[HN Gopher] The FBI is secretly using Sabre as a global travel s... ___________________________________________________________________ The FBI is secretly using Sabre as a global travel surveillance tool Author : AndrewBissell Score : 230 points Date : 2020-07-20 17:14 UTC (5 hours ago) (HTM) web link (www.forbes.com) (TXT) w3m dump (www.forbes.com) | crb002 wrote: | The FBI is probably using all information sold to advertisers. | The EU passed GDPR for security, not just privacy. | justanotheranon wrote: | https://search.edwardsnowden.com/docs/FullSpectrumCyberEffec... | | see page 8. | | GCHQ has a program called ROYALCONCIERGE, where they hack the | reservation systems of hotels to watch for targets renting rooms. | then GCHQ sends teams ahead of time to intercept the targets, | preaumably to spy on them, or assassinate them or rendition them | to a black site. | | from another Snowden doc which i can no longer find, it was | revealed that ROYAL CONCIERGE hacked hotels owned by Starwood, | one of the biggest umbrella corps owning multiple global hotel | chains. | | you think NSA only went after Starwood hotels? remember NSA said | their "Full Spectrum Domination" posture means "Collect It All." | | you think if NSA/GCHQ are hacking into hotel reservation | databases to exfiltrate the whole shebang, that Airline | reservation systems are NOT a higher priority? | | a commenter said it is ridiculous hypocracy how we blast China | for forcing its tech companies to become appendages of their | military/intelligence complex, while ignoring FBI/CIA/NSA do the | very exact same thing under the rubric of NSLs and Bulk FISA | Warrants and Business Records "All Tangible Things" and EO12333 | get-out-of-jail-free cards to target anything loosely related to | "understanding foreign intelligence." | | there is zero difference between what China does and what the | FVEYs do, except that our Overlords tell us they are not spying | on us, while every peasant in China knows they are being spied on | by their govt because the Chinese govt openly admits to it. | echelon wrote: | > there is zero difference between what China does and what the | FVEYs do, except that our Overlords tell us they are not spying | on us, while every peasant in China knows they are being spied | on by their govt because the Chinese govt openly admits to it. | | We can fight it by electing the correct people. | | But more importantly, I won't be spirited away to a black site | by speaking ill about the president. Nor can the government | decide it doesn't want me as CEO of my company anymore. Or | prevent me from funding the opposition party. | | There's an enormous difference between the West and | totalitarian dystopia China. | duncan_bayne wrote: | > We can fight it by electing the correct people. | | No, you can't. Because the people you're allowed to elect are | all complicit in the creation and maintenance of these | systems. | hedora wrote: | > _I won 't be spirited away to a black site by speaking ill | about the president._ | | Trump started doing that in Portland last week. | | Earlier today, he said he plans to expand the program to New | York, Chicago, Oakland, Detroit, and a bunch of cities with | in blue states. | | Apparently, the Chicago PD's leadership is welcoming it | because the mayor "makes them fight with kid gloves" and this | will let them ignore state and local regulations. | | They also say they're planning to bypass the state courts | because federal courts have harsher sentencing guidelines. | marta_morena_25 wrote: | > We can fight it by electing the correct people. | | Can we? Please explain how that would work... Your faith in | democracy is admirable, although misplaced. | LegitShady wrote: | Many forms of Government have been tried, and will be tried | in this world of sin and woe. No one pretends that | democracy is perfect or all-wise. Indeed it has been said | that democracy is the worst form of Government except for | all those other forms that have been tried from time to | time... | chooseaname wrote: | > We can fight it by electing the correct people. | | Can we? I don't see anyone on either side [0] of the isle | doing much of anything about this. | | > But more importantly, I won't be spirited away to a black | site by speaking ill about the president. | | No, but you can be if you're in Portland any time soon. | | [0] Why TF are we stuck with TWO? | Forbo wrote: | Because game theory and first past the post electoral | system. Nearly any other voting system would be better than | what we have. | [deleted] | iso1210 wrote: | > [0] Why TF are we stuck with TWO? | | No STV for congress/senate | | No AV for president | | Imagine you could rank you votes | | 1) Cruz | | 2) Bush (J) | | 3) McCain | | 4) Johnson | | 5) Sanders | | 6) Trump | | 7) Clinton (H) | ahahahha wrote: | > Can we? I don't see anyone on either side [0] of the isle | doing much of anything about this. | | I dont see the point of this argument. | | If a person has lost faith in US democracy, the person is | free to leave. The US does not stop its citizens from | leaving like China does with HK. | | The other option is to stay and work towards a more | representative democracy. Doomer questions like "can we" | are a waste of everyone's time. | | On whats happening in Portland: | https://thehill.com/regulation/court-battles/507922-aclu- | fil... https://www.bbc.com/news/world-us-canada-53460495 I | dont see China or Chinese cities doing either of the above. | So stop with the false equivalence. | dragonwriter wrote: | > Why TF are we stuck with TWO? | | We have hundreds of parties. | | We have have had at most two _viable_ parties nationally, | and in each state--though not always the same two--since | the founding (with brief moments of only _1_ nationally, | and a lot more of only one in particular states) because of | our FPTP election system for Congress and most state | executive and legislative offices, and our even-more- | hostile-to-minor-parties Presidential election system. | wonnage wrote: | While in theory we could fight it via electing people, the | fact is that these programs were built over the last three | decades by elected administrations (both D and R), and this | two-party setup doesn't seem to be changing any time soon. | Allower wrote: | You are simply exploring the scope of the problem, I'm glad | to see that. But the fact remains, in the west we have a | cultural duty to eliminate this tyranny from our societies. | kortex wrote: | Annoyed at both sides enabling surveilance? Time to | advocate for STAR Voting and NPVIC, your cure to "lesser of | two evils"! (not implying parent comment is both-siding, I | am just trying to boost these ideas wherever it's relevant) | | https://en.m.wikipedia.org/wiki/STAR_voting | | https://en.m.wikipedia.org/wiki/National_Popular_Vote_Inter | s... | dcposch wrote: | > Nor can the government decide it doesn't want me as CEO of | my company anymore. | | You sure about that? | | https://www.washingtonpost.com/news/the- | switch/wp/2013/09/30... | dylan604 wrote: | I was going to comment on just the recent use of unmarked | federal agents in Portland. I never thought that within the | single term of US president things could swing so far. I | used to question how it happened in WWI/II, but now I see | it first hand. | deadbunny wrote: | > We can fight it by electing the correct people. | | Can you point to any candidate let alone party (that stands a | snowballs chance in hell of being elected) that has "reduce | surveillance" anywhere in their manifestos? | | The last 70 years of Democrat and Republican rule would | suggest not. | throwaway0a5e wrote: | >Can you point to any candidate let alone party (that | stands a snowballs chance in hell of being elected) that | has "reduce surveillance" anywhere in their manifestos? | | Every year for a long time there has been a senator named | Paul who has complained about this stuff nonstop. Nobody | has listened because it is not a partisan issue. If this | were a partisan issue we'd have billions of dollars behind | it on both sides and the pendulum would eventually swing | one way or the other. | [deleted] | fossuser wrote: | I'm pretty skeptical of the comments on issues like this when | new accounts show up and immediately have a pro-china, false | equivalence, or argumentative whataboutism posture (like the | one you replied to): | https://en.wikipedia.org/wiki/50_Cent_Party | | I agree there are clear and important differences between the | west and China. | | Chinese Police Are Making Threatening Video Calls to | Dissidents Abroad: | https://www.vice.com/en_in/article/jgxdv7/chinese-police- | are... | | The World's Most Technologically Sophisticated Genocide Is | Happening in Xinjiang: | https://foreignpolicy.com/2020/07/15/uighur-genocide- | xinjian... | | Leaked drone footage of CCP authorities loading Uyghurs onto | trains, presumably to transport them to reeducation camps: ht | tps://twitter.com/ne0liberal/status/1283422710555607045?s=... | | Also, Hong Kong security law, tight speech controls, | government restriction of the internet, political prisoners | (https://en.wikipedia.org/wiki/Liu_Xiaobo#Death_and_funeral) | | Suggesting the US and Chinese approach to their citizens and | spying are equivalent is wrong and plays into the hands of | authoritarian countries that push that exact message. The | irony is it's _because_ of strong speech protections in the | US people can loudly and publicly state stupid positions. You | 'd have less ability to do so in China. | | This doesn't mean there aren't problems in the US or that we | don't need tighter controls and more public | accountability/oversight in the US, but they are not | equivalent. | antocv wrote: | China spying on us thru Tiktok 5g huawei, somehow this gives | China power over us and that is bad. | | Meanwhile, no no, CIA/GHCQ/Five-Eyes, spies on us, nothing to | see, nothing to fear, no. | tdeck wrote: | I don't understand what this has to do with China. Can't they | both be bad? How does the NSA spying on people make China doing | it any better? If I've got five eyes spying on me I'm still not | keen to add a sixth. | TheSpiceIsLife wrote: | It has to do with China as the parent comment made clear: | | We're constantly told China is a threat, and that's probably | a reasonable bit of advice. | | We're not constantly told our own governments are a threat, | and that forms the basis of propaganda and misinformation. | thephyber wrote: | > We're constantly told China is ... | | > We're not constantly told our own governments are ... | | When I read these statements, I can't help to substitute | these nouns with "a used car salesperson". | | _Of course_ a used car salesperson will talk up the cars | on their lot and won 't go out of their way to point out | the defects or bad value. That's