FBI pulls plug on boarding pass hack

By on
FBI pulls plug on boarding pass hack

Student finds home sansacked after offering fake airplane boarding passes.

Student finds home sansacked after offering fake airplane boarding passes.

The FBI has forced a security researcher who created an online service for printing fake Northwest Airlines boarding passes to take down his website.

The php script based online service allowed users to create and print boarding passes for the airline under any name and for random itineraries and seats. Although the phoney passes wouldn't allow passengers to board any airplanes, they could be used to pass initial airport security clearings and gain access to the gate area.

Terrorists could potentially use a similar method to bypass security and avoid detection against name based blacklists.

The website was available from Wednesday 25 October through Friday 27 October. It can still be accessed through Google's cache.

The creator of the website is 24-year-old computer security grad student Christopher Soghoian at the Indiana University Bloomington.

When he first published the service, Soghoian suggested that people use it to "meet your elderly grandparents at the gate", upgrade themselves to business class seats or demonstrate the ineffectiveness of the US passenger screening process.

The service prompted congressman Edward Markey to call for Soghoian's arrest. The student on Friday afternoon was presented with an order from the FBI, instructing him to take down his website.

He came home on Saturday to find the glass of his front door smashed. He found an FBI search warrant was taped to the kitchen table and authorities had seized all his computers and storage media as well as several documents.

Before his apartment was searched, Soghoian ridiculised Markey's comments. He pointed out that the theory behind his service has been widely publicised by senator Schumer in 2005.

"Sure, he didn't produce a php script that'd do it for you, but he provided detailed enough instructions that a terrorist or evil-doer with basic computer skills could do it," argued Soghoian.

"I have not flown, or even attempted to enter the airport with one of these fake boarding passes. I haven't even printed one out. All I have done is create a php script, which highlights a security hole made public by others before me. "

The student has opened a Paypal account where he is soliciting contributions to fund his legal defence.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
boarding fbi hack on pass plug pulls security

Sponsored Whitepapers

Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution
Effectively addressing advanced threats
Effectively addressing advanced threats
The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation

Events

Most Read Articles

Australia Post is building a digital twin of its delivery network

Australia Post is building a digital twin of its delivery network
Google threatens to withdraw search engine in Australia

Google threatens to withdraw search engine in Australia
NBN Co runs fixed wireless tower on diesel generator for over two years

NBN Co runs fixed wireless tower on diesel generator for over two years
NBN Co saves $1m a year by powering down idle line cards

NBN Co saves $1m a year by powering down idle line cards
You must be a registered member of iTnews to post a comment.
| Register

Log In

Username / Email:
Password:
  |  Forgot your password?