Pa­parazzi steal pas­sen­ger lists, itin­er­ar­ies from air­lines

The Weekend Australian - - FRONT PAGE - DANA McCAULEY

Ma­jor air­lines have been in­formed of a se­ri­ous se­cu­rity threat to their pas­sen­ger book­ing sys­tems ex­pos­ing the pri­vate de­tails of high-pro­file, wealthy trav­ellers.

Vir­gin Aus­tralia is among the air­lines in­ves­ti­gat­ing the use of con­fi­den­tial pas­sen­ger data by pa­parazzi af­ter be­ing handed ev­i­dence of wide­spread breaches, al­low­ing flight num­bers, highly sen­si­tive book­ing num­bers and ar­rival and depar­ture times to be passed be­tween agen­cies and pho­tog­ra­phers, amid fierce com­pe­ti­tion in the celebrity news trade.

The Week­end Aus­tralian has been given screen­shots of Vir­gin travel itin­er­ar­ies for celebri­ties in­clud­ing Mar­got Rob­bie, Naomi Watts, Rebel Wil­son and Keith Ur­ban and, most dis­turbingly, one of his chil­dren with wife Ni­cole Kid­man. “This is an is­sue that af­fects air­lines around the world and Vir­gin Aus­tralia is cur­rently work­ing ac­tively with a num­ber of other air­lines to ad­vo­cate for our sys­tem provider to im­prove its au­dit con­trols,” a Vir­gin spokes­woman said.

Wendy Day, Kid­man’s rep­re­sen­ta­tive, said it was “ex­tremely dis­turb­ing” that clients and their fam­i­lies’ move­ments were be­ing tracked, as the data could fall into the hands of stalk­ers or ter­ror­ists “in the world we live in to­day”. “It is ab­so­lutely hor­rific for any­one to have their chil­dren’s safety en­dan­gered,” Day said.

While celebri­ties knew that a level of pub­lic at­ten­tion was to be ex­pected as part of their roles, “no one de­serves for their chil­dren to be placed in jeop­ardy”, she said.

Top celebrity agents con­tacted by The Week­end Aus­tralian say the prac­tice is wide­spread and well­known.

Travel ex­perts con­firmed that the air­line book­ings seen by The Week­end Aus­tralian ap­peared to have been sourced from Sabre, a global book­ing sys­tem used by air­lines and travel agents world­wide.

Com­puter se­cu­rity ex­perts have iden­ti­fied flaws within Sabre and Amadeus, a sim­i­lar book­ing sys­tem used by Qantas, which leave them vul­ner­a­ble to be­ing hacked.

Air­lines are lob­by­ing for in­creased se­cu­rity fea­tures to be built into both sys­tems, call­ing for fin­ger­print tech­nol­ogy to en­able them to de­ter­mine who has ac­cessed a flight book­ing. At present, this oc­curs only if a book­ing is mod­i­fied.

Known as global dis­tri­bu­tion sys­tems, these data­bases are used to co-or­di­nate travel book­ings be­tween air­lines, travel agents and on­line book­ing sites, us­ing a six­char­ac­ter Pas­sen­ger Name Record gen­er­ated by all flight book­ings.

Ger­man com­puter se­cu­rity firm SR Labs re­leased a re­port in late 2016 that found that PNR num­bers were easy to guess and that pas­sen­gers’ itin­er­ar­ies could eas­ily be hacked.

Amadeus has in­tro­duced some mea­sures to pro­tect against unau­tho­rised ac­cess since the re­search find­ings were pub­lished. Vir­gin has in­tro­duced ex­tra se­cu­rity con­trols around em­ployee ac­cess to Sabre.

The Week­end Aus­tralian has also seen celebrity travel itin­er­ar­ies sourced di­rectly from the Vir­gin web­site, which can be eas­ily ac­cessed us­ing the PNR num­ber.

The value of travel itin­er­ary in­for­ma­tion to pa­parazzi ex­tends beyond the stan­dard shots of celebri­ties ar­riv­ing at air­ports.

While these shots are only valu­able if they con­tain exclusive con­tent — such as the images of Net­work Nine host Karl Ste­fan- ovic kiss­ing girl­friend Jas­mine Yar­brough at Los An­ge­les air­port in April, be­lieved to have sold for $35,000 — celebri­ties are fol­lowed to their ho­tels and through­out their hol­i­days, mak­ing their travel itin­er­ar­ies a valu­able re­source for pa­parazzi. Yet even sea­soned paps are con­cerned about il­le­gally ac­cessed data, say­ing rogue op­er­a­tors are bring­ing the sec­tor into dis­re­pute by “fla­grantly” break­ing the law.

The ease with which air­line se­cu­rity pro­to­cols can be breached was high­lighted when fan­turned-pa­parazzo Jay­den Sey­farth used the self-serve check-in fa­cil­ity at Syd­ney Air­port to print off the board­ing passes of Bach­e­lorette stars So­phie Monk and Stu­art Laundy and ac­cess the Vir­gin lounge — re­sult­ing in the air­line ban­ning him in­def­i­nitely.

In or­der to print a board­ing pass on do­mes­tic Aus­tralian flights, all you need is the trav­eller’s sur­name and des­ti­na­tion.

A Vir­gin spokes­woman said the safety and se­cu­rity of guests, crew and air­craft was “our No 1 pri­or­ity”.

A Qantas spokesman said it would “im­me­di­ately” act upon any breaches re­ported to the air­line.

An Amadeus spokesman said the com­pany had im­ple­mented ex­tra se­cu­rity since the SR Labs re­search was pub­lished, in­clud­ing “ad­di­tional lay­ers of au­then­ti­ca­tion”.

Ni­cole Kid­man, Keith Ur­ban and their chil­dren

Mar­got Rob­bie ar­rives at Bris­bane In­ter­na­tional

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.