[ISN] Fly At Your Own Risk: More Security Breaches Found

From: InfoSec News (alerts@private)
Date: Mon Jun 25 2007 - 22:10:27 PDT


http://cbs2chicago.com/topstories/local_story_176224625.html

By Dave Savini
CBS2Chicago.com
June 25, 2007

(CBS) CHICAGO - Fly At Your Own Risk is a CBS 2 continuing undercover 
investigation at OHare Airport, and it just got even more alarming. 2 
Investigator Dave Savini reports on exclusive details.

Officials at O'Hare International Airport are refusing to interview with 
CBS 2 about our latest findings. The 2 Investigators have found more 
security breaches and a failure by authorities to investigate.

O'Hare is one of the busiest airports in the nation, and may be one of 
the most vulnerable.

The 2 Investigators have learned that 47 more employee access badges are 
missing, bringing the total we've discovered to 3,807 the biggest 
security failure involving access badges ever to be exposed.

"Doesn't surprise me, said Marcia Pinkston. I am surprised you didn't 
find more."

Airport employees are allowed to go through a back gate. All they have 
to do is show their access badge. They are not searched.

"It's really scary just thinking that anyone can go into secure areas of 
OHare, Pinkston said.

The latest missing badges belong to employees of Mesa Airlines, which 
operates flights for United Express. One of them belonged to Pinkston, 
who worked as a flight attendant.

She says she was fired for complaining about security. She says the 
airline never asked her to return her access badge and for months she 
could have used it to gain access to airplanes.

"Just anybody can go in there, she said.

Last month, Pinkston told CBS 2 about other security failures, including 
employees sharing security codes or "piggybacking" by following someone 
through open doors to gain access to secure areas.

At the time, The Transportation Security Administration vowed to 
investigate.

But Pinkston tells CBS 2 that no one from TSA has contacted her even 
after she made allegations about piggybacking and code sharing.

She said it makes her feel "that they're just not doing their job."

Paul Maniscalco was New York City's chief paramedic in charge of EMS 
response to the 1993 attack on the World Trade Center. He's now a 
terrorism expert.

"You would think by 2007 we would have our arms around this issue, he 
said. "When your investigation indicated that we had cards missing, 
unaccountability for the cards, people piggybacking, it was alarming."

Mansicalco says the threat of airport employees is real and points to 
numerous incidents including one in March at Orlandos airport when two 
employees smuggled drugs and guns on to a plane, and earlier this month 
in New York at JFK Airport a former cargo worker was charged with 
plotting to blow up fuel tanks

"There is no security, Pinkston said. As long as you work there you can 
do whatever you want."

Thanks to the CBS 2 investigation, the Department of Aviation fined Mesa 
Airlines $47,000 because of the missing badges. Thats the first time any 
airline has been fined for this issue. The TSA has refused to say why 
they have not interviewed our whistleblower, Marcia Pinkston.

Mesa Airlines said the fine is just a proposal and did not want to 
comment.

MMVII, CBS Broadcasting Inc. All Rights Reserved.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Mon Jun 25 2007 - 22:22:28 PDT