Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Air Canada Sues Over Misuse Of Employee Password

michael posted more than 10 years ago | from the oh-canada dept.

Security 215

Anonymous Coward writes "What do you do when you let an employee go? You kill their password and ID, right? Air Canada didn't, and they're now in court because the employee went to a competitor, wrote some cool automated scripts using the ID/password, and grabbed some company data." Interesting story, because Air Canada authorized the employee to access this website and book tickets for himself as part of his severance, but they apparently provide a little more data on that site than what is available to the public.

cancel ×

215 comments

could this be ? (-1)

Adolf Hitroll (562418) | more than 10 years ago | (#8790362)

well, I hope it's not too late to plook you all, scheissmasters !

Re:could this be ? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8790555)

Guten Tag!

Sen. Edward Kennedy has been a persistent critic of President Bush's war in Iraq and the Massachusetts Democrat let loose another salvo Monday, attacking the administration's domestic policy and saying that Iraq has become "George Bush's Vietnam." In a blistering speech that infuriated Senate Republicans, Kennedy accused Bush of leading America into war under false pretenses while allowing the real terrorist threat, al Qaeda, to regroup. "As the terrorist bombings in Madrid and other reports now indicate," Kennedy said, "al Qaeda has used that time to plant terrorist cells in countries throughout the world, and establish ties with terrorist groups in many different lands."

If you deal in garbage, you might attract flies. (5, Informative)

LostCluster (625375) | more than 10 years ago | (#8790368)

To airlines, a space-available ticket is something that's being plucked out of the garbage. It represents what they allow most of their employees to do... fly for free when there's an empty seat that's going to be going to be going somewhere. Of course, the critical mistake was that in order for somebody to know if there's going to be space-availalbe, they have to publish on this site how full or not full the plane currently is.

So there's where the dumb idea play comes in. If they had just let him have some free coach tickets through the customer side the operation then all they'd have to do is give him some limited-use coupon codes. Or they could have given him cash in his severance package. But no, they had had to go with these theoretically near-zero-cost cost tickets... and now look where they are.

Re:If you deal in garbage, you might attract flies (5, Insightful)

Beeswarm (693535) | more than 10 years ago | (#8790419)

Hey, space-available tickets are a very good deal for the airlines and the employees who work for them. I probably would not be working for an airline if it weren't for the fact I've been to Europe twice, Japan once, and Mexico more times than I can remember in the last four years, all working at a salary barely twice the minimum wage. The Reservation center I work at has an extremely low turnover rate by call center standards, and most of my co-workers travel abroad on a regular basis. And the company gets lots of happy workers just by giving away the seats they can't sell.

Re:If you deal in garbage, you might attract flies (0)

Anonymous Coward | more than 10 years ago | (#8790509)

Just because they're a pleasant thing fo ryou doesn't mean they're a good idea. Kind of like whores in this respect.

It turns out they are a security hole. That makes them a bad idea, even if they are a way to save money for the airlines and the people working for them. If I cut off my leg, I wouldn't have to eat so much... unless hopping takes more energy than walking. Hmmm. Bad ideas can have obvious good traits and subtle bad traits.

Re:If you deal in garbage, you might attract flies (3, Interesting)

tarunthegreat (746088) | more than 10 years ago | (#8790613)

It's not so much What Air Canada's doing, but how they went about it. There really doesn't seem to be much reason to give former employees access to private sites. Although it's not too clear in the article, the least they coulda done was create a separate network, with filtered data (i.e. a DB with just empty airline seats, and also coded in different ways so that you don't really have too much of a clue what's going on elsewhere...) Heck maybe the employee shouldn't even have visibility into what routes have empty seats, but just submit a request for an empty seat. (i.e. Instead of the system saying "we have 50 free seats to mexico today, take your pick" it should simply say " Mr. X, you have got the free seat to mexico today". ) How difficult would that be to do really? Even simpler is not allowing the former employees access to private sites, severance or not. This is simply laziness on Air Canada's part (hell we have to give these bozos free tickets, so let's just give 'em a little more access).Air Canada got what it deserves, and if anything, it should be Air Canada's investors suing Air Canada!

Re:If you deal in garbage, you might attract flies (4, Informative)

LostCluster (625375) | more than 10 years ago | (#8790686)

They're a great deal for the employees, but revealing which routes have space-available seats shortly before takeoff is highly valuable data. That shouldn't be in trusted the hands of an ex-employee.

Had they simply upgraded him to a regular coach seat, there'd be no need to be giving him access to the employee-side site. This was a case of being cheap in the near term costing more in the long run...

Re:If you deal in garbage, you might attract flies (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8790539)

Sen. Edward Kennedy has been a persistent critic of President Bush's war in Iraq and the Massachusetts Democrat let loose another salvo Monday, attacking the administration's domestic policy and saying that Iraq has become "George Bush's Vietnam." In a blistering speech that infuriated Senate Republicans, Kennedy accused Bush of leading America into war under false pretenses while allowing the real terrorist threat, al Qaeda, to regroup. "As the terrorist bombings in Madrid and other reports now indicate," Kennedy said, "al Qaeda has used that time to plant terrorist cells in countries throughout the world, and establish ties with terrorist groups in many different lands."

3 Pair for Crewl Girl (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8790371)

I'd gone to the old farm house which was three miles outside of the
small town where I live and 100 miles from a large city. I had my
binoculars and small telescope and planned a night of viewing the
stars and hopefully seeing the moons of Jupiter on this clear warm
late summer night.

The old deserted farm house was on top of a small hill with a large
barn and a 40 acre clearing where the horses used to graze; it made
a perfect spot to set-up my scope. I'd come in the back way from a
road about 1/4 mile down the hill rather than drive to the farm
house because sometimes wild parties were thrown at the farm house
and I didn't want to get involved.

I'd been there about an hour when I heard laughing and howling from
the farm house which sounded different from the usual party goers.
It would be awhile before Jupiter and it's moons would be bright
enough for clear viewing so I thought I'd discretly approach the
farm house or barn form where the noise was coming.

