It is possible for cyber attackers to cancel flights – even use refunds according a team of researchers who recently analysed online Global Distribution Systems. Karsten Nohl and Nemanja Nikodijevic from Berlin-based consultancy Security Research Labs spent months investigating the security employed by (GDSs). They presented their findings recently at a conference in Hamburg.The preamble to their paper states that travel booking systems are “among the oldest global IT infrastructures, and have changed surprisingly little since the 80s. The personal information contained in these systems is hence not well secured by today’s standards. “This talk shows real-world hacking risks from tracking travellers to stealing flights.” The researchers are quoted as saying in an article written by Lucian Constantin in the CIO newsletter that the booking code itself is far from secret. It’s printed on luggage tags that most people throw away after each flight and is also embedded in the QR codes printed on tickets that an alarmingly large number of travellers photograph and post on social media websites. “In the short term, at the very least, we should expect websites that give access to travellers’ personal information to have the bare minimum of web security, and this includes at the very least some rate limiting,” the researchers concluded.