Slashdot Mirror
Identity Theft From Tossed Airline Boarding Pass?
crush writes "The Guardian newspaper has a great story about how the gathering of information for 'anti-terrorist' passenger screening databases allowed a reporter and security guru Adam Laurie to lay the groundwork for stealing the identity of a business traveller by using his discarded boarding-pass stub." From the article: "We logged on to the BA website, bought a ticket in Broer's name and then, using the frequent flyer number on his boarding pass stub, without typing in a password, were given full access to all his personal details - including his passport number, the date it expired, his nationality (he is Dutch, living in the UK) and his date of birth. The system even allowed us to change the information."
Ever since 9/11, I refuse to travel by air. Not because of the scary terrorists, but because of my scary government. While the article talks about a UK program with bad security, the author is clear that this is all because of pressure from the United States.
I sent an email to the TSA a while ago telling them that I despise their spying programs and I am boycotting the airline industry. I don't want to be treated like a second-class citizen, spyed on, and my rights violated. Sure, the majority of airline passengers don't have a problem, but there are a significant quantity that do hit security snags on a daily basis. What has this increased illusion of security bought us? Pork. We haven't caught terrorists because of spending on ineffective security programs. Each alleged terrorist since 9/11 was caught because of people. People who thought something was wrong -- the shoe bomber who had trouble with his bomb, and passengers and flight attendants handled the situation. Not computers, not databases. People.
As far as I'm concerned, the airline industry can rot in hell for giving in to government pressure. They know these security programs do nothing more than waste money on pork and make certain politicians feel smug, earning brownie points with their constituents. Until the government gets a clue, I will not fly. If the airlines suffer, so be it. Money is what drives this country. Maybe when the government realizes that the airlines aren't making money, someone, somewhere, will get a clue and start implementing good security that does not violate our privacy.
24 beers in a case, 24 hours in a day. Coincidence? I think not!
I doubt "Mrs." Broer will ever throw away her airplane ticket stub again!
My work here is dung.
There are shills on slashdot. Apparently, I'm one of them.
..under the UK's Data Protection Act. See http://www.dataprotection.gov.uk/ for details...
From the artice: Using this information and surfing publicly available databases, we were able - within 15 minutes - to find out where Broer lived, who lived there with him, where he worked, which universities he had attended and even how much his house was worth when he bought it two years ago. (This was particularly easy given his unusual name, but it would have been possible even if his name had been John Smith. We now had his date of birth and passport number, so we would have known exactly which John Smith.)
Laurie was anything but smug.
"This is terrible," he said. "It just shows what happens when governments begin demanding more and more of our personal information and then entrust it to companies simply not geared up for collecting or securing it as it gets shared around more and more people. It doesn't enhance our security; it undermines it.
Anything that has even one piece of critical information on it (name, address, account numer of any sort, etc.) is vulnerable. That's why my shredder works overtime. I don't throw boarding passes away; I have quite a collection of them from my trips to Europe and the ones I don't want get consigned to the shredder. You can't take for granted that once you toss away a piece of paper, it will be on its way to the landfill soon enough. Trash may sit unattended for hours, even at a busy airport, and is a ripe picking ground. Mind you, I think airport security might look at you funny if you were poking around in all the trash cans, but you never know.
GetOuttaMySpace - The Anti-Social Network
I even shred my scratch pad, sticky notes and code written on napkins.
He who knows best knows how little he knows. - Thomas Jefferson
Shredder? I really don't know if this is common knowledge/thought/attitude, but keep everything with your name and and identifying number on it until you have access to a shredder.
Shred anything with more then one piece of identifying information on it. Examples: Name and address (junk mail), Name andSSN (should know this by now), Name and phone# (yeah, it's in phone book, but don't let it float around). There are tons of combinations. I'd go so far as to shred directions from and to a destination, or even ATM receipts.
You'd be suprised how much seemingly worthless information can be compiled to gain terrific insight into people.
At the expense of sounding paranoid, I even shred my baggage check tickets (Name+flight#+someID#).
