Fliers who find themselves attempting to fly without identification should prep themselves on what their old addresses were, when their wedding anniversary is and and their children's addresses.

Knowing those and other bits of personal information in public records will be key to convincing federal employees to let you past the x-ray machines onto your plane.

That's because under new rules from the Transportation Security Administration, travelers who try to fly without identification now have to do more than just let screeners paw through their bags and wand them up and down.

Now, those who left their license at home or had it stolen have to answer a series of questions relayed to the screener by employees in TSA's operations center in Virginia, where employees have access to databases of public records, including those compiled by data giant Lexis Nexis.

The idea is for screeners to know that the person holding a boarding pass in the name of Buster Brown, actually is that person. For travellers without ID, they better hope that the notoriously inaccurate private dossiers about them are correct.

The process of comparing answers to public records already caused a flare-up after one traveler was asked whether he was registered as a Democrat or a Republican, which TSA spokesman Christopher White called a "day one mistake," where a TSA employee looked at the available public records and asked a question off of the information in the files compiled by Lexis Nexis and others.

Another traveler recently reported that officials looked at the tax returns she was carrying with her, that the screeners had the Ohio DMV pull up her photo and that she was asked questions about her family, according to a story from the Lawrence Journal World.

The DMV photo detail struck TSA's White as odd, saying that he didn't believe the TSA had access to that data and that there were "much less invasive ways to verify identification."

As for the tax returns?

"If a passenger has any type of documents, they can present them to assist in verifying identification," White said. "If she presented an officer with her tax return, we don't care how much money she makes -- we just care about her identity."

White promised to look into the story further.

The new rules went into effect June 21, and in the first five days, 1705 people out of 10 million attempted to fly without identification and 59 of those were denied access to the plane.

White says the changes are just about making it harder for a would-be terrorist to board a plane using a ticket in someone else's name, which would bypass the no-fly list.

The TSA is experimenting with verifying boarding passes at the screening line, which would close the longstanding loophole that lets someone use a combination of a real identity card, a fake boarding pass and a real one to board a plane despite being on the no-fly list.

http://blog.wired.com/27bstroke6/2008/07/flying-without.html

The purported takeover of the San Francisco government's new fiber optic network by an employee who locked out all the other administrators sounds extreme, but disgruntled or fired employees have long used computers to get a dose of revenge.

Hitting this button caused millions in losses to a bank by killing power to the main computing center, according to the FBI.

The city is still scrambling to regain control of the municipal network that handles everything from the mayor's e-mail to San Francisco's electronic court records, according to Ron Vinson, the deputy director of San Francisco's telecommunications and information services department.

Terry Childs, a city tech employee, allegedly modified the system so that only he had top level permissions. Childs was arrested Sunday and is being held on $5 million bail, after allegedly refusing to hand over the passwords.

"This is a great example of how powerful insiders can be," assuming the allegations are true, says security expert Adam Shostack, co-author of the New School of Information Security. "Insiders do have a tremendous amount of power."

At the same time, such shenanigans are still rare, at least compared to how many network administrators are fired, or quit, without burning the system behind them, says Shostack. One thing's for certain: with no actual damage reported, the San Francisco incident pales next to other reported cyber-sabotage efforts.

• In 2008, Danielle Duann, a former employee of the Life Gift Organ Donation Center in Houston, Texas, was indicted for computer hacking. Duann allegedly deleted database records used to match organs to needy patients after she was fired in November, 2005. The feds say the deletions caused more than $70,000 in damages, and had the potential to affect medical treatment.


• In 2007, Lonnie Denison pleaded guilty to intentionally sabotaging a data control center in the California Independent System Operator Corporation, which the Feds described as an effort to bring down the Golden State's power grid. Denison, a contractor working at the CAL ISO, broke into a high-security computer room and pushed an emergency electrical shut-off button for the computer room. That sabotage crashed computers that communicate with California's deregulated power market and could have caused severe damage if it had happened during peak electrical usage.


• In October 2003, Andrew Garcia, a former employee of monitor maker Viewsonic, was sentenced to a year in prison for deleting critical server files that were necessary for Viewsonic's Taiwan office to do work.


• In 2002, a former American Eagle Outfitters employee posted passwords and logins for the company's network on a hacker mailing list on Yahoo. He also included instructions on how to get into American Eagle's wide-area network. He put those instructions into use himself after Thanksgiving 2002, hoping to disrupt the company during the busy holiday season. For his trouble, Kenneth Patterson was sentenced to 18 months in prison.


• A former network administrator for the Inglewood, California-based Airline Coach Service and Sky Limo Company attacked his former employer's network, deleting files and changing passwords. The hack crashed the company's dispatch system, causing thousands in losses. When his house was raided by the feds, they discovered a file folder labeled "retaliation." In 2003, Alan Giang Tran plead guilty to one count of hacking.


