It started a couple of months ago with a laptop that inexplicably crashed.
Then, someone altered the password on Kate Hanni's desktop computer and when she finally got into it, the files were corrupted.
Microsoft's tech support said she'd been hacked. A few weeks later, all her e-mail disappeared, and AOL told her the same thing.
According to the Airline Biz blog at the Dallas Morning News, this September 29th statement by Frederick J. Foreman, a former employee of Metron forms the core of Hanni's claims:
"On Friday, September 25, 2009 at approximately 10:00 AM, I was escorted by two (2) Metron Aviation, Inc. employees into the office of Mr. James Gaughan, Senior Vice-President and General Manager.
Mr. Gaughan asked me to go over the chronology of my interaction with the media. I told him my interaction with the media as I remembered it. He told me that what I told him was not consistent with information that he had. I responded by asking what are you talking about? He immediately said that I had contact with Ms. Kate Hanni on Thursday, September 24, 2009. I said yes I did but Kate Hanni is not the media so that my statements about the chronology of events are correct.
Mr. Gaughan proceeded to show me on his computer monitor what appeared to be hacked and stolen email communications within the last six (6) months or more between Kate Hanni and me, me and Gary Stoller of USA Today, me and Susan Stellin, a freelance reporter, and Kate Hanni and a number of people concerning the Passenger Bill of Rights, excessive surface delays, and other private communications.
It was clear that they had email transactions from both of my private email accounts: Hotmail (eckmaster12 [at] msn.com) and Yahoo (eckmaster [at] mmi-gov.com). It was also clear that these emails were from Kate Hanni's private and personal email account (katcrew4 [at] aol.com), as well as from Gary Stoller's (gstoller [at] usatoday.com) private USA Today account, and Susan Stellin's (stellin [at] earthlink.net) private and personal email account.
There were no emails communications from Metron Aviation's email system only communications from information that I gave her as fuel for getting the Passenger Bill of Rights passed in Congress.
He said that Delta Airlines sent this information to them. I took this to mean that Delta Airlines and Metron Aviation both had a copy of these hacked and stolen email communications. Mr. Gaughan said that Delta was mad and upset that one of Metron Aviation's employees had provided Kate Hanni with this kind of information. He said that I had put Metron Aviation in a precarious situation with Delta Airlines and that at a minimum I had not been a good employee by doing this. I tried to explain to him that what I sent to Kate Hanni on 9-25-2009 could be obtained by anyone by simply analyzing the public information that is available online and provided by the Department of Transportation, Bureau of Transportation and Statistics, but to no avail.
Based on these hacked and stolen email communications, James Gaughan of Metron Aviation, Inc. decided to terminate my employment. The two (2) Metron Aviation escorts took me to my desk where I got my personal belongings and then they escorted me out of the building at approximately 12:15 PM."
Delta says the accusation is "clearly without merit," and Metron says the accusation is "completely baseless and without merit." Hanni is seeking $11 million in damages from Delta.
"Has Delta been hacking?" [Houston Chronicle]
"Consumer activist Kate Hanni accuses Delta of hacking her email, computer" [Airline Biz]
(Photo: Hong Kong dear Edward)
@LeoSolaris: I'm probably resistant to conspiracy theories, since everybody has them.
It think it's more of a stretch to assume that her personal data was target by a hacker working for or passing data to Delta.
Systems crash inexplicably all the time. People get malware all the time. For the record, most of them have no idea how it happened and are greatly confused.
And God, give me a dollar for everytime someone assumed the PC fairies were responsible for something mysterious happening on their systems.
I guess what I'm looking for is more in the way of evidence that there was a deliberate act to steal data and foul up her system.
]]>@Naame: Actually, Naame, the standard of proof on a civil claim is on "the balance of probabilities" which means that you only have to prove that it is more likely than not that your claims are true.
"Beyond a reasonable doubt" is the criminal standard.
"Beyond a shadow of a doubt" is neither, although sometimes lawyers will state in argument that they've proven their case to this level in asserting that they've gone beyond meeting either of the above two standards.
]]>It is a bit of a stretch to conclude that it was sniffed through the company computers, which would have provided clean, discrete, and non-disruptive copies of the emails without anyone ever being the wiser.
]]>That's the most logical sequence of events I could think of happening. The idiot manager/higher up couldn't ask/order an employee to do it, and without any contacts in actual cracker's circles finding one to do this would be hard, thus is it likely that s/he turned to a family member whose 'expertise' was not all that high. The hack, slash, and burn is nasty, but not very inspired as far as hacks go. It has all of the finesse of a nuke.
It will come out in court. I could be wrong, but still the firing of the employee over private emails is pretty condemning by itself.
]]>@ivanthemute: Indeed, but it doesn't make it any less legal. And, I do believe that if they did use any sort of social engineering to get the passwords changed so they could access those accounts, that would run afoul of the same tampering laws had they hacked the accounts themselves. Not to mention wrongful termination of employment (unless this guy's employment contract gives his employer the right to his personal emails, of course) to also be investigated.
I would say if this case was brought before a jury, and this evidence was admitted, Delta and Metron would both likely be found at the end of a guilty verdict by a jury.
]]>Wow. Even if they "bought" the info from an opportunist hacker, they should be held severely liable- that CEO should be in the slammer.