The important thing is that you will not be allowed on an international flight without showing a valid passport. BA boarding procedures mandate a check of the passport against the ticket at the gate. This is kind of necessary now that outbound passengers from the UK are very rarely checked by immigration. True, an airline is unlikely to even have a UV light let alone a scanner there so it may be possible to get through with a forged passport.
See my journal, I write things there
Yesterday I was stopped by a cop in the Concord, MA national park because the muffler on my old vw bus was a bit loud. I handed him my Vermont driver's license, which is a bit of paper with no SSN, only a coded address and no photo. His response- "What's this". "My driver's license" I replied. "Well how do they hope to stop terrorists with this?"
Being an opponent of the current craze for every more comprehensive and intrusive IDs and ID checks here in the US, I hope some proponents of the Real ID act will pay heed to unintended consequences of this absurdity.
I dont like all the pointless security either but some of it is defintely neccessary, and that wasn't the case on US internal airlines pre-September 2001. And anyway people need to see security at airports/on planes, in order to allievate fear of flying, which many people had after 9/11 and which would of course impact on the number of passengers.
If this were really happening, what would you think?
Comment removed based on user account deletion
On 2004 I travelled a lot to USA.
This don't seem to be much, but I was "selected" for manual scanning of my handbag in almost every USA airport.
Common sense and good diplomatics told me to accept that and never question authorities when you are a foreign citizen, but on the last scan, at MIA airport, though I created the guts to ask the nice TSA security agent why I was being scanned over and over. The answer shocked me: "It is all that electronics you carry. Makes very difficult to see what you have". I always carried my cellphone, myPDA, my digital camera and my CD player with me, on the same bag, and it really looked a mess.
The funny thing: I felt safer, because they were really looking at the x-ray. The only time I got stopped by airport security where I live, was because I told the guys my cellphone never made those portals beep... THAT DAY, it beeped!!!
"There is always an easy solution to every human problem -- neat, plausible, and wrong."
H. L. Mencken
https://www.nwa.com/cgi-bin/res_info.pro
First about the BP stubs. Info on the BP stubs, is in plain sight for the TRAVELER information. If the traveller then drop it it is a stupidity concern, not a security concern. For example, Would you throw out a bank receipt with your account sold, bank account, bank name, signature and all the tralala out ? This is the same problem here.
Now the fact they could buy a document in the name of the pax on an unsecurised web site IS a concern.
As for APIS, having worked on the implementation on a main frame for a big airline, we used to joke a LOT about US version of security.
Pay Cash ? You automatically get flagged as suspectful. Pay with CC ? This is seen as OK. Be a frequent traveller ? You are automatically flagged as safe. Take only a one way ticket ? Be preparred for the "glove" search... Knowing the rule it would be blantantly easy to bypass this check (take a round trip, on a frequent flyer, using a CC, do it 10 times, then afterward you are a "safe" traveller...). We always laughed at the stupidity of that. I left shortly afterward so I dunno if the US kept that security concept today.
I have to admit I am shocked, I didin't think they had any right to do so.
I thought that runways were a kind-of international territory? Thereby allowing people to get transferring flights without going through passport control (which acts as the the offical border) and be a passenger on a plane that refuels without getting visas for the land in which they are only sitting on a runway. Does the US government really have the right to do this? I mean they couldn't stop a plane flying from Canada to Mexico because the people inside dont have entry visas for the US or havent taken US mandated security procedures, could they?
If this were really happening, what would you think?
The fact that the information was on the stub and was easily retreivable shouldn't come as a surprise to anyone. Companies are way too free with where they put such information. Companies need to be held accountable for such things. Casinos actually do things the right way in this case. Loyalty cards and cash out tickets are usually encoded only with an ID number and no more. PINs, address information and such are almost never included.
DeviantArt Page
NSFWthe author is clear that this is all because of pressure from the United States.
I am a Norwegian, and I am saddened by the new religion that has Europe in it's grips. There are various sects in this religion, but they all have one thing in common, the big "Satan" is the US of effing A. Anything bad that goes on in the world is the fault of the US. This article, and the response to it, is an example of how fanatics suffering from this religion think.
The system they hacked was the BA frequent flyer system. This system has nothing to do with passenger security or US national security. This is a convenience system made so that BA passengers easily can buy tickets, earn miles, buy upgrades etc. This system shouldn't have information such as the passport number. The fact that it does is an internal matter for BA and has absolutely nothing to do with the USA.
