Boarding Pass to Identity Theft
The Guaridan reports that with just a discarded British Airways boarding-pass stub that was found in a dustbin, the journalist and his computer expert was able to access personal details:
We logged on to the BA website, bought a ticket in [the passenger’s] name and then, using the frequent flyer number on his boarding pass stub, without typing in a password, were given full access to all his personal details - including his passport number, the date it expired, his nationality (he is Dutch, living in the UK) and his date of birth. The system even allowed us to change the information.
I’m a bit surprised that this level of access was granted without typing a password. I wonder if the lack of a password is a system-wide feature or something that is configurable on a per-account basis.
The article then dives into the recent history of information gathering by the airlines/governments including the CAPPS II and subsequent Secure Flight programs. For additional background, see these weblog postings by Bruce Schneier and Ed Felten.
October 28th, 2006 at 2:39 pm
Airport security depends on intelligence communities doing their job. Anyone that wants to disrupt flights should not be allowed to enter the airports. What we have for “Security” is a sham and worthless. Only stupid people think it is of value. And with that in mind what you discuss is worthless. We all need to grab our governments especially George W. by the ears and give them a bit of reality. The present program is stupid and a waste of money for all of us, both real and in time wasted in airports.