FBI pulls plug on boarding pass hack

By on
FBI pulls plug on boarding pass hack

Student finds home sansacked after offering fake airplane boarding passes.

Student finds home sansacked after offering fake airplane boarding passes.

The FBI has forced a security researcher who created an online service for printing fake Northwest Airlines boarding passes to take down his website.

The php script based online service allowed users to create and print boarding passes for the airline under any name and for random itineraries and seats. Although the phoney passes wouldn't allow passengers to board any airplanes, they could be used to pass initial airport security clearings and gain access to the gate area.

Terrorists could potentially use a similar method to bypass security and avoid detection against name based blacklists.

The website was available from Wednesday 25 October through Friday 27 October. It can still be accessed through Google's cache.

The creator of the website is 24-year-old computer security grad student Christopher Soghoian at the Indiana University Bloomington.

When he first published the service, Soghoian suggested that people use it to "meet your elderly grandparents at the gate", upgrade themselves to business class seats or demonstrate the ineffectiveness of the US passenger screening process.

The service prompted congressman Edward Markey to call for Soghoian's arrest. The student on Friday afternoon was presented with an order from the FBI, instructing him to take down his website.

He came home on Saturday to find the glass of his front door smashed. He found an FBI search warrant was taped to the kitchen table and authorities had seized all his computers and storage media as well as several documents.

Before his apartment was searched, Soghoian ridiculised Markey's comments. He pointed out that the theory behind his service has been widely publicised by senator Schumer in 2005.

"Sure, he didn't produce a php script that'd do it for you, but he provided detailed enough instructions that a terrorist or evil-doer with basic computer skills could do it," argued Soghoian.

"I have not flown, or even attempted to enter the airport with one of these fake boarding passes. I haven't even printed one out. All I have done is create a php script, which highlights a security hole made public by others before me. "

The student has opened a Paypal account where he is soliciting contributions to fund his legal defence.
Copyright ©v3.co.uk
Tags:
boarding fbi hack on pass plug pulls security

Most Read Articles

Westpac finally moves to re-architect IT for NPP

Westpac finally moves to re-architect IT for NPP
Myer claims big early results from back office IT overhaul

Myer claims big early results from back office IT overhaul
Optus fibre cable cut in Melbourne

Optus fibre cable cut in Melbourne
Google nabs Telstra exec to lead Aussie cloud business

Google nabs Telstra exec to lead Aussie cloud business
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Solving IT complexity
Solving IT complexity
Optimising Enterprise Data Centres for the Cloud
Optimising Enterprise Data Centres for the Cloud
Growing companies have a growing interest in technology
Growing companies have a growing interest in technology
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
Building platforms for future health and education
Building platforms for future health and education

Events

Log In

Username:
Password:
|  Forgot your password?