I could here mostly women's voices and occasionally a man's. "You
fucking crewl bitch let me go and I'll give you the fucking of your
life". I clearly heard the man's voice as I aproached the barn from
which the voices came. It was dark out now so I didn't have to
worry about being seen and there were several lanterns in the barn
lighting it, so I carefully crept up to a window.

Looking through I saw 4 women with 2 men. The men were each seated
on an old style wooden chair with their ankles tied to the chair
legs and their hands were tied by a rope behind their backs to the
12" x 12" wooden suport posts in the barn the posts with the seated
men tied to them were about 12' apart and the men sat facing the
window through which I was looking. I noticed they both had
erections and were naked. I was about 25 feet from the men with the
women who were all wearing garters and hose with bras that allowed
their tits to flow over a bit a nothing else; I felt a stiring in
my balls.

I listened to the women talking and learned their names: Crewl Girl
(CG), Silvia, a black woman about 35 with very large breasts,
Shiela, a samll woman about 40, and Eunice, who looked like a
librarian about 45. CG said, "OK big cock you're goona put out like
you should and then I'll take your cock and balls for a trophy"!
One of the men had an enormous 9" cock the other was normal a
little less than 6", but both were erect. CG mounted the guy with
the large cock and stared fucking him furously from the female
superior postion she was facing toward me as I watched from out the
window in the dark unseen. CG said, "If you come too soon I'll
crush your balls"! After 5 mintues of fucking him she jumped off
him and punched him 6 times hard in the balls. The guy was
screaming. Then she mounted the other guy and Silvia mounted the
guy with the big cock who was begging to be let go. The other women
all wore black bras and garters, except silvia who red and I was
reaching full erection as both women began fucking the tied men.
Eunice and Shiela would squeeze and punch the balls as Silvia and
CG fucked the bound men. The guy would howl as they were being
punched in the balls. CG suddenly dismounted the smaller guy and
stood in front of the big cocked guy the silvia was humping. She
had a hammer in her hand while Eunice monted the smaller man.

Shiela also was in front of the big cocked guy and took a knife out
of the sheath she had on her side. The big cocked guy Yelled, "I'm
goona shoot in your pussy"! CG immediately pounded his balls flat
with the hammer as Silvia lifted her self off his cock so the come
shot on her dark skinned stomach. The guy was screaming at the top
of his lungs as his balls were quickly busted. Silvia grabbed his
cock and CG held his empty scrotum away from his body while Shiela
with one powerful stroke with her large sharp blade cut-off his
enormous cock and balls. It was done neatly like they'd praticed
this and Silvia held up the bloody trophy and said, "We've got a
great one for the collection".

I had begun to masturbate and was getting close to coming, the
three women diappeared for a moment as I watched Eunice fucking the
small guy and squeezing his nuts so hard he was begging her to
castrate him to end the pain. Eunice said, "ok, I'll castrate you,
but I kinda like you so I'll let you come first". I guess that was
all the guy could take because he yelled, " I'm coming"! I was
close to coming too as my pants had dropped to my ankles; this was
really hot! Eunice fucked him hard until his cock started to soften
then she junped of took her knife from her sheath pounded his balls
flat with the handle pulled his scrotum away from his body and
removed it with one stroke. I could feel s striring in my nuts as I
was getting ready to come from masturbating while watching this hot
scene. All of a sudden there was a tremendous pain in my balls as
they were grabed and punched from behind; I fell to the ground in
pain before I could cover-up Silvia had mounted my face and was
fucking my face so hard I could hardly breath Shiela was putting an
ankle spreader on me while Silvia helped CG tie my hands over my
head. Very quickly I was helpless.

The women brought me inside where I noticed the big cocked guy had
bled to death and was laying on the dirt floor lifeless, and the
other guy was in trouble from not having the cords tied before he
was castrated and was bleeding heavily. CG said, " Oh boy! A bonus
boner! with that she tied my balls so they were seperate and snugly
tied. She produced a large 5" long needle about the thickness of a
pencil lead and started shoving it slowly into my right ball. She
was enjoying this and said,"Most guys never recover from having
this needle shoved through their balls". When she'd stuck it into
but not through my right ball The women tied me where the first big
cocked guy had been. CG pushed the needle through my right ball and
then stared to push it into my left ball. My cock was wilting by
now so CG stopped and the women gathered around and started saying
that they were pissed off because they all wanted to fuck me. With
this talk my cock rose again and Silvia mounted me while CG
continued to push the needle all the way through my left ball, so
that at each end of the needle there was more than an inch sticking
out from each side of my balls.

My cock was rock hard as I hoped to be given one last come before
they finished me. Silvia came twice bfore we came togehter and she
jumped of and Shiela mounted me. CG Brought some wires and a box
over as I was fucked by Shiela tied to the chair. CG attched wires
at each end of the needle through both my balls and then hooked up
the box to the wires which were powered by a cattle prod and turned
on the juice. I shook hard up, down, and around While Shiela
climaxed and Eunice mounted me CG shut off the juice. I could smell
the cooked flesh of my nuts, but still my cock was rock hard.
Eunice was very damp from the ecitement and climaxed quickly. Then
CG mounted me and said," If you beg me to be my slave and can
satisfy me, you might keep my balls for another day" I was crazed
with lust and some how my cock remeained rock hard and brought CG
to climax three times before we came together. I must have said 100
times that my balls are hers and I'd love to be her slave.
to be continued

first post (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8790372)

i'm lame

Re:first post (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8790755)

Yes you are, cuz you didn't even get first post. :)

Calling a spade a "spade" are we? (4, Funny)

LostCluster (625375) | more than 10 years ago | (#8790374)

Some of Canada's largest pension funds as well as Toronto conglomerate Onex Corp. and several U.S. vulture funds have been mentioned as possible replacement investors in the airline.

Was that a typo... or is The Globe and Mail public on it's low opinion of venture capital operations?

Re:Calling a spade a "spade" are we? (4, Informative)

asreal (177335) | more than 10 years ago | (#8790392)

Yes, they meant vultures. Air Canada is dying, and these funds are just waiting for them to keel over before they swoop down for the feed. Thus, vulture funds.