• A disgruntled Australian engineer used a laptop and radio control equipment to dump hundreds of thousands of gallons of sewage into rivers and parks in Australia in 2000. The engineer was angry at being rejected for a job from the Maroochy Shire in Queensland, which contracted the company he worked for to make the sewage system.


• Roger Duronio, a disgruntled former UBS PaineWebber employee was sentenced to 97 months in jail for planting a time-bomb program that destroyed files on thousands of computers inside the financial giant's computer network. Duronio planted the code before his February 22, 2002 resignation, which followed repeated complaints by Duronio about his salary and bonuses. The timer for the code went off on March 4, and Duronio shorted UBS's stock on the day of the time bomb, hoping to make a profit by having the rogue code drive down the company's stock price.


• In 1996, a network administrator planted computer code that deleted the sophisticated production software of a high-tech measurement and control instruments company called Omega Engineering, causing $10 million in damages. Timothy Allen Lloyd designed the company's network, but was fired after 11 years on July 10, 1996. The time bomb went off 20 days later. After being convicted in 2000, Lloyd was eventually sentenced to 41 months imprisonment.

Despite the horror stories, at least one can be thankful that when someone in the IT department goes postal, they tend to take down the mail server, not pick up an assault rifle.

http://blog.wired.com

Vaughan Thomas
Saturday July 19, 2008
The Guardian


A central line train approaches the platform. Photograph: David Levene


At 9.45am on Saturday, June 23 2007, I killed a man. A perfectly ordinary man, on a perfectly ordinary summer's day. CCTV pictures show him entering the station, unremarkable among all the passengers going to the West End. He waited at the front of the platform until he could hear my train approaching, then he calmly stepped down on to the tracks and looked directly at me as he waited for the impact.

The impact was only a matter of seconds in coming, but those seconds felt like minutes. This wasn't how it was meant to be. It wasn't how I had imagined it during my years as a Central line train driver. We talk of "jumpers"; workmates tell of blurry images flashing in front of them, of the shock of the impact. I wasn't expecting to see a young man in jeans and a summer shirt waiting for death, looking me in the eye.

As I hit the emergency brake, I was thinking, "Please, get out of the way. Now. Please let it be a prank." Youngsters on the track are a regular event, though no less frightening for that, and for train drivers it's something we learn to live with.

But this wasn't a typical game of "chicken": he wasn't laughing and he wasn't with friends. When it became clear he wasn't going to move out of the way, I closed my eyes, covered my face and held my breath.

By the time we were stationary, four of my eight cars were in the platform and I was on autopilot. I told the passengers there would be a delay in opening the doors due to an "incident", and was calling the line controller for assistance when I heard a tap on my cab door. A smart man inquired, "Do you know there's a person under your train?" I looked at the blood on the windscreen momentarily before assuring him that, yes, I was aware.

He paused for a heartbeat, looked at his watch and said, "So, how long before we get on the move again?"

I was to look back on this exchange with amusement and also, strangely, comfort: in the midst of the horror, normality was briefly restored by a commuter asking for alternative travel arrangements.

I'd advised the passengers to stay where they were and not to try to open the doors because we weren't fully in the platform; amazingly, they all complied. I walked back through the carriages opening the adjoining doors and shouting: "Please leave the train, and leave the station as quickly as possible!" Terrorist attacks were still very much on people's minds, and as each carriage emptied I looked to the next, seeing anxious faces through the windows. No one tried to leave until I opened the doors. Only a few asked the reason, none complained. I was hugely impressed.

The next few hours were a blur of activity as the body was removed and service restored: station staff, police, firefighters, the emergency support unit and trauma counsellors all came and went in a smooth, well-practised exercise. I was reassured that it wasn't my fault, that there was nothing I could have done; it was his choice. All of which I knew, but it was good to hear from someone else.

As a child of the enlightenment, a rationalist and an atheist, I was sure I wouldn't be unduly affected by the death of a person unknown. I was told I'd need some time off in case of post-traumatic stress; I agreed to counselling to assess my fitness to resume work, but was convinced this would be a formality.

My return to work was speedy and for weeks I was seemingly unaffected. But in August a policeman came to brief me before the inquest and to show me the pictures. The unknown person now had a name, a family and a tragic story.

Henrik Alexandersson had moved from Sweden to find work in London; he was successful and popular, but had been unwell. For some reason, he'd convinced himself his illness was Aids-related and that week he had gone for a check-up to find out the truth. By that Saturday, he could bear to wait no longer: he called his parents in such a state of distress that they booked a flight to London (arriving just hours too late.) He left a suicide note, and headed off for his fateful meeting with me. Had he waited a day longer, he would have learned that the tests were negative.

I left work and went home in the full realisation that perhaps I am not such a rationalist after all, because I sobbed my heart out in the arms of my partner. A year has passed now, but I can still see Henrik standing on the track, awaiting the inevitable.