Archive for August, 2011
As more and more EU member states introduce electronic payment systems for public transport, Dutch police investigates a journalist on suspicions of fraud after showing weakness in the security of the Dutch system.
Read article by guest blogger Staffan Dahllöf:
A Dutch journalist, Brenno de Winter, showed on TV how easy it is to cheat a new electronic payment system for public transport. The prosecutor took up the case – in order to decide whether the journalist should be prosecuted for fraud.
Mary Hallebeek, press officer at the prosecutor’s office in Utrecht describes the case as delicate:
”The journalist did this to show that the system doesn’t function well, and he had been telling this in different publications before. We are aware of that he had a journalistic purpose, and the purpose of an act should be considered according to Dutch law,” she told Wobbing.eu.
Ms Hallebeek says that the investigation was triggered by a notification to the prosecutors office by Trans Link Systems, the company designing the payment system, but adds that the prosecutor also was aware of the alleged fraud through the media.
Brenno de Winter says he didn’t see another way of proving claims of the weaknesses of the system, mainly as the company behind the system had refused to answer direct questions.
Several other journalists joined him in his research, and published their results. However police has questioned none of them and the public prosecutor’s office has indicated that no other reporters are in the scope of a possible prosecution.
“I’m a freelance journalist whereas the other journalists have regular employments. So to be singled out hits me harder than it would hit the national news,” Brenno de Winter says.
The core of the case is a digital payment system for public transportation, a project mainly funded with public money, and with a price tag with a large number on it.
Brenno de Winter argues that the used technology is highly insecure and that several scientific studies have warned for the risks for using this card as a payment system.
But a decision to carry on was made on the promise that fraud easily would be detected, and fraudulent cards would be blocked after a maximum of 24 hours.
Early this year Brenno de Winter showed that people with a basic computer knowledge is capable of defrauding the system, using standard tools available on the Internet.
He also showed that this could be done without the system detecting the attempts, and that cards generally aren’t blocked.
And he proved that using a card that has been blocked is still possible without being discovered by the system.
“The central systems turned out to fail in all thinkable ways,” Brenno de Winter claims.
The seemingly vulnerable payment system had caught big attention in the Dutch media and the revelations have been debated in the Parliament.
At the prosecutors office Mary Hallenbeek says that a decision to prosecute or not, and if so, on what grounds, most likely will be taken within a week or two.
The article has previously been published on Wobbing.eu
Update September 9th: Investigation closed and case dropped. Read more on Wobbing.eu