Re:Calling a spade a "spade" are we? (5, Funny)

Zocalo (252965) | more than 10 years ago | (#8790404)

Actually "vulture capital" is a legitimate term for people that buy failing companies in order to asset strip and so on. Quite literally picking over the bones of the corporate carcass for stray morsels of value. If you are in Utah you can see some circling over Salt Lake City waiting for SCO to finally croak.

Re:Calling a spade a "spade" are we? (1, Funny)

LostCluster (625375) | more than 10 years ago | (#8790412)

Actually "vulture capital" is a legitimate term for people that buy failing companies in order to asset strip and so on. Quite literally picking over the bones of the corporate carcass for stray morsels of value. If you are in Utah you can see some circling over Salt Lake City waiting for SCO to finally croak.

Wait a sec... you're saying that after Darl gives up the charade, there's gonna be assets left in SCO?

Re:Calling a spade a "spade" are we? (1, Insightful)

Anonymous Coward | more than 10 years ago | (#8790462)

There are always *some* assets. You'll be seeing those SCO mousemats, office chairs, desktop PCs and building signs popping up on eBay faster than you can say "Enron".

Re:Calling a spade a "spade" are we? (2, Interesting)

jonwil (467024) | more than 10 years ago | (#8790500)

Hopefully someone will come in, buy up the rights to any unix code SCO may actually own and GPL the whole thing. (Unixware, System V etc)
That would be the fitting end to all this lawsuit crap.

Re:Calling a spade a "spade" are we? (0)

Anonymous Coward | more than 10 years ago | (#8790511)

Isn't SCO claiming that IBM has been there and done that already? ;)

Re:Calling a spade a "spade" are we? (1)

Short Circuit (52384) | more than 10 years ago | (#8790620)

It's been mentioned before, but the SCO codebase has a lot of code they licensed from other UNIX vendors. And not all of it is properly attributed.

Robert Love described the copyright issues surrounding the codebase as a real mess.

What to do with assets of SCO ? (1)

RedLaggedTeut (216304) | more than 10 years ago | (#8790622)

Of course there are assets of SCO that you can use! Why, just yesterday I filed my business plan that involves buying the rights to SCO Unix and System V, and suing every Linux user on the planet.

This is step one in my plans for World Domination. This time, it will work.

Re:Calling a spade a "spade" are we? (0, Funny)

Anonymous Coward | more than 10 years ago | (#8790649)

Wait a sec... you're saying that after Darl gives up the charade, there's gonna be assets left in SCO?

I think he misspelled "assholes".

Re:Calling a spade a "spade" are we? (0)

Anonymous Coward | more than 10 years ago | (#8790688)

What I want to see are actual vultures actually stripping the flesh off of Darl's carcass...:-)

Re:Calling a spade a "spade" are we? (5, Informative)

qvanderm (518865) | more than 10 years ago | (#8790417)

Not a typo. Vulture Funds [investopedia.com] specialize in 'distressed' investments. A money-burning operation like Air Canada certainly qualifies.

What was the TOS? Was there even one? (5, Insightful)

LostCluster (625375) | more than 10 years ago | (#8790379)

We may see an interesting test case for the validity of website terms of serivce here, or maybe even what happens when a website forgets to cover a form of abuse in the TOS.

Afterall, the site that was involved here was designed for an internal audience, one that'd not dream of feeding info to a competitor.

But they couldn't simply delete this guy's account because he was entitled to use that site for the next five years to book free air travel as part of his severance package. If he was told not to give the information to his new employer, that's one thing. But if he wasn't, then who can say that infomation given to an ex-employee without any contract still counts as a trade secret?

So, if there isn't a TOS on the page in question... things could get really interesting.

Re:What was the TOS? Was there even one? (5, Insightful)

Tirel (692085) | more than 10 years ago | (#8790418)

Terms of service are displayed so that the provider can discontinue the service to that particular client if he breaks them, it's never used to sue anyone. He didn't seem to hurt their website significantly (after all, it was months before they noticed it?) so there's nothing illegal in that.

OTOH, if he signed (and not just viewed or clicked on a button), a confidentiality agreement, then he's fucked.

Re:What was the TOS? Was there even one? (1)

Oligonicella (659917) | more than 10 years ago | (#8790747)

Bullshit. You don't have to be told not to steal. What he did was not "book free" for himself. He should be arrested, prosecuted, and jailed. He stole.

Re:What was the TOS? Was there even one? (3, Insightful)

tehcyder (746570) | more than 10 years ago | (#8790888)

He must surely have signed some sort of compromise agreement when he left, or else where does the fact that he had five years' access come from?

And if the agreement was drafted without a clause saying he couldn't reveal information to a competitor, then the company's legal/HR team should be fired, not this bloke.

Excellent newspaper (5, Funny)

Rosco P. Coltrane (209368) | more than 10 years ago | (#8790382)

Some of Canada's largest pension funds as well as Toronto conglomerate Onex Corp. and several U.S. vulture funds have been mentioned as possible replacement investors in the airline.

Finally a newspaper that calls a cat a cat!

It's all about size. (3, Funny)

NickeB (763713) | more than 10 years ago | (#8790387)

Of course you don't remove old IDs/PWDs, the larger the user database is, the cooler it looks.
Right?

Re:It's all about size. (-1)

Anonymous Coward | more than 10 years ago | (#8790654)

Wow, almost at 764,000... who'da thunk?

Re:It's all about size. (1)

LostCluster (625375) | more than 10 years ago | (#8790700)

In fact, you shouldn't. You should just have a bit-flag on the accounts saying that they're not allowed to log in... you never know when somebody's coming back to the company and would need their account reactivated.

Re:It's all about size. (1)

jobbegea (748685) | more than 10 years ago | (#8790749)

Keep it, as you also might want to know for security reasons if a former employee tries to login.