]]>Now, I'm not defending Delta, but the term "hacking" is almost pure BS nowadays. Social engineering is more prevalent and is fairly easy. Remember the Sarah Palin e-mail "hack"?
]]>Domain Name: MMI-GOV.COM
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Name Server: YNS1.YAHOO.COM
Name Server: YNS2.YAHOO.COM
Just sayin...
]]>@RedCatLinux: ..and no... the company e-mail system does not need to be involved for this to happen.
]]>I havent been on Delta since I was a child. Their fares aren't competitive or their flights just aren't convenient in the areas I fly.
But, I get the feeling that there has been a lot of info left out. Who owned the laptop and the desktop computers? Hopefully not a company she worked for.
Did Mr Forman access any personal e-mail accounts via web interfaces on his work computer? Did he or Hanni interact with any Delta employee who in turn read personal e-mail via the web from a company computer?
Most companies monitor computer traffic on their network. There is no expectation of privacy for employees while using one. I beleive that the courts have made this clear on several occasions.
All that needs to have happened is for one person on an e-mail thread to have read it on a company computer to blow this whole thing wide open.
It's not hacking when a company monitors traffic and communications over their own network.
]]>Delta needs to come clean. They need to show exactly how they got this data and some forensics investigators need to try and gather proof for the prosecutors so that there is no dispute over whether or not Delta is guilty or innocent.
]]>Stuff like this happens when $10s of millions of dollars are at stake. Hopefully she will end up owning Delta and the guy will end up owning Metron.
]]>Grammar snark won't help you now, my young apprentice--your comments made no sense.
]]>It would be one thing if it was through the company email system. They fired him based on email found on a system they had no way of accessing without having his credentials. Thats illegal under a whole slew of laws dealing with wiretapping and even interstate transmissions.
]]>I guess Delta and they're very probable very high budget lobbyists got upset that there is actual competition? That their isn't just their side of the story?
I haven't bought a Delta ticket all my life... and this is definitely cementing it in. Over $1,200 dollars for a flight from San Antonio to Long Island vs $150 on Southwest.
Delta seems like a GRRREAT! Company..... Not.
]]>I have no idea what their log and email retention policies are, but odds are they no longer have copies of the email, they may have copies of access logs though.
Based on the OP though, it was probably an easy to guess password, regardless of what it is. Delta using those emails is about the same as receiving stolen property and using it (in this case passing it onto Metron).
The other issue I have, she spoke with MS Tech support.. they could not hack their way out of a wet paper bag, never mind figure out someone hacked her system. The other issue being that most hackers, specifically ones who attempt data exfiltration, prefer to leave no trace behind and try to prevent the user from ever knowing they were there.
]]>cease - stop doing X [in progress]
desist - refrain from doing X [again]
]]>Folks here need to realize that the news story is no real indication of the merits of a case, especially before discovery has even started.
]]>@theSuperman: LOL
]]>@KMan13 still wants a Pontiac G8: i was wondering too, though.
]]>@Stephen Schenck: could be setup using yahoo servers to handle mail, on a private domain... i know google offers this
]]>@PsiCop: Well, no, not really. Baseless and without merit actually have quite different meanings. Baseless; meaning it has no foundation in fact, or unfounded or unwarranted, and without merit; meaning it has no quality or worth, or undeserving of consideration.
Essentially saying that the case has no reason to exist and therefore deserves no consideration by the courts.
Of course, it's all open to interpretation...just like all legal jargon. Gotta keep those loopholes open, you know.
]]>Yes, I know it's a customary phrase. Along those lines of asking that people "cease and desist" doing something. Aren't you really asking them just to "cease" what they're doing? Why is it necessary that they also "desist"? Is it even possible to "cease" without also "desisting" at the same time? If ceasing and desisting are the same, why demand that people do both?
... Just asking out loud. I don't expect a rational, sensible answer.
]]>Peoples accounts get hacked all the time from Yahoo and AOL. It was probably some script kiddy being a bastard and thought it would be funny to get somebody canned.
How can he do this you may ask? Simple, how many people here use the same password for multiple email, login accounts? How many people send emails back and forth between email accounts? OK, that's what I thought! So the kid has probably figured out that she has multiple accounts and is probably using the same password that he cracked(bruteforced) one account with for the other.
Just a thought...not that I would know anything about stuff like that.
]]>They would probably find this case quite tasty.
]]>Good Luck proving it in court. Even a Best Buy Geek Squad employee could dismantle her claims and evidence.
]]>I don't think this lady is going to use those e-mail any longer. So publishing them probably doesn't matter at this point.
I believe they hacked her computer(s). Sad when all customers want with a bill of rights is the right to be treated fairly.
]]>If the allegations are true someone is going to jail for electronic tampering/wire fraud. Why just settle for the (admittedly easier to substantiate) civil claim?
And how does Delta know the claims are "without merit"? The new Delta is so colossally huge that one half probably doesn't know what the other is doing. I guess incidents of landing at the wrong airport are also without merit...
]]>I wouldn't put it beyond Delta but unless I see further proof that it was actually Delta, I won't believe this on words alone.
]]>Everything even remotely involved in the investigation disappears or is hacked and ONLY the items involved in the investigation and its clearly without merit?
Granted it is circumstantial, but I am pretty sure some russian punk would not be specifically targeting delta emails when it would be a lot easier to load in a keylogger and get her credit cards. Not to mention a lot more profitable.
]]>