I travel a lot for business and I am a member of most of the frequent flyer systems in Europe and the US, but not BA since I am already a member of one of their co-shares. None of the airlines have my passport number stored on the frequent flyer site. Not one of them.
This is an internal BA problem, BA should never have had the passport number stored on the FF site, they should never allow this to be accessed without a password etc.
Blaming the US for this is ridiculous in the extreme. The US has nothing to do with how an airline designs its Frequent Flyer website, and no, the US does not require that your passport number of other personal information is stored on the FF site or anywhere else for that matter. They only require the information be sent before you board the plane.
Sadly, the new European religion requires full frontal lobotomy prior to joining, something that has not reduced the number of Europeans who sign on.
Well, in that case I say we start nabbing the mexican grannies and the hippies too. Sounds fair to me. ;)
If I was looking for sensitive info on a street on garbage day I'd look for the shredded stuff. Also, of course, you can put it back together.
When your diet is dictated by your religion, there's no reason for two religions to follow the same diets. Even if they are from the same area. They are remarkably similar, though. And it's not just regional, there are plenty of foods available in the area that pose no health risk, yet Jews are not allowed to eat them anyway. It's rather arbitrary at times... outside of religious context, of course: they consider their reasons "good").
I haven't seen him in forever. All he does is hang out with Krang in Dimension X anymore...
I knew there was a reason my boarding passes went into the shredder when I got home...
Disinfect the GNU General Public Virus!
This whole article sounds like complete and utter bullshit.
e n_gb and look on the right side of the screen, you'll see you need a password along with your ID to access the site. So either 1) the person had no password (doubtful, most sites won't permit a blank password), or 2) he's lying. I'll go with #2 and assume he's lying. Since he's lying about how he got the information, it can be safely assume he made up everything else in the article.
First, the writer said he logged into BA's site, using only the supposed victim's frequent flyer number. But if you go to http://www.britishairways.com/travel/home/public/
As for the rest of the article, it might be accurate, but somehow I doubt that. The whole thing just utterly fails to pass the smell-o-scope test, pegging right between 'horse manure' and 'grade A Kentucky bullshit'.
God invented whiskey so the Irish would not rule the world.
Halal is very similar to kashrut (the jewish dietary law.) In fact, Halal is generally more permissive with the exception that alcohol is completely forbidden, and the Dhabia, which is the permissible method to slaughtering animals. Basically, this requires that animals be pointed towards Mecca and slaughtered in the name of Allah. Many more liberal muslims will simply take kashrut as good enough, and some further simply do not eat pork and ignore the Dhabia. However, conservative Muslims will not break strict halal unless doing otherwise will cause starvation. One can assume that an extremely conservative Muslim who is on his way to perform what he considers to be a holy act will not break halal. Although for some reason It seems that fasting would be a more appropriate course of action. But then not eating your meal would probably be considered suspicious by the airlines.
Comment removed based on user account deletion
Ah, but when other people hear about and see this, they'll nod, saying: Our government is doing something with it. and instantly believe that there's more going on. That this is just the surface and so on.
Alas! The government has succeded in their mission; creating a distraction to hide their incompetence. The truth, which anyone with common sense would see, is that nobody has any good idea as to how to stop a would-be illdoer.
Why? Since he's not wearing his Terrorist badge, obviously.
You cannot bind a creative mind.
BTW, the WTC 9/11 was not as original as I first thought. A B-25 bomber crashed into the Empire State Building back in 1945.
Defining Statistics and Social Research
well, being as they tend to be recruiting people who you would never expect to be terrorists, i would say that would be semi-likely.
upon the advice of my lawyer, i have no sig at this time
She looked like she had never seen one before and told me she would have to check with her boss. She walked it over to him, he looked at it with a disbelieving look, looked at me, looked back at the passport, and then shook his head "no". She came back to me and asked if I had a driver's license or state ID or something.
So, I pulled out my Japanese Alien Registration card (which has some English, but is primarily written in Japanese...still it has my DOB on it) and handed it to her while saying, "I don't live in the US."