Re:It's all about size. (4, Informative)

CoderDevo (30602) | more than 10 years ago | (#8790805)

In fact, you shouldn't. You should just have a bit-flag on the accounts saying that they're not allowed to log in... you never know when somebody's coming back to the company and would need their account reactivated.

Actually, there is no harm in deleting the account. It is typical practice to delete all accounts 30-90 days after an employee leaves. My company maintains a database of past IDs and their owners for forensic & audit purposes. (That database is not used for authentication.) But we have no problem with re-issuing an ID to a new employee if the ID has not been used for a few years.

However, deleting or disabling the account would not have worked for Air Canada since they already agreed to give the ex-employee access to their space-available tickets website for the 5 years following his departure.

They could have instead analyzed website activity looking for anomolies, but that may not have worked either since they hadn't anticipated this type of misuse. A better solution would be to not give ex-employees access to any internal data at all. Instead, provide non-employees with only a phone number for a ticket agent who can book the flights for them. But then, that is more expensive. There is risk in being cheap.

I'm not sure if I understand (4, Informative)

PsiPsiStar (95676) | more than 10 years ago | (#8790391)

It seems that the ex-employee used automated technology to access information that he was allowed to access. What makes this information confidential?

Maybe Lanford signed somthing, but the article doesn't mention what violation Lanford committed, aside from 'using confidential information' that he obviously had access to.

How effectivly can a company regulate the way that information it discloses can be used?

IANAL. Maybe there's some sort of quid-pro-quo regarding Lanford's receipt of something tangible like tickets which would make a confidentiality agreement more binding than a simple clickthrough liscense, but does anyone know what it takes for one of those buggers to hold up in court?

From the article;



The airline alleges Lafond's identification number was used 243,630 times between May 15, 2003, and March 19, 2004, to access the website.

"The continuous and massive use of Lafond's employee ID number and PIN to access the employee website could not be done by one individual and far exceeds any possible potential use by Lafond," Air Canada said.


Well, obviously he did use the information. It's just a matter of what he used it for.



"Such massive access to the employee website through one employee ID number could only be accomplished through automated technology."

Re:I'm not sure if I understand (2, Interesting)

adamofgreyskull (640712) | more than 10 years ago | (#8790424)

Would he be equally culpable if he repeatedly tried, on a smaller scale, to book free tickets from work which he cancelled at the last minute and his new employer was monitoring his PC without his knowledge?

Or in this case, what if his employer or some unknown party snooped his login and then proceeded to misuse it without his knowledge? Sounds like a reasonable defence...

Re:I'm not sure if I understand (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8790453)


Dude, wanna hear a fucked up story? So, Im at the usual weekend frat parties and i've been talking to this girl for the majority of the night. Anyway I ended up going back with her to her dorm. About another 8shots later, we end up fooling around on her bed. So about 10 mins into her giving me head, I had to drop the fattest shit in my life. All my meals were followed by 3tsp of metamucil so I could get lots of fiber in me to combat the carbs a litte. Anyway im holdin my #2 in and finally it goes away. We both end up passing out on her bed, she's butt naked and im in my boxers. I wake up to piss and I find myself covered in shit. It was all over the bed,sheets,etc.... Im freakin out so I did the most horrible thing in the world. She's sleeping with her back towards me, so I take my boxers off, scoop up some shit and gently smear it on the inside of her butt, her lower back, and a little on the back of her hammies. I get dressed and leave... This poor girl is gonna think she did it. I didn't know what else to do though. I have no clue what im gonna do when I end up running into her.

Re:I'm not sure if I understand (0)

term8or (576787) | more than 10 years ago | (#8790456)

As a question, how did they prove that the individual who used Laford's ID number was Laford? It wouldn't be the first time that someones computer was hijacked using a trojan, and infor such as passwords obtained. The IP and phone calls wouldn't be proof in that case.

Re:I'm not sure if I understand (2, Informative)

matth (22742) | more than 10 years ago | (#8790621)

Tough bananas. As the account holder it is MY responsibility to make sure that the account is secure. Whatever is done on or with that account is my responsibility and I am ultimately responsible.

Same goes if Joe Smith user gets a virus on his computer that spamms the heck out of an ISP and the ISP gets on blacklists. Joe Smith user is ultimately responsible for the spam, and should be booted from the ISP (assuming the TOS allows it) for letting the spamer (knowingly or otherwise) use his account to send spam.

Re:I'm not sure if I understand (1)

LostCluster (625375) | more than 10 years ago | (#8790694)

Same goes if Joe Smith user gets a virus on his computer that spamms the heck out of an ISP and the ISP gets on blacklists. Joe Smith user is ultimately responsible for the spam, and should be booted from the ISP (assuming the TOS allows it) for letting the spamer (knowingly or otherwise) use his account to send spam.

But that's the key... the TOS needs to have a "thou shalt not spam" clause in order for spamming to be considered an abuse.

The airline would have had to see this datamining coming in order to post a "no datamining" sign anywhere on the site. If they didn't, then there's a vacuum where they should have been such a policy... and that could make all the difference.

Re:I'm not sure if I understand (1, Offtopic)

eetiiyupy (746129) | more than 10 years ago | (#8790720)

In England and Wales, confidentiality is a branch of the law which is currently growing with the help of the European Human Rights treaty. But it is pretty well established that a former employee owes his former employer a duty of confidentiality. If he knows that the information is important, valuable and obtained in the course of employment, he should keep it quiet. The leading case on this involves a man called Fowler who worked for a company that sells chickens ( Facenda Chicken v Fowler [1985] 1 All ER 724).

Summary: No agreement needed, it's the employee's state of mind.

Thou shalt check thine logs... (4, Interesting)

LostCluster (625375) | more than 10 years ago | (#8790396)

The airline alleges Lafond's identification number was used 243,630 times between May 15, 2003, and March 19, 2004, to access the website

It took more than 10 months to realize that this account was hitting the site roughly 750 times per day? Somebody didn't bother to check the logs regularly... this should have smelled funny much faster than that.

Re:Thou shalt check thine logs... (4, Funny)

Willeh (768540) | more than 10 years ago | (#8790405)

Or they just assumed he was a compulsive, obsessive control freak checking up on his flight every 5 seconds, and that was the reason they fired him in the first place.