exactly why we should look | for sources other than the salesperson and their allies. | Look for data supplied by neutral third parties who have a | slight adversarial stance. Also look for data from strong | adversaries and evaluate the likelihood of truth versus | pure propaganda. | roenxi wrote: | And just to be clear; in the normal case a local government | is _much_ more of a threat than a foreign government. The | experience in the 20th century made it very clear - if a | government causes you to die, it was probably your | government. Not a foreign government. | | The experience in the 21st century has thankfully been a | little bit milder but (1) we're only 20 years in and (2) if | you are going to be persecuted it is still far more likely | to be by a local government than a foreign government. | thephyber wrote: | Also worth mentioning: Five Eyes is an older concept. That's | an inner circle, but the outer circle is at least 14 | countries strong[1]. | | [1] https://restoreprivacy.com/5-eyes-9-eyes-14-eyes/ | inopinatus wrote: | Hypocrisy on ethical concerns fosters abuse and corrupts the | host. | | The key bias here is normalisation of deviance, both on an | individual and regime level. | mNovak wrote: | Are the US co's complicit in the hack, or is NSA et al doing it | adversarially? That would be at least a slight difference. | MAGZine wrote: | Airlines report flights booked directly to security agencies, | including new, cancelled, and changed itineraries, with | complete customer information. They don't need to hack airlines | --the regulatory system has given them what they need. | | https://papersplease.org/wp/2013/09/29/how-the-nsa-obtains-a... | | For all we know, all major hotel chains could just be forced to | comply with secret injunctions from FISA, and it would still be | totally legal, and totally cool. | coliveira wrote: | Exactly. The moment the US created a global network of cyber | spying it gave the motivation for all other countries to do the | same. After all why would anyone believe in the goodness of the | US when it is already proven that they will use this data as a | commercial advantage? | TheSpiceIsLife wrote: | Global cyber surveillance was inevitable. | | First mover advantage matters. | | But now first movers are watching their lunch get eaten by | new comers who can move with more agility and know the lay of | the land. | | Same bit of typical history-repetition. | DangerousPie wrote: | I can see your point for why China is not unlike the US in this | regard. But where the two countries differ are the | concentration camps, the huge restrictions on press and | individual freedom, the imprisonment of political opponents and | the massive censorship. Yes, the US does some bad things and | may be moving in the wrong direction but you can't tell me that | the degrees to which the two countries are bad are even | remotely comparable. | deadbunny wrote: | Or how about we're not fine with the bad things either does? | imroot wrote: | The travel industry (esp the airlines) are moving to puzzle piece | style integrations -- I know that Hilton Uses Sabre for incoming | GDS reservations, but, uses salesforce internally for managing a | lot of the guest interactions (including bookings and customer | support): AA (as mentioned previously in this thread) uses | multiple commercial systems, and Marriott uses a mixture of | FOSSE, MARSA (there might be an H in there, but, it's been a | while since I've been at MI) that talk to their backend | microservices for their .com system. | | MI picked up a LOT of technical debt and a LOT of security bugs | when transitioning SPG programs and properties into MI's | portfolio (thankfully, I was off of that project at that point in | time). | | I don't think this is the case where the FBI or other | conglomerates have direct SQL-style access into their systems, | but, more-so where FBI has retired or plans internally to pull | data from systems when requested: When it's hard as hell for | employees with the proper need-to-know for their application to | pull up data in a meaningful fashion, you know that it's next to | impossible for Law Enforcement to have a nice little dashboard | where they can just type "Ian Wilson" and get a list of every | place I've ever stayed ever (unless they're working with VISA: | that's something that I kinda expect, tho). | imglorp wrote: | Pretty sure they've also got feeds on everyone's credit card | purchases, emails of itineraries, text message confirmations, | your phone homing and roaming (from the cell networks), from | scores of apps that wanted your location squealing to whoever | wants to buy it, from face rec at airports, etc etc. | | Your travel is certainly no mystery to the state without this one | airline feed. | [deleted] | neximo64 wrote: | How is this interesting? | | Any old school travel agent can look up names and follow their | travel history anyway? (No matter how it is booked btw) | | You could call one up and ask if X has got on the flight and they | can check. I've done it before to check if I wanted to know the | persons flight was delayed and made it to the airport on time. | [deleted] | jorblumesea wrote: | They're also a target for APTs and foreign governments. Pretty | much everyone wants to get their hand on travel data. Also fairly | likely that other GDS such as Amadeus has similar issues. | Speaking from personal experience, Sabre's