FBI pulls plug on boarding pass hack

By on
FBI pulls plug on boarding pass hack

Student finds home sansacked after offering fake airplane boarding passes.

Student finds home sansacked after offering fake airplane boarding passes.

The FBI has forced a security researcher who created an online service for printing fake Northwest Airlines boarding passes to take down his website.

The php script based online service allowed users to create and print boarding passes for the airline under any name and for random itineraries and seats. Although the phoney passes wouldn't allow passengers to board any airplanes, they could be used to pass initial airport security clearings and gain access to the gate area.

Terrorists could potentially use a similar method to bypass security and avoid detection against name based blacklists.

The website was available from Wednesday 25 October through Friday 27 October. It can still be accessed through Google's cache.

The creator of the website is 24-year-old computer security grad student Christopher Soghoian at the Indiana University Bloomington.

When he first published the service, Soghoian suggested that people use it to "meet your elderly grandparents at the gate", upgrade themselves to business class seats or demonstrate the ineffectiveness of the US passenger screening process.

The service prompted congressman Edward Markey to call for Soghoian's arrest. The student on Friday afternoon was presented with an order from the FBI, instructing him to take down his website.

He came home on Saturday to find the glass of his front door smashed. He found an FBI search warrant was taped to the kitchen table and authorities had seized all his computers and storage media as well as several documents.

Before his apartment was searched, Soghoian ridiculised Markey's comments. He pointed out that the theory behind his service has been widely publicised by senator Schumer in 2005.

"Sure, he didn't produce a php script that'd do it for you, but he provided detailed enough instructions that a terrorist or evil-doer with basic computer skills could do it," argued Soghoian.

"I have not flown, or even attempted to enter the airport with one of these fake boarding passes. I haven't even printed one out. All I have done is create a php script, which highlights a security hole made public by others before me. "

The student has opened a Paypal account where he is soliciting contributions to fund his legal defence.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
boarding fbi hack on pass plug pulls security

Most Read Articles

Aussie Broadband signs 2300 users to cheaper gigabit NBN plans

Aussie Broadband signs 2300 users to cheaper gigabit NBN plans
NBN Co limits gigabit services to just 7 percent of HFC footprint

NBN Co limits gigabit services to just 7 percent of HFC footprint
CBA uncovers abusive messages in digital transaction descriptions

CBA uncovers abusive messages in digital transaction descriptions
NAB tells staff to up their digital and data game

NAB tells staff to up their digital and data game
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Why is DevSecOps important to your business?
Why is DevSecOps important to your business?
Architecting Hybrid IT & Edge for Digital Advantage
Architecting Hybrid IT & Edge for Digital Advantage
Organizations Increasing Their Adoption of NFV
Organizations Increasing Their Adoption of NFV
Modernise IT by Reducing Your Reliance on AD
Modernise IT by Reducing Your Reliance on AD
The Maturity of Zero Trust in Australia and New Zealand
The Maturity of Zero Trust in Australia and New Zealand

Events

Log In

Username / Email:
Password:
  |  Forgot your password?