They get the identity from the registration and insurance. WTF? What information does my registration and insurance card have that would allow somebody to steal my identity?
Some of the changes since 9/11 are completely illogical.
One that really annoys me is forbidding small knives/tools/nail clippers in carry-ons. I always keep a Swiss Army knife in my briefcase; just a geek thing to do I guess. However, on my last trip, I forgot to take it out of my bag; it got flagged in x-ray, big commotion etc. I was allowed to ship it home for $15 dollars.
Here's my point. If something goes wrong, you NEED to have bystanders who can take some action, hence they could use the tools/knives etc.
Look at the "United 93" (I hope I've got that right) scenario. The ONLY thing that saved the US Capitol is passengers who could take action. I really wonder what we've learned collectively after 9/11.
sigs are for losers (except to point out that sigs are for losers)
Well how do they hope to stop terrorists with this
Here's how to answer that.
"All the 9/11 terrorists had valid ID, and used those valid photo ID to get on airplanes. Imagine how different 9/11 would have been if they had shown up that day with non-photo Vermont driver's licenses. So the question really is...how can you stop terrorists with a photo ID?"
Skin colour!
Greetings and blessings, holder of "JimBobJoe"!
I'v always thought that defamation of one's character is self-evident in anyone holding a driver license. The question answered long ago, by implications, is: what crime or tresspass has a man committed by his order, to be indebted to hold and present a license to qualify to be offered a ticket for a service? And foremost, why all the regulation only applies to a trust/person in that license, and not the man; none is done to recognize a man is even partaking on a service, except by the qualified admittions coaxing one to board such Craft. Why does a aeroplane-ticket require a driver license to move about on the common ways? Is it the driver license that is flying on the plane, or the man flying on the plane, or are they both flying on the plane in confederation but only one is verifiable/STRAWMAN?
Consider the fact that legislature created the form of name as First Middle Last, and then a State of the United States charters a corporation to incorporate the artificial person into FIRST MIDDLE LAST. The movement of words on paper, from prior art, is evidence that there are alter-ego involved in licensure.
When someone says they ways to fly somewhere, the truth is: man can't fly...only the plane can fly. When someone says they want to drive, the truth is: man can't drive...only the drivetrain under the car can drive. What can a man do, that the legislatures has already monopolized silent with their Acts?
without prejudice
Apparently, all you have to do is present something that looks like an ID, and claim it is one. The officer shrugs, thinks "Oh, well, what do I know?", and waves you on. Fun.
Lies about crimes
Same as in the copyright discussions. 'Fraud' does NOT equal 'theft'!
No one can STEAL your name or who you are! They can fraudulently use your name, SSN, etc, but you cannot have your name STOLEN! It is impossible.
Can we PLEASE quit calling it "identity theft" and use a more accurate description of "identity fraud".
Libertas in infinitum
They don't allow Tennis Racket as Carry-on item because we could use it hit people in the plane. But they allow Camera Tripod, 3 long metal pole, because it's not on their list of dangerous item. Pretty Stupid