Identity Theft From Tossed Airline Boarding Pass? 297
crush writes "The Guardian newspaper has a great story about how the gathering of information for 'anti-terrorist' passenger screening databases allowed a reporter and security guru Adam Laurie to lay the groundwork for stealing the identity of a business traveller by using his discarded boarding-pass stub." From the article: "We logged on to the BA website, bought a ticket in Broer's name and then, using the frequent flyer number on his boarding pass stub, without typing in a password, were given full access to all his personal details - including his passport number, the date it expired, his nationality (he is Dutch, living in the UK) and his date of birth. The system even allowed us to change the information."
Re:BA could be liable for damages... (Score:2, Informative)
You, of course, must be able to demonstrate and document the damage and distress too.
Run that one by me again. (Score:2, Informative)
I dont like all the pointless security either but some of it is defintely neccessary, and that wasn't the case on US internal airlines pre-September 2001. And anyway people need to see security at airports/on planes, in order to allievate fear of flying, which many people had after 9/11 and which would of course impact on the number of passengers.
I call bullshit (Score:3, Informative)
First, the writer said he logged into BA's site, using only the supposed victim's frequent flyer number. But if you go to http://www.britishairways.com/travel/home/public/
As for the rest of the article, it might be accurate, but somehow I doubt that. The whole thing just utterly fails to pass the smell-o-scope test, pegging right between 'horse manure' and 'grade A Kentucky bullshit'.
Re:Passport Required!!!! (Score:3, Informative)
Re:What is halal? (Score:1, Informative)
Re:I call bullshit (Score:3, Informative)
"BA has now closed its security loophole after being contacted by the Guardian in March"
So I wouldn't expect it to work now...
Re:I call bullshit (Score:5, Informative)
Okay, I'll bite.
From TFA, the guy is a business traveller. Now look what happens if you "need help" logging in [britishairways.com] to BA's website:
As a member of the British Airways Executive Club, On Business or as a registered customer with britishairways.com, you can now log in to manage your account and access our exclusive online services. You log in by entering your details in the boxes at the top right hand corner of the screen.
Login ID Your login ID is either your: > Executive Club membership number or > On Business membership number or > Username
PIN/Password When logging in with the following: > Executive Club membership number, use your 4-digit PIN or > On Business use your login id and password or > username, use your password
Executive Club members If you need a PIN or have forgotten your PIN, then please click here to apply for one >>
On Business members If you have forgotten your password or login id click here for more information >>
Forgotten your password? Enter your username in both the Login ID and the PIN/Password boxes to receive your password prompt.
From what I can tell, if the reporter is in fact not lying, if the "victim" was an Executive Club member, you need the following if you need a PIN, or have forgotten your PIN:
Hmm. This is printed on the boarding pass already. Oh, and if he's an On Business member, you only need the username to retrieve the password, and the website tells you that it's "2 characters 6 digits"; what's the chance of that being the membership number printed on the boarding pass?
I wouldn't call this complete and utter bullshit yet. There are reasonable explanations for how this was accomplished.
Re:Real ID act (Score:1, Informative)
Re:Passport Required!!!! (Score:3, Informative)
As I understand it, the chain of events is this...
If you're a member of the BA loyalty club, you didn't used to have to go through the web site... probably still don't have to.
You could sign up by one of the handouts at airports, get your card and give the number (along with all the stuff the USA wants) to your travel agent, and never visit BA's website.
BA print the loyalty card number on your boarding pass, each time you check in.
So they took a discarded boarding pass stub, with the name and number on it, went to the BA site and said 'sign me up for online check in' - provided the identifying details and pretended to be him (incidentally buying a ticket with his name on). This should not have been possible without, say, confirming his address, or some other security measure. This is the 'hole' in BA's security that the article says is now fixed. From memory (and I am a little hazy on the details) when I signed up online they populated all the fields they could with the information from my loyalty card record.
I know this is the case, because I got a card without signing up online, many years ago - and then went to tie that number to an online account.
Once they were online, they could see all the stuff he'd previously told BA - address, passport number, etc - from there, they went to get his house price, phone number and a lot more information.
The moral of the story is (as many have said) - if it's information you wouldn't print on a t-shirt or tell a random stranger, don't throw it away.
Mark
Re:What is halal? (Score:2, Informative)
However, neither has pork, or shellfish, or a few other things. And hence if someone doesn't care about having their food 'certified', they just don't want to take a big bite of pork, the 'other' kind of food is fine.
And the GP is right, Jewish and Arab traditions are very very close in many ways, because they originally were the same, and because they have always lived in the same part of the world. Any similarities between Islam and Judism is almost always because Islam was almost entirely an Arab religion at the start. I.e., Semitic to Arab to Muslim, and Semitic to Jewish people to Jewish religion.
Whereas Christianity wandered off to Europe, and the European 'pagan' people within 100 years, so sucked up all those traditions. While Islam and Judism are single religions that came out of the same sets of people, Christianity is almost that same thing, out of the same people, applied to an entirely different set of people.
Re:That story scares me. (Score:3, Informative)
No, an airport is national territory. And by convention an airplane becomes part of the national territory the moments the doors open (with doors closed different regulations apply (Warsaw Convention, Montreal Convention))
Most International Airports have designated transit area for passengers transiting a country to save them from the hassle of immigration and emigration - Except for the US, where most international airports do not have real transit areas, thus requiring all transiting passengers to enter the US and leave it a few minutes later (wasting 2-3 hours for the whole process, no to mention the humiliating finger-printing and picture taking)
It seems to me, that the US officals think that everyone setting foot on US soil only wants to enter the country (as a potential terrorist).
I work at an airline and we used to have flights to the US with continuing services to other destinations in middle america and the caribbean.
We had to stop this because of the enourmous hassles our transit passengers had to endure on transit (including sometimes refusal of transit). We now go via Havanna, which has its own problems, but at least the passengers have no problems on the transit.