code base is very | outdated, and filled with tech debt and hacks. They haven't done | a good job controlling bloat and many teams are skeleton crews | that are consumed with ops and can barely fix bugs. I'm sure you | don't need to "hack" anything. | | Contrary to what some posters here seem to be saying, Sabre is | very widely used in many parts of the travel industry. | | https://www.forbes.com/sites/leemathews/2017/07/06/travel-gi... | skim_milk wrote: | I work in the travel industry as a programmer (god only knows for | how much longer) - I can tell you that Sabre and other GDS's are | only used if you go through a travel agent or use _some_ online | reservation systems. If you book through the airline 's systems | or on online reservation systems they likely use the airline's | systems to track travel instead of GDS since the GDS wants to | take a big cut of every ticket sale. And obviously only legacy | travel companies like Hertz and Mariott integrate with GDS's, new | travel companies Uber and Airbnb likely don't have any | relationship with Sabre. | | You're only likely to be in a Sabre system if you've been booked | by your company through a travel agent and rent using legacy | car/hotel companies also through your company's travel agent. | ta17711771 wrote: | So, corporate bigwhig types who don't understand technology? | skim_milk wrote: | Having travel agents for companies is actually a good idea, | having someone work to set up travel for workers saves a | crapload of time and money for everyone and better done if | its outsourced to someone that knows travel. | | Lots of board and CXX whigs book their vacations through | their agent on their company's dime as a part of their | benefits package which is actually a great deal for them. I'm | more of a thrill seeker so I wouldn't use one but the average | person who just wants a stable planned-out vacation that they | only get once a year it's a really good idea. | BryanBigs wrote: | At my old SP500 firm, Corp travel agents were always - and | I mean ALWAYS - worse than what I could get from the | airline directly. Why? Internal accounting. Some part of HR | got to count part of the "fee" as revenue, billed against | my travel budget. Insane. Once that became common | knowledge, my coworkers and I were 'strongky encouraged' by | our department head to buy travel with our Corp cards. This | led to a strongly worded memo from the head of HR at FY end | demanding we stop the process. That led to meetings, | committees, more dueling memos. Great use of everyone's | time. | | I am so glad I don't work there anymore. | Spooky23 wrote: | Yup, that's pretty common with legacy contracts. Internal | accounting bullshit ruins all sorts of things. | | I worked at a place where "thou shalt" use some stupid | travel agent to buy intercity train tickets. You had to | call the company and pick up the paper ticket in some | inconvenient place between the hours of 10-3, closed from | 12-1. The ticket cost ~$5-10 more than buying it at the | train station, split between the travel agent and | procurement group, unless you purchased it a month in | advance, and could be used for 6 months. | | The "hack" was that business units with lots of travel | would buy 100 at a time every couple of months, and you'd | need to find a secretary with a stash to get a paper | ticket. I would ply them with my wife's baking to ensure | a steady supply. Not surprisingly, many tickets were | wasted unused (in pursuit of saving the $5), or people | took unnecessary trips to avoid wasting money on tickets | (and wasting 3x more in per diems, etc). | | The next innovation was to declare that the trip was an | emergency, and then you could buy the ticket from the | conductor, in cash. The penance for less hassle is that | you had to write a sad tale about why attending a | training class met some standard for "emergency" travel. | Xylakant wrote: | I've seen engineers with a three digit hourly rate spend | multiple hours trying to achieve double digit savings. | cosmie wrote: | Corporate bigwig types (whether technical or otherwise) are | generally not booking their own travel - that's what | executive assistants are for. I'm a technologically literate | corporate peon, and still booked >$15k in travel last year | through SABRE via our online corporate booking system, and | about $10k in bookings executed manually by our travel team. | | The online bookings still routed through an internal travel | agent for final approval and execution of the booking, but I | never actually interacted with anyone. The manual bookings | were the only time I ever spoke with an agent, and it was | almost always to handle an itinerary that was too complex for | the UI of the online booking system to accommodate. | walrus01 wrote: | You think US intelligence doesn't have access to other major | airlines' back end databases, or things like major hotels' | reward programs, airbnb, uber, lyft? | morpheuskafka wrote: | This is largely a moot point. All names of departures and | international arrivals are sent to the Department of Homeland | Security via the Secure Flight/APIS data pipeline. This | returns to the airline authorization to board, select for | additional screening (SSSS on boarding pass), or inhibit | boarding (unless overridden by a TSA call center), as well | as, for international flights, authorization for who can even | overfly the country. | walrus01 