Aardvark Daily

Please visit the sponsor!

Why the world's hackers are partying today

An announcement made yesterday must have many of the world's hackers and online marketers jumping for joy.

Imagine having access to the names, and postal/email addresses of millions of people.

Better still, especially for those looking to engage in ID theft, what about being able to gain access to a raft of information beyond the basics?

How about a treasure-trove of passport details including ages and intended travel destinations?

Right now you're probably asking "who would be stupid enough to put such valuable information online in this day and age?"

Well how about the US government?

But wait, it gets worse...

It won't be the private details of US citizens that appear in this online database however, it's information submitted by anyone (and everyone) who wants to travel to the USA as part of its visa-waiver program.

Yes, despite an endless stream of embarrassing security gaffes that simply serve to prove how inadequate such systems often are, the USA has stated that as from January, anyone intending to enter the USA under the waiver programme will have to register online at least three days prior to the trip.

The reasons for this are obvious -- the USA is paranoid.

However, just because they're paranoid doesn't mean that there aren't people out to get them.

Although there have been no acts of international terrorism against the USA on US soil since 9/11, the Homeland Security guys have not stopped dreaming up ways to inconvenience the rest of the world in the name of national security.

And this latest idiotic idea really beggars belief.

Why oh why, in an age where you are a thousand times more likely to suffer from identity theft than a terrorist attack, are the USA setting out to make life so easy for evil little sods to steal the identities of so many innocent folks?

Although the site doesn't go live for a month or so and won't be mandatory until January 2009, it will doubtless require the submission of a great deal of "identifying" information -- just the stuff a crim needs to assume someone's identity.

Passport number, date of birth, phone number, email address, postal address, intended dates of travel, intended location, and a raft of other stuff will be demanded by such a system and stored on systems that are accessible via the internet.

How do we know that?

Well on NatRad this morning a spokesperson for the USA told listeners that registrations would be valid for two years and if your travel plans changed you could simply log on and update that information -- therefore it's obvious that the stored data is accessible/retrievable via the net.

So, spammers, identity thieves, phishers and a raft of other cyber-crims will be salivating right now, sweaty with anticipation that all this valuable data will be (no doubt) be entrusted to some MS Windows-based server and just ripe for the picking.

Let's face it, we've seen power systems, satellite controllers, government websites and a raft of other supposedly *very* secure online systems already compromised by hackers, often just for the fun of it. Imagine the motivation when all this tasty data is just sitting there waiting to be harvested for profit.

Of course one would have to ask whether it's actually going to achieve the desired result -- the early detection of people who might pose a risk to the security and safety of the USA.

Well I managed to slip in and out of the USA back in 2003, at exactly the time the US government was jumping up and down about "that damned Kiwi's DIY cruise missile". I also recall that I emailed all the relevant US security departments before I even started the cruise missile project and invited their comments or concerns. All I got were some automated replies and they were still surprised when they "discovered" the project through the media.

So I'm thinking that this online registration scheme will do little except give someone a warm-fuzzy feeling that they're improving security and open up huge numbers of international travellers to the attentions of cyber-villains.

Or am I wrong?

Will this additional barrier to entering the USA discourage you from travelling to that country?

I must admit that I found US immigration authorities to be the worst I've ever experienced in terms of their "friendliness" the last time I visited. You are definitely made to feel like you're allowed in under sufferance and that it is a great privilege to be allowed through the gates.

Although I know a great many Americans who are wonderful people, I hate the way they treat everyone on the unprocessed side of the immigration area as an enemy of the state. I certainly would not consider the USA as a holiday destination because of this.

How long before there's a mandatory internal body-search for *all* who seek the high goal of crossing its borders for whatever purpose I wonder?

Please visit the sponsor!

Have your say on this...

PERMALINK to this column

Oh, and don't forget today's sci/tech news headlines

Rank This Aardvark Page

Change Font