The waitress looked kind of shocked, and took it over to the manager. He looked shocked. My sister said, "Oh, give us a break. He works in Japan. He has just shown you two IDs. Let him have a beer."
They finally served me, with a snarky comment from the manager saying, "Best fake ID I've ever seen."
"Empathise with stupidity, and you're halfway to thinking like an idiot." - Iain M. Banks
I just got back from Interop in Vegas (yeah, it rocked) and flying just sucks anymore. I was wearing flip flops and they insisted I take them off and send them through the xray machine! Another guy I was traveling with had to go to the counter because his name is "John White" and they thought it might be an alias for some Muslim suicide loser...the dude couldn't be any more gringo! Next time we are just going to drive, since I live in Arizona it shouldn't take much longer.
Bleedin' liberals, always free with the truth.
The only major shift in U.S. airline security practices as they directly affect passengers is that those measures previously ubiquitous in international travel are now used for domestic travel as well--and some of the gizmos have gotten a bit better. I've been travelling internationally for 25 years and save for updating the X-Rays and adding aerosol analyzers to the routine, I feel no more violated by U.S. security measures than I did twenty years ago going through, say, British customs who rifled through every panty and sock of every passenger on every plane...and why was that? Ta-dah, terrorists! Better known as "the Irish."
Want to talk of government policy being _really_ personally invasive? Try Australia in the late 80's--when they mandated that all inbound planes be fumigated with pesticide...with the passengers still inside. I haven't been back, so I don't know if they still do that, but damn, talk about being violated, yet people bitch that the U.S. wants them to take off their shoes--and yes, I got flagged for extra screening twice this weekend, flying domestically and the worst offense I felt was when they confiscated my $0.99 cigarette lighter. Silly? Yeah, maybe, but not as silly as dumping out the entire contents of my luggage to separately send my toothbrush and razor through the X-Ray at Heathrow.
I'm not sure if Halal certification insists on anything more than the way the animal is killed (a neck slash and blood drained from the corpse). I don't think it would insist on non-battery or free-range chickens, for example, but may insist on cattle not fed foodstuffs derived from other animal material.
The target group of these seemingly stupid scans is IMHO the hypothetical "zombied" average grass-roots terrorist, i.e., somebody who isn't an actual operative of a terror cell, but, rather, someone indoctrinated by some extremist brainwash --- doesn't matter what ideology we're talking about. Such person will assumingly be stupid enough to be easily caught in the stupid checks. OTOH, seeking reason behind actions of huge government entities like the military is often stupid in itself, so maybe you should ignore my post altogether...
VKh
Once you do that, shred the shredder. You can't be too careful.
If this is true, then I have alot less respect for the EU and their ability to effectively manage their own security.
A bit amusing, although I doubt this happens all the time.
:wq
They're certainly more likely to be carrying weapons right now. Hey, you're just got to recruit one of them. The six other guys, who are suspicious-looking Arab men, can just get their weapons from that person once they're on the plane.
And how the hell do you know they're those things? I'm pretty certain there's a type of behavior called 'acting', where you pretend to be something you're not.
And I think you're ignoring the 60, in which there were, indeed, 'terrorist hippies'. Have you ever heard of the Weather Underground? They considered themselves at war with the US, and started bombing it. Repeated. While they didn't delibrately target civilians, it's somewhat hard to miss them when you blow up police stations and courthouses. (And they also attacked Gulf Oil offices.)
I can't think of any action in recent years by any 80 year old women, but it's not impossible for a 50 year old women to look and act like an 80 year old women, and assuming that Mexicans would never commit terrorist acts is to not watch the news, because a lot of them are getting rather pissed at the US over this illegal immigration thing. I'm sure there's at least one who could get unstable to the point of attacking the US. (Talk about the ultimate self-defeating action.)
And, of course, this is ignoring one of the biggest risk groups: Americans who are pissed at their government. This can be someone at any end of the political spectrum, from the far-religious to the far-socialist to the far-libertarian. (Who, respectively, tend to be militant about the lack of religion, the government letting poor people die, and too much taxes.) And I'm sure I forgot at least one 'far' in there.