Re:Thou shalt check thine logs... (1, Funny)

dotgain (630123) | more than 10 years ago | (#8790426)

Maybe he wanted FP...?

Re:Thou shalt check thine logs... (0)

spacefight (577141) | more than 10 years ago | (#8790586)

FS, First Seat ;-P

Re:Thou shalt check thine logs... (1)

jimand (517224) | more than 10 years ago | (#8790609)

hmm, yet another missing poll [slashdot.org] option.

Re:Thou shalt check thine logs... (4, Interesting)

Tom (822) | more than 10 years ago | (#8790505)

You've never admin'ed a major site, have you?

I have (16k hits/min during the business day). Something like 750 hits per day is well below the line noise threshold for any large site. Unless you look for patterns like that intentionally, you'll never notice.

Re:Thou shalt check thine logs... (0)

Anonymous Coward | more than 10 years ago | (#8790522)

Is an employees-only website, requiring a login liable to receive 16k hits/min from a total of some 40k employees?

More than a thousand logins per day would surprise me, but maybe some Air Canada employee browsing could inform us of whether there's some other pressing reason to log into this site, like a web-interface for internal email.

Re:Thou shalt check thine logs... (4, Interesting)

Ami Ganguli (921) | more than 10 years ago | (#8790591)

Say 40k employees look at the site an average of once a month (I'd probably check it out once a week myself, so I think this is a low estimate).

Each time you log in you probably do five or so hits, for 200k hits a month, or over 6000hits/day.

750 extra hits a day should be noticed, but I doubt anybody cares enough about the traffic on an internal web site to find out why it's gone up by 12% or so. If it happened suddenly on our public site, I'd definately care, but if it happens on our Intranet it's just an interesting statistic.

Of course, somebody did notice eventually. But it doesn't surprize me that it took a long time to figure out.

Re:Thou shalt check thine logs... (0)

Anonymous Coward | more than 10 years ago | (#8790646)

One problem with your theory...

The article says:

The airline alleges Lafond's identification number was used 243,630 times between May 15, 2003, and March 19, 2004, to access the website.

The number we're talking about is more likely logins than hits, and even when newspapers say hits, they usually mean pageviews.

Re:Thou shalt check thine logs... (1)

LostCluster (625375) | more than 10 years ago | (#8790644)

A closed-access site that's offering not-for-publication data isn't a "major site". They eventually caught onto this, but it took them 10 months.

Re:Thou shalt check thine logs... (1)

DataCannibal (181369) | more than 10 years ago | (#8790666)

..er.. you're not supposed to "read" log files, you're supposed to analyse them. You should be doing excatly that, e.g. looking for unusual patterns of usage etc.

and you're an admin, doh !

More dipshit law cases (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8790397)

Yet another dipshit law case [seanbaby.com]

Re:More dipshit law cases (-1, Troll)

robnauta (716284) | more than 10 years ago | (#8790407)

No it is not.

Turnabout... (5, Interesting)

Anonymous Coward | more than 10 years ago | (#8790400)

The funny thing is, Air Canada is one of only a few corporate entities world wide that probably can't afford to sustain litigation against a private citizen =)

For the benefit of Americans who probably neither know the circumstances (nor really care I'm sure), Air Canada is Canadian's only remaining national airline (i.e. services all parts of the country as opposed to just a few very profitable routes; and does so with legendary rudeness, but that is another story), and it is quite bankrupt. Its chances of survival at this point seem pretty remote.

Re:Turnabout... (0)

Anonymous Coward | more than 10 years ago | (#8790630)

Canada's other national airline was called "Canadian" and it is dead. 9/11 has pretty much wiped out the airline industry in Canada. It was not doing especially well before, and just couldn't handle such a large blow. A serious problem for a sparsely populated country with a huge landmass.

The moral is? (2, Insightful)

Trailwalker (648636) | more than 10 years ago | (#8790403)

The real problem is the lack of security awareness by Air Canada.

The imformation could have been obtained by noting the place and departure times of all Air Canada's fleights. The ex-employee just made it easier.

Too, it looks like a sinking ship in search of rats.

Re:The moral is? (0)

Anonymous Coward | more than 10 years ago | (#8790431)

...don't forget how many empty seats each flight has, which is considerably harder to 'note'.

Re:The moral is? (4, Informative)

Beeswarm (693535) | more than 10 years ago | (#8790469)

Wrong. The information in question would have to be the flight loads. This would tell you how many people are booked on a specific flight and how many overbookings are allowed. To an employee, this information would be used to plan their travel by seeing which flights they would most likely to get on as a space-available rider. To a competitor, this information would be useful for determining which routes are more profitible because the seats are always full, and which routes already have too much seat capacity.

Re:The moral is? (2, Interesting)

stecoop (759508) | more than 10 years ago | (#8790610)

Shouldn't we as consumers clamor to have overbooking information too? I would think that if a flight is overbooked than I should see the statistics to determine if I want to buy the ticket.

Also on the flight loads, if I really (read it twice) want that information, I could have a bunch of apprentices sit outside the loading gates and count the people that boarded having them record the plane and route. Viola - got your information legally.

Rights? Clearly abused. (2, Informative)

ruprechtjones (545762) | more than 10 years ago | (#8790406)

"Using that confidential information, WestJet adjusted its own schedule, planned its expansion into new routes and adopted pricing strategies to force its larger competitor out of certain markets, Air Canada alleges."

This is an insider-information case, and he should get what's coming to him. Pure and simple. He abused a quirk, he and WestJet really don't have a strong case here.

Re:Rights? Clearly abused. (1)

Willeh (768540) | more than 10 years ago | (#8790415)

Exactly. What i don't understand is that nobody at WestJet questioned this method of data collection, surely they could have smelled the flannel-wearing rat from several nautical miles away.

Re:Rights? Clearly abused. (4, Informative)

danheskett (178529) | more than 10 years ago | (#8790423)

But it's insider information he was explicitly allowed to have.