wrote: | Intelligence agencies are also highly interested in things | that don't involve the DHS or have a flight involving a | destination in the USA. Such as obtaining PNRs for people | who buy flights from Dubai to Mogadishu. | skim_milk wrote: | Of course it's laughable to think you could get away with | doing anything on a plane in a post-9/11 USA - they're | obviously going to have data on every citizen's and | foreigner's flights. Beyond that I wouldn't know. | | All I can say is you're very likely not a point in Sabre's | private data mining set. | monksy wrote: | They have PNRs | | https://arstechnica.com/tech-policy/2014/05/ask-ars-can-i- | se... | lawnchair_larry wrote: | As someone who has worked on security for said systems, and | who is somewhat familiar with the types of requests that are | serviced to LEAs and TLAs, I do think that they don't have | access to back end databases. | | What, you think we set up a VPN for them so their SQL client | in Fort Meade can just query as they please? Or do you think | they hack us? | znpy wrote: | Subpoena? You wouldn't even be allowed to disclose that you | had received a subpoena. | | Some companies establish subpoena canaries for that | specific reason. | Scoundreller wrote: | Sabre would include a lot of companies that are outside | the borders of a US subpoena. | walrus01 wrote: | In some ways that actually makes it a lot easier for the | NSA doing its role as sigint agency against anything | "foreign", which doesn't have any US legal protection | related to the 4th amendment. | grey-area wrote: | If you work for a useful target yes they probably have | hacked you. They've certainly hacked google in the past for | example - see below. These agencies are lawless and | motivated. I imagine knowing where targets stay/travel in | advance could be very useful. | | https://www.google.com/amp/s/amp.theguardian.com/technology | /... | 2OEH8eoCRo0 wrote: | >These agencies are lawless | | Citation needed | grey-area wrote: | Here you go: | | Stellar Wind, Tempora, Prism. | | https://www.nytimes.com/video/opinion/100000001733041/the | -pr... | | This is a particularly interesting profile of Binney, who | worked on stellar wind. | | https://www.forbes.com/sites/emmawoollacott/2018/09/13/uk | -ma... | | https://www.bbc.co.uk/news/world-us-canada-23123964 | | Of course they claimed after being exposed that these | programs are legal, but I think lawless is apt as these | agencies don't consider the law as a boundary they need | to respect. | | O tempora, o mores | DubiousPusher wrote: | Excellent long form piece that covers several of these | topics as well. | | https://www.newyorker.com/magazine/2011/05/23/the-secret- | sha... | opnitro wrote: | [https://en.wikipedia.org/wiki/James_Clapper#Testimony_to | _Con...] | remus wrote: | https://en.wikipedia.org/wiki/Global_surveillance_disclos | ure... | dylan604 wrote: | Is that data encrypted in transit? If so, what encryption | was used? The ones "suggested" that NSA knows how to | decrypt? Also, do you know what agreements have been made | that are "above your pay grade"? Do you know what every | piece of equipment in your data center does? What about | what equipment is installed at the ISP level? | | Don't be so quick to say "you" are not actively having data | taken. "You" just might not be aware of it. | gruez wrote: | There's precedent for all the things you described. | | >What, you think we set up a VPN for them so their SQL | client in Fort Meade can just query as they please? | | https://cdn.vox- | cdn.com/uploads/chorus_asset/file/12801415/p... | | >Or do you think they hack us? | | https://i.stack.imgur.com/jWW5v.jpg | ChrisKnott wrote: | Your first link doesn't support your quote. The queries | are sent to the data holder who send back the data, the | agency does not have direct access | gruez wrote: | >the agency does not have direct access | | Sure, NSA can't directly query against whatever database | gmail uses to store your email, but they still have all | your emails, photos, and login history. As far as your | privacy is concerned, there isn't really any meaningful | difference. | ChrisKnott wrote: | Do you mind explaining precisely what you mean by "NSA | has all my emails"? | | Suppose I sent an email yesterday from my Gmail to a | friend's Gmail, are you saying the text of this email is | stored on an NSA machine? | gruez wrote: | >Suppose I sent an email yesterday from my Gmail to a | friend's Gmail, are you saying the text of this email is | stored on an NSA machine? | | Maybe not today, but during its heyday must certainly. | | >Internal NSA presentation slides included in the various | media disclosures show that the NSA could unilaterally | access data and perform "extensive, in-depth surveillance | on live communications and stored information" with | examples including email, video and voice chat, videos, | photos, voice-over-IP chats (such as Skype), file | transfers, and social networking details.[2] Snowden | summarized that "in general, the reality is this: if an | NSA, FBI, CIA, DIA, etc. analyst has access to query raw | SIGINT [signals intelligence] databases, they can enter | and get results for anything they want." | | >[Glenn Greenwald] added that the NSA databank, with its | years of collected communications, allows analysts to | search that database and listen "to the calls or read the | emails of everything that the NSA has stored, or look at | the browsing histories or Google search terms that you've | entered, and it also alerts them to any further activity | that people connected to that email address or that IP | address do in the future."