If corporations are people, aren't stockholders guilty of slavery?
However, neither has pork, or shellfish, or a few other things. And hence if someone doesn't care about having their food 'certified', they just don't want to take a big bite of pork, the 'other' kind of food is fine.
And the GP is right, Jewish and Arab traditions are very very close in many ways, because they originally were the same, and because they have always lived in the same part of the world. Any similarities between Islam and Judism is almost always because Islam was almost entirely an Arab religion at the start. I.e., Semitic to Arab to Muslim, and Semitic to Jewish people to Jewish religion.
Whereas Christianity wandered off to Europe, and the European 'pagan' people within 100 years, so sucked up all those traditions. While Islam and Judism are single religions that came out of the same sets of people, Christianity is almost that same thing, out of the same people, applied to an entirely different set of people.
If corporations are people, aren't stockholders guilty of slavery?
We hand the shredded paper to our pet rats to use as bedding. This imparts it with a certain ambience that discourages any further perusal, while simultaneously providing the little ones with nest-building fun.
There are up to two people involved in an airline ticket purchase: The person taking the flight, and the person PAYING for the flight. Usually they are the same person but sometimes they are not, and if not, you want to know who both people are. It would be handy to know if the president of a terrorist-connected charity is buying airplane tickets for people, for example, so you can give those people an extra look.
You think the system is "Pay with credit card, no suspicion." It's not. The system is "average person pays with credit card for tickets on a flight they are taking, little suspicion". If you pay for someone else's ticket who isn't a family member or employee, that adds scrutiny. If you paid for a ticket on a flight you are not taking, more scrutiny. If you're the president of a non-profit with terrorist ties and buy a ticket for someone else (even using your credit card), that gets even more scrutiny.
Knowing who is paying for the ticket (especially when that person is not flying on that plane) is an important item that figures into assessing the risk posed by particular passengers. You don't know who is paying for the ticket when it is bought with cash, and lacking that information increases the risk posed by that passenger and thus reasonably increases the scrutiny you apply to that passenger.
Tracking the flow of money is a very important part of tracking criminals.
paintball
And yet the little wipe said all was well. Either it's sufficiently selective to spot the difference between propellant and explosives. Or it's nonsense.
ian
Second, and you can quote me on this,
DUH.
You've got a piece of paper with your name and potentially a receipt (some airlines print their receipts on the tickets, which sometimes also form the boarding pass). You should destroy any piece of paper with your name on it. If you don't understand that, then you don't understand how to protect yourself against identity theft. Smart people have been shredding their used boarding passes for years.
-- "In order to have power, I must be taken seriously." -Mojo Jojo
What happens if you refused to be photo'd and fingerprinted?
And I presume that you did not have previous warning about the stop. If you did, then disregard my question. But if it was a surprise to the passengers, I am curious what happens if one of the passengers doesn't cooperate.
On sites like FlyerTalk there are numerous threads about shoe carnival airports. Basically, if you do not take off your shoes and do not set of the alarm, all you have to get is a swab of your shoes to test for explosives residue. If they do anything more to you it's against TSA regulations and you should file a complaint form. Of course you always have a chance at a retaliatory screening. Some airports are better than others. Basically, if we stop taking off our shoes that do not set off the detector, we will teach the TSA that a full secondary screening is unnecessary.
-Palal
Recently, my wife got on my case because I left my mail in the back seat of my car "somebody can see and know your address!"
So? What good does it do a burgler to know my address? Unless that burgler figures that somebody who drive a 1992 Ford Festiva has untold riches. Why would the burgler target my house instead of somebody elses?
Then on the news, I hear that people are stealing cars to steal identies. They get the identity from the registration and insurance. WTF? What information does my registration and insurance card have that would allow somebody to steal my identity?
Some of the changes since 9/11 are completely illogical.
One that really annoys me is forbidding small knives/tools/nail clippers in carry-ons. I always keep a Swiss Army knife in my briefcase; just a geek thing to do I guess. However, on my last trip, I forgot to take it out of my bag; it got flagged in x-ray, big commotion etc. I was allowed to ship it home for $15 dollars.
Here's my point. If something goes wrong, you NEED to have bystanders who can take some action, hence they could use the tools/knives etc.