Air Canada fired him. Laid off. Not any longer employed but continued to give him access to information they wanted to keep private. They have, however, no reasonable expectation that this information would be kept private unless of coure it was previously arranged in the severance or rider contract.

Insider information isn't illegal perse. For example, if I went and physically counted the number of people getting on and off Air Canada planes at different times, and recorded that and sold it to WestJet things would be just fine. It's called market research.

The real issue here isn't insider information. It seems to be in my opinion trade secret.

Re:Rights? Clearly abused. (3, Interesting)

ruprechtjones (545762) | more than 10 years ago | (#8790450)

The real issue here isn't insider information. It seems to be in my opinion trade secret.

I'm sorry, you are correct. This is a trade secret issue. If Air Canada can cough up the paperwork saying he was only allowed to use his insider information to book his own tickets and absolutely nothing else, then it's an open-shut case. If not, then it'll be interesting to see how WestJet's lawyers defend this dude.

Re:Rights? Clearly abused. (0)

kill-9-0 (720338) | more than 10 years ago | (#8790690)

According to this logic, if you leave your front door unlocked, and I walk in and take your stuff, it's OK, because you allowed me access to it. True, they should have locked down their system a bit better, but he was clearly in the wrong with his actions. I don't think this qualifies as insider information, but more appropriately called company proprietary, or company confidential information. Sure, by sitting at the gates counting people, you can get the info, but taking it from internal company web sites makes it a hell of a lot easier and more accurate.
Just my $.02

Re:Rights? Clearly abused. (2, Insightful)

schon (31600) | more than 10 years ago | (#8790819)

According to this logic

Which logic is that? Certainly not any that was posted here.

if you leave your front door unlocked, and I walk in and take your stuff, it's OK, because you allowed me access to it

No. More like: if I gave you a key to my front door, and told you to take whatever you wanted from my fridge, and you come in, clean out the fridge, and sell it to the market across the street, then it's OK, because I gave you access to it.

Which it would be (because I have given you permission.)

he was clearly in the wrong with his actions

Not necessarily. If he had an agreement that he wouldn't give/sell the information to anyone, then you may have a point, but if there was no such agreement, then he's quite clearly not in the wrong.

I don't think this qualifies as insider information, but more appropriately called company proprietary, or company confidential information

If it was proprietary, or confidential, then the company should have had measures in place to keep it that way. You can't give something to someone with no strings attached, and then cry foul when they use it for something you don't like.

Re:Rights? Clearly abused. (1)

jcr (53032) | more than 10 years ago | (#8790695)

But it's insider information he was explicitly allowed to have.

The issue wasn't that he had the information, but that he passed it on without Air Canada's authorization.

-jcr

Re:Rights? Clearly abused. (2, Insightful)

iMMersE (226214) | more than 10 years ago | (#8790427)

How do you know that he didn't just automate checking which flights had empty seats on them, so he could take advantage of his free tickets?

Sure, it looks likely that he passed this information onto his new employer, but unless you are the defendant, how can you be so sure?

The world needs more people who don't just jump to conclusions from reading one newspaper article.

Terms and conditions... (3, Insightful)

adamofgreyskull (640712) | more than 10 years ago | (#8790408)

I guess it depends on what terms and conditions were specified when they gave him the login and password. If he had to sign an agreement when he got them..presumably they would still be in effect as long as the Login/Password was active.

If the use of the login and password was specified in an employment contract though, would he still be bound to the Ts&Cs after he left?

Job opportunity? (1)

Killjoy_NL (719667) | more than 10 years ago | (#8790414)

I think some IT heads will roll there.
Anybody wanna apply for the job(s) ??

(Ok, it probably means moving to Canada, but for a lot of people that shouldn't be a problem, right??)

Re:Job opportunity? (0)

Anonymous Coward | more than 10 years ago | (#8790680)

er...ibm takes care of air canada's i.t.

and no, you really don't want to work on that contract, believe me...

Dealing with this right now (4, Interesting)

beacher (82033) | more than 10 years ago | (#8790428)

I'm currently working on a project like this as we speak. My company's website is getting nailed from a handful of IP addresses that do nothing but datamining. We've come to the conclusion that captchas would penalize joe user and we're going to move forward with some applications that throttle requests by IP. We don't keep private information outside of account specific data...

My company is looking at it in a different way tho - We've figured out what click sequences are used and we're going to address the business need that these few bots have identified. If these 3rd party bots are selling atomic or aggregate data, well, why not cut them off at the source and sell the data for less?

The company failed in 2 areas - 1) keeping sensitive inside information from their outward facing internet site and 2) They should have rescinded the ID. I'm not sure about making their data available to the competition, but thats an inevitibility that they need to account for.
-B

Re:Dealing with this right now (1)

troon (724114) | more than 10 years ago | (#8790468)

My company's website is getting nailed from a handful of IP addresses that do nothing but datamining. We've come to the conclusion that captchas would penalize joe user and we're going to move forward with some applications that throttle requests by IP.

"some applications"?! Can't you just block a handful of IPs at the firewall? You do have a firewall, right?

Re:Dealing with this right now (1)

JimDabell (42870) | more than 10 years ago | (#8790582)

Can't you just block a handful of IPs at the firewall?

HTTP client IP addresses don't directly correspond to users. What happens when you block a proxy and hundreds of legitimate users can't get to your website?

Re:Dealing with this right now (4, Insightful)

Anonymous Coward | more than 10 years ago | (#8790485)

shutting it off is the weak minds way to resolve the issue.

identify the bots and slowly poison their data instead. thats how a man should do it.
whenever the bot is digging into your data, instead of real data feed it fake garbage data instead. poisoned garbage data should however only be slightly off not to make it obvious that it is garbage data. the point is : it should take long to realize that the data is posioned. When they realize the data is poisoned they should not be able to tell what data is real and what is poisoned so they will have to throw ALL data away.

So that when the finally realize they have been poisoned it will be too late to do anything about it.