[44] Greenwald was referring in | the context of the foregoing quotes to the NSA program | X-Keyscore.[45] | | https://en.wikipedia.org/wiki/PRISM_(surveillance_program | )#E... | | But let's suppose they _don 't_ have your emails stored | in their datacenters. Instead, it's still stored on | google's servers but they can access your emails via | automated requests to google, via search terms or by | providing your user handle. Is that a meaningful | difference, in terms of privacy? | some_random wrote: | What are you trying to say with the second picture? | Getting access to a GFE gets you access to what's going | through it? What does that have to do with the FBI | hacking into the backend of a airline company? | | The FBI (and NSA for that matter) are a lot more | constrained by the law than HN seems to think, they can't | just shell anyone they want especially if the target is a | third party that has done nothing wrong. | DubiousPusher wrote: | > they can't just shell anyone they want especially if | the target is a third party that has done nothing wrong. | | The reality is not that clear. A lot of what governs what | these agencies can and can't do comes from executive | branch policies. There is a lot of gray around what is | "legal" and congress likes it that way because it keeps | responsibility for allowing to much or not enough | surveillance far away from them. | | What's more, you cannot adjudicate what you don't know | about and a lot of the secrecy in programs like this is | just as much about keeping away civil libertarian | attorneys as it is about confounding "the enemy". There's | a reason the FISA court rules nearly 100% of the time | with the state. Responding attorneys are rarely involved | and when they are they are often hamstrung due to a lack | of knowledge that prevents them from filing any kind of | useful motion or raising serious opposition. | gruez wrote: | > What are you trying to say with the second picture? | Getting access to a GFE gets you access to what's going | through it? | | https://en.wikipedia.org/wiki/MUSCULAR_(surveillance_prog | ram... | | Pretty much that, and also tapping any traffic that's in | their internal networks, since that's not encrypted | either. | | > What does that have to do with the FBI hacking into the | backend of a airline company? | | That's one possible attack that the FBI could be carrying | out. ie. sabre doesn't encrypt its communications in | their internal network, and that's being tapped similar | to how the NSA tapped google's internal networks. | lawnchair_larry wrote: | Oh make no mistake, I am very familiar with those slides. | | PRISM is not a VPN with a SQL client, or anything close | to it. | | The second one does not refer to domestic hacking. They | don't do that. | throwaway5370 wrote: | > The second one does not refer to domestic hacking. They | don't do that. | | What do you believe is happening in that second image? | | One could argue semantics as to whether a fiber tap is | "hacking" or not, or whether tapping a domestic company's | network from an international transit link counts as | "domestic hacking"... but there is ample evidence that US | intelligence agencies do target domestic companies and | their networks. | | See also, the rest of the docs on MUSCULAR: https://en.wi | kipedia.org/wiki/MUSCULAR_(surveillance_program... | aerostable_slug wrote: | There's also ample evidence that various companies choose | to cooperate with the intelligence community for a | variety of reasons. AT&T has made a healthy living off | .gov, but I'm not sure Western Union was ever compensated | for giving CIA decades' worth of international telegrams, | and it appears their recent cooperation with the Agency | regarding international money transfers was spurred by | patriotism. | | Since the links are likely compromised, ubiquitous | encryption is your friend. | satisfaction wrote: | I don't imagine they have raw sql access but you probably | have an API that takes a name or social or other | identifier and returns relevant results. This access may | have been granted to an account that is not described as | "FBI" it's probably another sub-contractor or analytics | provider. | jjuel wrote: | Are you saying you think that if the government asked your | company to turn over some information that my be useful | they would deny the request? | Spooky23 wrote: | The person you're replying to very specifically said they | don't provide access to backend systems. | | No entity is going to ignore subpoenas or warrants. They | may challenge them for reasons that are applicable to the | business. | Svip wrote: | What about airlines that only operate in said | government's jurisdiction, but is not based there? | lawnchair_larry wrote: | I feel that I was pretty clear as to what I was and was | not saying. | | If you'd like to ask a different question, feel free, but | I am not interested playing the "are you saying..." game. | [deleted] | keithnz wrote: | I used to work for Sabre, they do a lot more than just | bookings, they provide all the software to run an airline | basically. I worked in the area for scheduling air crew. But | also crossed over into all the flight tracking. Their