Belarus manufactures "bomb threat" to hijack airliner and kidnap opposition journalist at president's direct orders

The story's all over the news, NPR has a good summary:

Authorities in Belarus ordered a Ryanair flight to make an emergency landing in the capital city of Minsk, after reports that a bomb was on board the aircraft. Officials then boarded the plane and arrested Roman Protasevich, the former editor and founder of an opposition blog and social media channel.

No explosives were found on the plane.

The flight, which had taken off in Athens and was on its way to Lithuania, was just leaving Belarusian airspace when the bomb was reported. The Belarusian regime says it then sent a scrambled fighter jet to escort the flight to the Minsk airport.

The Ryanair flight made a kind of U-turn just before the Lithuanian border before heading back toward Minsk, according the site Flightradar24. It was closer to the Vilnius airport in Lithuania than Minsk at the time.

The act has drawn condemnation from European leaders, demanding an explanation. ...

https://www.npr.org/2021/05/23/999603575/ryanair-flight-carrying-opposition-journalist-forced-to-land-in-belarus

I'll note that there's widespread open acknowledgement that:

  • The threat was entirely fabricated.
  • The orders appear to have come directly from Belarus president Alexander Lukashenko.
  • The motive was to capture an opposition journalist, travelling between two third-party countries.

There's a "data are liability" angle.

The Belarus plane hijack is a small reminder why it's generally not a good idea to let governments know who is going to where. I'm not sure why governments that like to think of themselves as democratic don't see the risks.

-- Alexander Bochmann https://mastodon.infra.de/@galaxis/106285985254850170

I'd made a similar point following the assassination of Kim Jung-nam at an Indonesian airport in 2017:

Travel and hospitality databases are widely accessible and shared amongst a tremendous number of organisations. State intelligence organisations might readily have access through their own state-run airline, or through private operations or plants within same. Similarly for terrorist, narco-criminal, money-laundering, or other organisations. Financial, banking, and payment-processing systems, only slightly less so. A P.I. license or position on a fraud or abuse desk at a major online retailer, or any skip-tracing agency, can have access to such information.

https://old.reddit.com/r/dredmorbius/comments/5ud243/data_are_liability_book_your_assassination_now/

What is your threat model?

Note that your own threat model may not include possibilities which put others at risk.

In fairness, it appear that Protasevich was followed onto the plane itself, suggesting that in-flight availability of manifests played little role. The question of what pre-flight intelligence methods were employed remains open.

And yes there are parallels to earlier incidents, including the effectual grounding of the Bolivian Presidential airplane in 2017 in an attempt to intercept Edward Snowden, see https://www.bbc.com/news/av/world-latin-america-23166146.

#belarus #DataAreLiability #ryanair #kidnapping #ElexanderLukashenka #RomanProtasevich #kgb #Minsk #Lithuania #Greece

2