Re:Dealing with this right now (4, Interesting)

beacher (82033) | more than 10 years ago | (#8790524)

You do have a firewall, right? Absolutely

So that when the finally realize they have been poisoned it will be too late to do anything about it.
Not ethical and impractical. Just how many requests does it take before you start poisoning? 1000 per hour? We get that many hits from AOL and they come in through a gateway. If we were poisoning legitimate users data, that would be unacceptible.

Why don't you go the ebay way and provide an API into your web site, then change the format slightly every month so breaking the web crawlers? After all, you may as well make money out of the data miners. We have *extensive* APIs into most of our systems. We're trying to get the bots to use and license the APIs. I have been talking with some of the developers to try to put some unicode inside (human readable but bot breaking).. They may be looking into this. We don't make any money off the data miners.

Re:Dealing with this right now (1)

term8or (576787) | more than 10 years ago | (#8790496)

Why don't you go the ebay way and provide an API into your web site, then change the format slightly every month so breaking the web crawlers? After all, you may as well make money out of the data miners.

Re:Dealing with this right now (0)

Anonymous Coward | more than 10 years ago | (#8790570)

My company's website is getting nailed from a handful of IP addresses that do nothing but datamining.

Does this software identify itself through the user-agent header? Does it obey robots.txt? If the answer to either of those requests is no, try taking it up with the ISP, as it's clearly abusing the network and may be in violation of their terms of service.

My company is looking at it in a different way tho - We've figured out what click sequences are used and we're going to address the business need that these few bots have identified. If these 3rd party bots are selling atomic or aggregate data, well, why not cut them off at the source and sell the data for less?

That's a smart policy, not many companies would knee-jerk and not consider it..

Re:Dealing with this right now (1)

LostCluster (625375) | more than 10 years ago | (#8790640)

I'm currently working on a project like this as we speak. My company's website is getting nailed from a handful of IP addresses that do nothing but datamining. We've come to the conclusion that captchas would penalize joe user and we're going to move forward with some applications that throttle requests by IP. We don't keep private information outside of account specific data...?

The best defense against dataminers is garbage data...

Instead of giving the overzealous IP a limit as to how much they can download, instead start including non-existant datapoints, or bot-tempting links in browser-invisible color schemes. Once you've identified your boggie... give them nothing but random numbers in place of data.

Re:Dealing with this right now (0)

Anonymous Coward | more than 10 years ago | (#8790679)

bot-tempting links in browser-invisible color schemes

What happens to those people using Lynx? Or those that use an aural user-agent? Or those that switch on the "use my own colours" in their browser settings? Or search engine spiders? Or users that print pages out?

*yawn* (-1, Troll)

thejackol (642922) | more than 10 years ago | (#8790429)

"While I was "flying" down the road yesterday (i.e., 10 mph over the limit),I passed over a bridge only to find a a cop with a radar gun on the other side laying in wait.

The cop pulled me over, walked up to the car, and with that classic patronizing smirk we all know and love, asked, "What's your hurry?"

To which I replied, "I'm late for work."

"Oh yeah," said the cop, "what do you do?"

"I'm a rectum stretcher," I responded.

The cop was stammered, "A what? A rectum stretcher? And just what does a rectum stretcher do?"

"Well," I said, "I start by inserting one finger, then I work my way up to two fingers, then three, then four, then with my whole hand in I work side to side until I can get both hands in, and then I slowly but surely stretch, until it's about 6 foot wide."

"And just what the hell do you do with a 6 foot asshole?"

To which I politely replied, "You give him a radar gun and park him behind a bridge....."

Traffic Ticket: 95.00
Court Costs: 45.00
The Look on that Cop's Face: PRICELESS

Re:*yawn* (-1, Offtopic)

Ronan_The_Barbarian (766623) | more than 10 years ago | (#8790653)

one of the real 'Gud ones. LOL

The Funny Part (5, Interesting)

Fortress (763470) | more than 10 years ago | (#8790473)

For me, being Canadian, the funniest part of the whole article is how Air Canada's suit is looking for lost profits. Air Canada hasn't made a profit in decades, being a quasi-Crown corporation that can depend on the govt bailing them out when they run out of money.

Seems to me that Air Canada will have to pay WestJet money for "lost profits," since they spared them from losing money on those flights!

Re:The Funny Part (5, Insightful)

Snosty (210966) | more than 10 years ago | (#8790534)

On a slightly related note I was booking a flight from Vancouver to London last year and found the cheapest flight in the area was from Seattle to London via Vancouver on Air Canada. Booking the direct flight from Vancouver to London on Air Canada was nearly twice as expensive as taking a commuter flight from Seattle to Vancouver and then getting on that same direct flight to London.

Why not skip the Seattle leg and get on in Vancouver? If you miss the first leg of a flight you are not allowed to make the second leg even when in this case there was an 8 hour layover in Vancouver. As Seattle is only 2.5 hours drive from Vancouver it is conceivable someone could miss the flight from Seattle to Vancouver and still quite easily make the flight from Vancouver to London by catching the train north.

My point, anyways, was that I was pissed that an airline subsidized by Canadian taxpayers was offering flights to Americans at just over half the price they were offering it to Canadians.

And before any of you idiots ask the price difference had nothing to do with the exchange rate. ;)

Re:The Funny Part (1)

HeghmoH (13204) | more than 10 years ago | (#8790718)

I don't know why this happens, but it's not just Air Canada.

This past summer I was pricing flights from Wisconsin to Beijing. Normally it's cheapest to fly out of Chicago on United, as they have a daily direct flight, and everybody else makes you change planes and pay more. But Chicago is five hours by car away from where I was at the time, so I thought I'd see how much it was to fly out of Madison. I found a ticket that just flew from Madison to Chicago to Beijing (a highly ironic path because the flight path from Chicago to Beijing passes directly over Madison, to where you can look out the window and see the damned city) for $42 less than the direct Chicago-Beijing flight. It doesn't make a lot of sense to me either. Maybe it's worth the money to reduce check-in or security congestion? It doesn't seem likely, though.

