Slashdot Mirror

← Back to Stories (view on slashdot.org)

Identity Theft From Tossed Airline Boarding Pass?

Posted by ryuzaki0 on from the just-ouch dept.

crush writes "The Guardian newspaper has a great story about how the gathering of information for 'anti-terrorist' passenger screening databases allowed a reporter and security guru Adam Laurie to lay the groundwork for stealing the identity of a business traveller by using his discarded boarding-pass stub." From the article: "We logged on to the BA website, bought a ticket in Broer's name and then, using the frequent flyer number on his boarding pass stub, without typing in a password, were given full access to all his personal details - including his passport number, the date it expired, his nationality (he is Dutch, living in the UK) and his date of birth. The system even allowed us to change the information."

8 of 297 comments (clear)

  1. Boycott by The+Snowman · · Score: 5, Insightful

    Ever since 9/11, I refuse to travel by air. Not because of the scary terrorists, but because of my scary government. While the article talks about a UK program with bad security, the author is clear that this is all because of pressure from the United States.

    I sent an email to the TSA a while ago telling them that I despise their spying programs and I am boycotting the airline industry. I don't want to be treated like a second-class citizen, spyed on, and my rights violated. Sure, the majority of airline passengers don't have a problem, but there are a significant quantity that do hit security snags on a daily basis. What has this increased illusion of security bought us? Pork. We haven't caught terrorists because of spending on ineffective security programs. Each alleged terrorist since 9/11 was caught because of people. People who thought something was wrong -- the shoe bomber who had trouble with his bomb, and passengers and flight attendants handled the situation. Not computers, not databases. People.

    As far as I'm concerned, the airline industry can rot in hell for giving in to government pressure. They know these security programs do nothing more than waste money on pork and make certain politicians feel smug, earning brownie points with their constituents. Until the government gets a clue, I will not fly. If the airlines suffer, so be it. Money is what drives this country. Maybe when the government realizes that the airlines aren't making money, someone, somewhere, will get a clue and start implementing good security that does not violate our privacy.

    --
    24 beers in a case, 24 hours in a day. Coincidence? I think not!
    1. Re:Boycott by Whiney+Mac+Fanboy · · Score: 3, Insightful
      Wow. Dutch citiczen. UK government. Still US's fault.

      Maybe you should have read the article before commenting:
      [the boarding pass] would also serve as the perfect tool for demonstrating the chaotic collection, storage and security of personal information gathered as a result of America's near-fanatical desire to collect data on travellers flying to the US....
      --
      There are shills on slashdot. Apparently, I'm one of them.
    2. Re:Boycott by MyLongNickName · · Score: 3, Insightful

      Maybe you shouldn't automatically suck down everything a news article tells you. I did RTFA. However, the US is allowed to make lawas about who can come into their country. Other countries have to respect those rules. If those countries choose to allow insecure systems like this to come into place, then that is THEIR problem, not ours.

      Our problem is that we have elected people who put moronic rules into place.

      --
      See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
    3. Re:Boycott by Jedi+Alec · · Score: 3, Insightful

      However, the US is allowed to make lawas about who can come into their country.

      Indeed they are. Good thing the rest of us are allowed to take a hint and decide we're not welcome. Guess we'll just go somewhere else with our business.

      --

      People replying to my sig annoy me. That's why I change it all the time.
  2. Halal == potential terrorist? by Whiney+Mac+Fanboy · · Score: 4, Insightful
    "The problem is that if the system doesn't have a lot of information on you, or you have ordered a halal meal, or have a name similar to a known terrorist, or even if you are a foreigner, you'll most likely be flagged amber and held back to be asked for further details" [emph mine]
    WTF? I didn't think the US did racial profiling - this is quite sad for Muslims (as well as people like me, who just order different 'special' [I like kosher] meals at random). Not only that, it's not going to help fight terrorists, just irritate the law-abiding.

    --
    There are shills on slashdot. Apparently, I'm one of them.
  3. Anyone ever heard of a by dedeman · · Score: 5, Insightful

    Shredder? I really don't know if this is common knowledge/thought/attitude, but keep everything with your name and and identifying number on it until you have access to a shredder.

    Shred anything with more then one piece of identifying information on it. Examples: Name and address (junk mail), Name andSSN (should know this by now), Name and phone# (yeah, it's in phone book, but don't let it float around). There are tons of combinations. I'd go so far as to shred directions from and to a destination, or even ATM receipts.

    You'd be suprised how much seemingly worthless information can be compiled to gain terrific insight into people.

    At the expense of sounding paranoid, I even shred my baggage check tickets (Name+flight#+someID#).

  4. Shouldn't come as a surprise by slusich · · Score: 3, Insightful

    The fact that the information was on the stub and was easily retreivable shouldn't come as a surprise to anyone. Companies are way too free with where they put such information. Companies need to be held accountable for such things. Casinos actually do things the right way in this case. Loyalty cards and cash out tickets are usually encoded only with an ID number and no more. PINs, address information and such are almost never included.

    --

    DeviantArt Page

    NSFW
  5. Dumbest thing I've ever read by terjeber · · Score: 5, Insightful

    the author is clear that this is all because of pressure from the United States.

    I am a Norwegian, and I am saddened by the new religion that has Europe in it's grips. There are various sects in this religion, but they all have one thing in common, the big "Satan" is the US of effing A. Anything bad that goes on in the world is the fault of the US. This article, and the response to it, is an example of how fanatics suffering from this religion think.

    The system they hacked was the BA frequent flyer system. This system has nothing to do with passenger security or US national security. This is a convenience system made so that BA passengers easily can buy tickets, earn miles, buy upgrades etc. This system shouldn't have information such as the passport number. The fact that it does is an internal matter for BA and has absolutely nothing to do with the USA.

    I travel a lot for business and I am a member of most of the frequent flyer systems in Europe and the US, but not BA since I am already a member of one of their co-shares. None of the airlines have my passport number stored on the frequent flyer site. Not one of them.

    This is an internal BA problem, BA should never have had the passport number stored on the FF site, they should never allow this to be accessed without a password etc.

    Blaming the US for this is ridiculous in the extreme. The US has nothing to do with how an airline designs its Frequent Flyer website, and no, the US does not require that your passport number of other personal information is stored on the FF site or anywhere else for that matter. They only require the information be sent before you board the plane.

    Sadly, the new European religion requires full frontal lobotomy prior to joining, something that has not reduced the number of Europeans who sign on.