systems | hold a lot of data, though the airlines own and host that data | in secure facilities. | | Fun Facts, when I worked there, you could fly for free on | American Airlines ( the company got split out from AA ). They | claimed to employ the most PhDs at one time ( lots of | operations research). Also claimed to invent database | transactions for the problem of people trying to book the same | seat on airplanes at the same time (early 60s I believe) | aahhahahaaa wrote: | They don't use a GDS on the front end, but doesn't all that | data feed into a GDS somewhere on the backend? I don't know | much about Sabre but I know Amadeus reaches pretty far across | everything. | skim_milk wrote: | Travel agencies still like to use the frontend even though | they're even less user friendly than VIM. This isn't the | right time for it but once upon a time you could research | what travel agencies use what GDS by the job requirements | these agencies put out - usually you need like 5 years | experience with Sabre/Apollo/whatever for any job here. | | Once your travel details are in the GDS then the airline | clerks, car rental sales person, hotel clerks, and your | travel agent can check out or update your travel info for you | just based on the PNR number on your airline ticket for | convenience if you're just not into that weird smartphone | thing. You can change a bunch of things during the trip like | what car you drive and hotel amenities during your stay so | after the trip ends we download your trip from Sabre and | build reports for your boss or whatever. | useful wrote: | The industry is moving to a being able to purchase products | instead of complete PSS/GDS solutions. As an airline you'll be | able to buy an inventory management system from Amadeus, a | pricing system from Sabre, a support system from TravelSky, and | a website from Travelport. | | The best example I can think of is American. They have Amadeus | running their international website. Their ticketing system is | internal. And all their inventory is managed in Sabre. | | Southwest was similar, for a while Amadeus ran their | international site while Southwest ran an outdated internal | system for domestic travel that didnt support flights leaving | and arriving on different days. They eventually had Amadeus | move into running their domestic stuff a few years ago and now | they have red-eyes. | | Delta runs all their own stuff on a mainframe and from the | outside it looked like a slow moving disaster. I know Amadeus | sees all their inventory and looks at each passenger. | dave5104 wrote: | > They eventually had Amadeus move into running their | domestic stuff a few years ago and now they have red-eyes. | | Heh. I remember thinking years back that it was odd that | Southwest never had any overnight flights, especially | transcontinental. Just assumed it was the way they did | business and some sort of cost cutting measure. Didn't think | it'd be due to a software limitation! | redbeard0x0a wrote: | > due to a software limitation | | This _is_ a cost cutting measure. They decided not to pay | for their software to support red eyes. | 112012123 wrote: | Well, it was due to cost cutting! The point of using an in- | house solution was that it was cheaper than buying a | reservation system. | 112012123 wrote: | Definitely depends on the airline. The big US carriers all have | their own systems, but the vast majority of foreign carriers | use a GDS on their backend. It's just not worth building in- | house unless you're at very large scale. | Svip wrote: | Old non-US airlines definitely have their own systems. I know | Scandinavian Airlines have their own, and it looks like | Lufthansa and KLM-Air France do too.[0] | | I would be surprised if say British Airways didn't. | | [0] https://www.emirates247.com/business/corporate/buying- | ticket... | Uberphallus wrote: | Nope, they all use Amadeus, except for Scandinavian | Airlines. Actually Lufthansa and Air France CREATED Amadeus | to consolidate their GDS operations. They're now pissed | because Amadeus takes a piece of the cake and plays weird | pricing shenanigans, but they're still there. | | Source: worked at Amadeus. | 112012123 wrote: | These guys do use Amadeus on the backend to manage their | ticket inventory. Specifically Amadeus Altea - though you | are correct that they try very hard to avoid paying GDS | distribution fees for selling tickets through the GDS third | party sales channels (which is what that article is | discussing). | cm2187 wrote: | When you mean travel agent, do you also include the likes of | expedia, opodo, etc? | splonk wrote: | Both of them also have GDS integrations. I don't know exactly | how much but I'd assume it's the bulk of their traffic. | | As a general rule the large majority of anything you don't | book directly with the airline/hotel (and for all I know, | some of what you do) is very likely to be in a GDS somewhere. | znpy wrote: | Is there a way to know if you've gone through sabre? | opportune wrote: | If you're an EU resident, I'm guessing you could force their | hand using GDPR? | coip wrote: | "Secretly" well there goes that headline as fact. How meta | 01100011 wrote: | National Security Letters basically turn any private database | into a tool of the state: | https://en.wikipedia.org/wiki/National_security_letter?wprov... | | I'm not saying the US is as bad as China, but I roll my eyes when | people