Man Boards Heathrow Flight Without Passport or Ticket (telegraph.co.uk)
- Reference: 0180416583
- News link: https://news.slashdot.org/story/25/12/18/1447222/man-boards-heathrow-flight-without-passport-or-ticket
- Source link: https://www.telegraph.co.uk/news/2025/12/17/man-boards-heathrow-flight-without-passport-or-ticket/
> A man boarded a flight at Heathrow [2]without a ticket, boarding pass or passport .
>
> 'The unnamed individual walked onto the 7.20am British Airways (BA) flight to Oslo, Norway, on Saturday after tailgating other passengers through security and evading checks at the departure gate.
>
> An aviation expert described the incident as a "significant lapse in security", as a witness reported that cabin crew only detected the interloper because the flight was full and he kept sitting in passengers' assigned seats.
>
> Police arrested the unnamed man, airport sources said, adding that he had passed through "full security screening" before reaching the gate.
>
> Given that he did go through the security check, this is merely embarrassing. Compare and contrast [3]with this episode .
[1] https://slashdot.org/~Bruce66423
[2] https://www.telegraph.co.uk/news/2025/12/17/man-boards-heathrow-flight-without-passport-or-ticket/
[3] https://www.bbc.co.uk/news/uk-england-manchester-18979032
Not news for Nerds (Score:2)
In what possible way is this News for Nerds? Please don't post items outside the scope of Slashdot.
Re: (Score:2)
Nerds tend to have a higher interest in security than the general populace.
Re: (Score:2)
Agreed, I would class this about as bd as my mother being able to travel on my passport (this was 10+yers ago but still post 9/11) and ok this was from a small airport in norway, but nevertheless it was an International flight (destination AMS).
Re: (Score:2)
This guy either socially engineered his way through a line, analyzed a weakness in the line, or time-traveled from the '90's not realizing we've set up an incompetent but totalizing police-state control grid to interpose every tiny aspect of our lives.
To be fair, "pay on board" is less applicable to airplanes than trains because seatbelts are important in turbulence.
That said, the lack of capacity is widely acknowledged to be a feature of wildly incompetent management.
We just heard they've started a new pro
Attributing Risk Mitigation. (Score:3)
> This guy either socially engineered his way through a line, analyzed a weakness in the line, or time-traveled from the '90's not realizing we've set up an incompetent but totalizing police-state control grid to interpose every tiny aspect of our lives.
Perhaps we not attribute time-traveling ignorance with what could be attributed to a Red Team pen test. He went through security. So creating an actual threat was not the end goal. Embarrassment and awareness was.
Hell, the way he was bouncing around the plane makes me wonder how much money he was winning in the Red Team office pool for every seat he got away with.
Red Team testing, is done at airports. (Source: Retired Director of TSA @ local international airpot)
Re: (Score:2)
I agree. That's what it looks like. But wouldn't that hab been disclosed as soon as he was brought off the plane? Even if it takes an hour to confirm, that should have been before and included in a press release.
So probably an "independant" pen tester.... or failed social media challenge, Or just a plain idiot who got lucky (Well, there may be an overlap here...).
Re: (Score:2)
> I agree. That's what it looks like. But wouldn't that hab been disclosed as soon as he was brought off the plane? Even if it takes an hour to confirm, that should have been before and included in a press release.
Included in the press release? Why? Internal Red Team testing is internal.
Take the win for catching the "bad" guy, with bonus clicks-n-likes revenue. Advertise there was no real threat (he went through security) to keep the confidence of overall safety intact with the general public. Water the "alarming" problem down to remedial training and perhaps firing a couple of ticket checkers who had one fucking job to ensure all is well.
Profit, with consumer confidence even slightly boosted just before the ho
Re: (Score:2)
But then you wouldn't publish either that a Red Team has been able to infiltrate your business.
Re: (Score:2)
> In what possible way is this News for Nerds?
This is now a challenge. Proof by demonstration, I don't need to invent an invisibility cloak or iris scan spoofer, I just need to look for bored security guards.
As is often the case, [1]XKCD beat us to this [xkcd.com]. The weak link in security often isn't the process or tools, it's the wetware. Nerds should bear that in mind when designing any system involving people.
Back to the original article, "embarassing" isn't the word I'd use. "Appalling", "horrifying", and "enraging" spring to mind.
[1] https://xkcd.com/538
Re: (Score:2)
True. But /, has gone out of tech into politics for decades, now
Re: (Score:2)
Those are not two discrete Domains. Tech doesn't exist in a vacuum. And security, including physical security, is part of tech.
Re: (Score:2)
> That airport is the epitome of bad design. I wouldn't be surprised if the guy who did this thought he was going into the toilet or something.
Based off the smell of Heathrow, this is likely.
Re: (Score:3)
I agree here. I have a photo of the departure display that actually says "Departure Gate will be announced 20 minutes before boarding" AND "Please be aware of up to 20min walking time to the gates"
Well, thanks for that.
Is this a big deal? (Score:5, Insightful)
Actual terrorists will buy a ticket and find ways to get on the plane legally, so what are we really worried about here?
It's worse than you think (Score:2)
Not to mention - given the ease w/ which "migrants" cross the English channel and land on English shores, w/o being obstructed by the Royal Navy or Coast Guard, it's not remotely surprising to see the Brits w/ such a cavalier attitude towards who enters their country
A few years ago, Heathrow was a transit point for a place I was going. When I landed there and entered the transit area, I thought that I was in Lahore, rather than London. The only English store I saw w/ English employees was the electronic
General troublemakers... (Score:2)
... and nutters, thats what. They might not have a bomb but they could quite easily kick off and cause injuries, cause the flight to have to divert or even return once taken off. Normal people don't board a random flight with no documentation especially when they'd almost certainly be caught at passport control the other end.