Re:The Funny Part (3, Funny)

Anonymous Coward | more than 10 years ago | (#8790536)

... corporation that can depend on the govt bailing them out when they run out of money

What's wrong with that? That's how they do it in the USA.

Re:The Funny Part (1)

derekb (262726) | more than 10 years ago | (#8790632)

Air Canada does other funny things..

It's amazing the seat sales that mysteriously appear in the Maritimes (a lower volume area of the country) whenever a competitor decides to offer service here. ..

Maybe these 250k site visits was just the poor fella trying to book travel to Vegas.. I try using my aeroplan points.. but there just never seems to be any seats.

Terrible Journalism (3, Funny)

Tedium Unleased (764661) | more than 10 years ago | (#8790488)

How do we know they were 'cool' scripts. If he was such a great scripter, why was he let go.. or is simple web crawler enough to pass for 'cool' these days. Perhaps they were among some of the most inefficient scripts of all time, rivaling those found in the Hall of Terrible Programming.

Did'nt thay had some thing like this (2, Interesting)

anandpur (303114) | more than 10 years ago | (#8790490)

You are entering an Official Air Canada System, which may be used only for authorized purposes. Unauthorized modification of any information stored on this system may result in criminal prosecution. The Government may monitor and audit the usage of this system, and all persons are hereby notified that use of this system constitutes consent to such monitoring and auditing.

Unix password question (-1, Offtopic)

aardwolf204 (630780) | more than 10 years ago | (#8790491)

Not too offtopic i guess but,

Is it possible to have the characters ^H in a unix password? Is it is valid are there any other concerns or does *nix play nice? I dont know how many times ive telnet'd to a *nix box and typo'd in the middle of authentication only to hir backspace by habbit and get ^H.

Am I the only one that uses secure passwords (3 caps, 3 lower, 3 numeric), yet always finds some way to make the password a pattern on a qwerty keyboard for easy to remember?

Remove YRO (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8790552)

News value for Nerds, that want Stuff that matters are close to 0

Who gives a .... about this kind of so called "news" ???????

Was it him? (1)

MrIrwin (761231) | more than 10 years ago | (#8790554)

OK, you want to find out which seats are going unused, and you know there is this website, do you use your **own** ID, or do you slip a backhander to some low paid IT staff to pass you somebody elses?

And if you are the low paid IT worker whose code do you give? Somebody who has left the company but is still in the system.

True, it's fishy that the ID belonged to somebody who went to a competitor, but how many major airline employees have moved to budget airline companies?

I think Air Canada whould at least have to prove that he, or somebody he deliberately gave his ID to, was responsible for the mega use of the site.

Everything not forbidden is permitted? (2, Interesting)

hwestiii (11787) | more than 10 years ago | (#8790572)

The story digest may have this completely wrong. It says "What do you do when you let an employee go? You kill their password and ID, right?"

The activity in question appears to have been facilitated by access granted as part of his severance package. As the article notes: "As part of his separation package when Lafond left Canadian Airlines in October 2000, he received two space-available airline tickets per year for five years. These tickets are booked through the private website."

The article is actually a little hazy on the details here. Though it doesn't specifically say so, it seems to imply that the separation agreement gave the terminated employee direct access to this private web site through a user name and password. One can imagine other ways this could be done that didn't involve direct access to the employee, like through a dedicated fulfillment provider, for example.

Either way, it sounds like it all amounts to some pretty dumb corporate behavior on the part of Air Canada. Either bad security practices if they didn't cut off the guy's access, or bad auditting if all that use went unnoticed for so long.

Not how - but what. (5, Informative)

Saggi (462624) | more than 10 years ago | (#8790601)

In Denmark where I live the rules are simple.

You don't get sued for accessing the website, with or without an illegal id. You get sued if you misuse information you gained in your former employment. It doesn't matter if it is in your contract, the commerce laws in Denmark forbid use of inside knowledge to harm other companies - as it clearly is happening in this case.

I would guess that Canada have some similar laws.

So how you obtain the information is irrelevant - even thou this case in interesting from a slash-dot point of view.

Number of Accesses (1)

funk_phenomenon (162242) | more than 10 years ago | (#8790602)

I think the 243,630 times the ex-employee Lafond accessed the site gave it away. That information was found in the CBC Business news [www.cbc.ca] .

Why Are the Scripts "Cool" ? (1, Flamebait)

tealover (187148) | more than 10 years ago | (#8790648)

Are we that juvenile that we admire anything technical, regardless of its use, or in this case, misuse?

You people need to grow up.

Re:Why Are the Scripts "Cool" ? (0)

Anonymous Coward | more than 10 years ago | (#8790756)

Thank you for stating what I was thinking - it's the same thought I have as I listen to all the arguments about why stealing music isn't stealing music.

reason window whatever (4, Insightful)

spottedkangaroo (451692) | more than 10 years ago | (#8790775)

This guy is the reason the IT industry is full of non-compete contracts... what a 100% total asshole.

Always change passwords when employees leave (3, Interesting)

Punk Walrus (582794) | more than 10 years ago | (#8790858)

Back when I did contract work, I always told my employers, via public e-mail, to change the system passwords, and then listen which systems I had access to. This way, if they ever got hacked, I could always say, "Well, I *told* you to change them..."

I'm not sure anymore if that would help, but I know at least one company never changed their passwords because their vendors kept paging me, up to a year later, to "go into the system and make these changes." One of the vendor contacts and I had became good friends, and one day he begged, "We can't get in, and those bozos won't answer our pages." So I told them the last password I had, stating it probably wouldn't work. Nope, he got right in. Root access to a major gateway.

And the password was easy too, like abc123 "That's the combo on my luggage" easy. Considering this gateway controlled 48 T1 lines to a large call center, I shudder to think how it could be used if phreaked.

Uhhh..web traffic reports? (2, Funny)

lordkimbot (631248) | more than 10 years ago | (#8790893)

'The airline alleges Lafond's identification number was used 243,630 times between May 15, 2003, and March 19, 2004, to access the website'

Let's see who's visiting our website last month...OMG!

How could a commercial website be so clueless?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...