talk about China forcing its companies to serve the | interests of the state. Our government does it all the time and | it doesn't require a warrant. | koheripbal wrote: | This is a "both sides"/whataboutism argument. China is | absolutely worse than the US in this regard. Chinese military | intelligence actually conducts offensive espionage _on behalf_ | of Chinese companies to steal IP from western companies. | | The US has a court system that reviews National Security | Letters, and can accept challenges to them, and while that | court is secret, it's still bound by rules that are established | by elected congressional officials. ...and perhaps most | importantly, they are still somewhat rare. | | Chinese companies on the other hand are _required_ to cooperate | on all requests, even international subsidiaries of any Chinese | companies. No "letters" or court orders - you either do it or | the CEO goes to jail, no trial, no judicial review. | | It might seem like the results are similar, but having judicial | and congressional oversight makes a world of difference in | tempering how/when it can be used and, more importantly, | rolling it back when it's no longer necessary. | | https://en.wikipedia.org/wiki/National_security_letter#Doe_v... | | It's a night and day comparison. | vmception wrote: | replying "Whataboutism" is just a reductive way to defend | "hypocrisy" in a geopolitical context. which is worse? Not | being aware of the similarity and replying "whataboutism", or | being aware of the similarity just gaslighting and deflecting | with whoever pointed out the hypocrisy? | | most of these observations are very valid | | just because you coincidentally respect the due process that | reaches a result, doesn't mean that it is a functionally | different or better. its only indoctrination and pure | happenstance to whatever you were exposed to first. | sudosysgen wrote: | Yup. Whataboutism is only fallacious if you use it to claim | moral superiority. Whataboutism is not fallacious if you're | trying to draw an equivalent between two actors. | tdeck wrote: | It's hypocrisy when X criticizes Y for doing something that | X also does. It's not hypocrisy for a third party to | criticize party X for doing something they're not doing, | even if they fail to bring up a criticism of Y in the same | breath. | volgo wrote: | Sorry I think you've drank the koolaid. There's no judicial | oversight when it comes to national security. They'll always | be able to find judges that are sympathetic to the FBI/CIA's | cause | trhway wrote: | >having judicial and congressional oversight makes a world of | difference | | absolutely, no argument here. From your link: | | "Based on the U.S. Supreme Court rulings, there is still no | requirement to seek judicial approval for the FBI issuing an | NSL. " | | Of course US isn't China. Yet. The country though is before a | roadfork and is choosing it direction. One side, like these | uncontrolled/unoversighted fed agents in the video in the | link below has already chosen the China way, the other - like | that beaten Navy vet in the video - is still keeping US from | becoming China-like. That 53 year old Navy vet looks to me | like the archetype of American to whom my old country - USSR | - lost the Cold War, and there seems to be less and less of | such people around. | | https://www.foxnews.com/us/portland-protest-navy-veteran- | fed... | alfiedotwtf wrote: | > and can accept challenges to them | | Is there a public count of how many challenges vs how many | were rejected? | divbzero wrote: | People are right to criticize China for it and just as right to | criticize the US for similar faults. We should behave better | and encourage others to do the same. | antocv wrote: | Disagree, we should encourage China, Russia, Israel, and any | other capable state to spy on us. | | Disolve the monopoly, let it be a game for many to play. One | single power is much more dangerous for everybody than a | plurality. | hammock wrote: | While that's not wrong, NSLs are a relatively surgical tool in | comparison to voluntarily- and involuntarily-added backdoors | thephyber wrote: | > NSLs are a relatively surgical tool | | Citation needed. | | While I suspect you are right, I've never seen an example of | one and we don't have any proof that this is how they are | used in practice. The same could have been said about FISA | warrants, but both civil libertarians and Trump allies have | been critical in how FISA warrants have been used _in | practice_ despite the way they were described as few and | targeted by those "watchers" who were "watching themselves". | eloisius wrote: | Absolutely. The only thing that frustrates me about these | topics is that only discussions about one of them tends to Get | pummeled with whataboutism. We should condemn authoritarianism | wherever it exists and not let authoritarianism elsewhere be a | justification for authoritarianism anywhere. | mNovak wrote: | Wondering how effective NSL's would be as a phishing technique | for e.g. China.. Given the secrecy and non-disclosure aspects, | it's generally harder for companies to know what 'looks right'. | colecut wrote: | heeeyyeyyy Dunder Mifflin is a part of Sabre | l0c0b0x wrote: | ROFL... I actually searched for 'Dunder'. I knew someone was | going to bring it up. ___________________________________________________________________ (page generated 2020-07-20 23:00 UTC)