Security check (Score:2)
Security check is the only checkpoint where ticket/passport are NOT checked. They check for weapons and dangerous stuff, but can rightfully assume that everyone who shows up there is a legitimate passenger on SOME flight.
However, THREE other checkpoints should have caught him: Ticket check, Passport check and Gate check. The sole purpose of the first ticket check when leaving the public area of an airport is to make sure that the number of people passing is equal to the number of boarding passes presented.
How the hell do you pull that off? (Score:2)
I mean, really? Even though I have TSA precheck, I still have to present ID and I still have to take my belt off because it sets off the metal detector. Hell, even my dog has to pass through the metal detector by herself. I just seems like we here in the US bend over backwards on everything but the rest of the world gets a pass.
Re: (Score:3)
Well, you are assuming that those checks are actually working as intended and not just security theater.
I can confirm that they have the same checks in place in Heathrow. They are not working, that's different from not having them.
Re: (Score:2)
You are conditioned to comply. This guy actively tried to circumvent the security process, and succeeded. Most people, like you and me, don't want to risk the fallout that would happen if we got caught. When somebody just doesn't care about the consequences of getting caught, they can find ways to get around security.
How many people board flights at Heathrow yearly? (Score:3)
The answer is about 5.7 million. So if this is the first instance of this happening in a year, a failure rate of one in 5.7 million is not too bad. We are only human and perfection is impossible.
That said, of course there needs to be an investigation and changed made to reduce the likelihood even further.
Re: (Score:3)
But still, for that vector of attack 1:5.7 million is REALLY bad.
We are not talking about counterfeit documents or boarding the wrong plane. He didn't have any documents. And he passed through 4 layers of security (ticket, passport, security and gate check) where 3 are document checks, 2 of them supposed to check the validity of ticket/passport, and the first one specifically supposed to check the PRESENCE of those documents.
Yes, a fake boarding pass may not be checked until boarding at the gate and even ma
why was he arrested? (Score:1)
Why was this hacker arrested, shouldn't they arrest those who let him on instead?
Re: (Score:3)
Incompetence is not criminal.
Not sure how where I fly (Score:2)
I don't know what it's like at Heathrow, but here at Seatac and generally other airports I've been to in the US/Canada you can't even get in line for security without going past a kiosk at the end of a roped-off area where security checks your boarding pass and passports (or other ID) in a computer. You might get lucky and be able to casually look like you're with someone else's party if you try hard enough, but at least whenever we go they always look at the passports and the individuals, including our kid
Re: (Score:2)
Gate staff check your ID matches your ticket at the gate in Heathrow.
Access to the airside area is with a boarding pass (the pass must be for a flight departing the same day and sufficiently far in the future, each pass can only be scanned to go airside once).
However this is not a significant security breach because:
(a) it cannot be done repeatedly or predictably
(b) the person was security screened to the same standards as everyone else
Therefore neither can it be exploited by someone planning to do so nor c
Man? (Score:2)
It was a man? I thought it was a [1]young boy with ragged hair [youtube.com], just coming to see his girlfriend off?
[1] https://www.youtube.com/results?search_query=love+actually+running+through+airport
Unnamed (Score:1)
Of course he's unnamed
Security Theater (Score:5, Informative)
Airport security being purely security theater is well-documented fact. [1]TSA Fails 95 Percent of Airport Breach Tests [nbcnews.com]. Except for Israel, it is not any better anywhere else.
[1] https://www.nbcnews.com/news/us-news/investigation-breaches-us-airports-allowed-weapons-through-n367851
Re: (Score:3)
The real goal is to invade privacy, and collect information, and not security.
Re: (Score:2)
The theater is important though, people need to at least feel like there's security so they feel safe flying, even if it really is an impossible task if someone want's to smuggle something on board. The El-Al model is effective but it's onerous, expensive and impossible to scale and even it cannot be 100%.
I fly fairly often and the only real security thing I would be concerned about is explosives. After 9/11 the lessons learned was; lock the cockpit doors and if anyone tries to hijack the plane every pass
Re: (Score:1)
I think if you really look at airport security; you have to realize it is designed to enable response rather than to really prevent.
Sure of some stuff like limiting liquids is done in hopes of stopping bombs on planes etc; but most of the security enhancements are really of the log and collect variety. I assume the security apparatus believes they can spot and identify the terrorists and organized criminals traveling and go pick them up before they attack whatever non-airport target.
Clearly there is no pra
Re: (Score:2)
be that as it may, how did he even get through security, never mind the gate. Someone at Heathrow is going to have a rather uncomfortable conversation with their supervisor. Actually multiple people are going to have those conversations with multiple supervisors simce we have faliurs at multiple points here.
Red Team. (Score:2)
> Airport security being purely security theater is well-documented fact. [1]TSA Fails 95 Percent of Airport Breach Tests [nbcnews.com]. Except for Israel, it is not any better anywhere else.
> Given that he did go through the security check, this is merely embarrassing.
Since embarrassment and awareness seems to have been the end goal, smells an awful lot like a pen test. Nothing more.
[1] https://www.nbcnews.com/news/us-news/investigation-breaches-us-airports-allowed-weapons-through-n367851
Re: (Score:2)
> Given that he did go through the security check, this is merely embarrassing
This is an international flight. It is not merely embarrassing. Security didn't inspect ID or boarding pass?