Look at the "United 93" (I hope I've got that right) scenario. The ONLY thing that saved the US Capitol is passengers who could take action. I really wonder what we've learned collectively after 9/11.
sigs are for losers (except to point out that sigs are for losers)
Well how do they hope to stop terrorists with this
Here's how to answer that.
"All the 9/11 terrorists had valid ID, and used those valid photo ID to get on airplanes. Imagine how different 9/11 would have been if they had shown up that day with non-photo Vermont driver's licenses. So the question really is...how can you stop terrorists with a photo ID?"
Apparently, all you have to do is present something that looks like an ID, and claim it is one. The officer shrugs, thinks "Oh, well, what do I know?", and waves you on. Fun.
Lies about crimes
Same as in the copyright discussions. 'Fraud' does NOT equal 'theft'!
No one can STEAL your name or who you are! They can fraudulently use your name, SSN, etc, but you cannot have your name STOLEN! It is impossible.
Can we PLEASE quit calling it "identity theft" and use a more accurate description of "identity fraud".
Libertas in infinitum
They don't allow Tennis Racket as Carry-on item because we could use it hit people in the plane. But they allow Camera Tripod, 3 long metal pole, because it's not on their list of dangerous item. Pretty Stupid
Kosher is similar to Halal, but far more restrictive.
...etc are out. Halal allows basically anything from the sea.
They both forbid eating of dead animals (road kill is out!), or those killed by suffocation or any other means than that is prescribed, animals killed in the name of other Gods, pork, and blood.
Given the shared heritage, they both share some exotic food, such as locusts, which is only practiced today in the heartlands of Arabia.
Kosher forbids mixing of dairy and meat, and orthodox Jews would keep separate fridges and china sets for each of those. Halal does not have this restriction (so cheesburgers are OK, hold the bacon though).
Kosher calls for a qualified butcher (Schohet?) to use one pass of the knife across the animal's neck to kill it, while halal does not prescribe a number.
Kosher forbids any seafood that does not have scales and fins, so basically shrimp, lobster, clams, mussels, squid,
Kosher prescribes a certain method to extract the sciatic nerve from the hindquarters of the animal, which is a very labor intestive process, as well as certain fat in certain areas. Halal does not have these restrictions.
Kosher allows alcoholic beverages, Halal forbids them.
The short form of the rule is that Kosher is a subset of halal, with the exception of alcohol.
As a side note, neither Kosher nor Halal are proper names for the dietary laws and rules. Halal simply means 'permissible' in Arabic, and is not used in the context of dietary law in the Arabic speaking countries. It became a special term in non-Arabic speaking countries (mainly Indian subcontinent), and spread into the West. Also, Muslims from India/Pakistan and more restrictive than Arab Muslims in certain aspects of halal (e.g. a Pakistani would never eat a burger in the USA at McDonalds but an Egyptian would most likely do so).
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
Kosher is acceptable to the vast majority of Muslims, with the exception of alcohol. This is from a verse in the Quran allowing meat from "people of the book" to be consumed by Muslims.
...etc.)
Kosher forbids shellfish, but halal does not. See more details in this comment.
As for your analysis of Christianity vs. other semitic religions, and the role of Europe, this is correct, although it started earlier than that in the Council of Jerusalem, where the debate was : "Are Christians supposed to keep Jewish laws, or not?".
Europe had a profound effect on the development of Christianity, and even Judaism. As an example, all semitic traditions allowed polygamy, and it was practiced by Jews up to the 11th century. Ashkenazi Jews forbid the practice at that time (Rabbi Gershom). Jews living in Muslim lands continued to practice it (e.g. in Yemen and Iran).
Christianity on the other hand kept with Roman customs in marriage and forbade polygamy (St. Augustine mentioned that keeping with Roman custom was one reason not to continue the otherwise biblical practice).
Of the Abrahamic Faiths, the amount of similarities Jews and Muslims share is astounding. Too bad that the political situation in the past decades have clouded this. Christianity was supposed to be close too, but took its own theological path that is different from the faith that preceded and followed it, as well as relaxing the Jewish laws as well (not only food, but polygamy, divorce,
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.