FBI pulls plug on boarding pass hack

By on
FBI pulls plug on boarding pass hack

Student finds home sansacked after offering fake airplane boarding passes.

Student finds home sansacked after offering fake airplane boarding passes.

The FBI has forced a security researcher who created an online service for printing fake Northwest Airlines boarding passes to take down his website.

The php script based online service allowed users to create and print boarding passes for the airline under any name and for random itineraries and seats. Although the phoney passes wouldn't allow passengers to board any airplanes, they could be used to pass initial airport security clearings and gain access to the gate area.

Terrorists could potentially use a similar method to bypass security and avoid detection against name based blacklists.

The website was available from Wednesday 25 October through Friday 27 October. It can still be accessed through Google's cache.

The creator of the website is 24-year-old computer security grad student Christopher Soghoian at the Indiana University Bloomington.

When he first published the service, Soghoian suggested that people use it to "meet your elderly grandparents at the gate", upgrade themselves to business class seats or demonstrate the ineffectiveness of the US passenger screening process.

The service prompted congressman Edward Markey to call for Soghoian's arrest. The student on Friday afternoon was presented with an order from the FBI, instructing him to take down his website.

He came home on Saturday to find the glass of his front door smashed. He found an FBI search warrant was taped to the kitchen table and authorities had seized all his computers and storage media as well as several documents.

Before his apartment was searched, Soghoian ridiculised Markey's comments. He pointed out that the theory behind his service has been widely publicised by senator Schumer in 2005.

"Sure, he didn't produce a php script that'd do it for you, but he provided detailed enough instructions that a terrorist or evil-doer with basic computer skills could do it," argued Soghoian.

"I have not flown, or even attempted to enter the airport with one of these fake boarding passes. I haven't even printed one out. All I have done is create a php script, which highlights a security hole made public by others before me. "

The student has opened a Paypal account where he is soliciting contributions to fund his legal defence.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
boarding fbi hack on pass plug pulls security

Most Read Articles

Inside NEXTDC's new Sydney data centre, S2

Inside NEXTDC's new Sydney data centre, S2
'Natural radiation event' knocks NBN Sky Muster satellite offline

'Natural radiation event' knocks NBN Sky Muster satellite offline
'Massive messaging storm' takes out Telstra's DNS infrastructure

'Massive messaging storm' takes out Telstra's DNS infrastructure
Telstra sells Clayton data centre complex for $416m

Telstra sells Clayton data centre complex for $416m
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Government Digital Transformation Requires Customer Obsession
Government Digital Transformation Requires Customer Obsession
Master the fundamentals of AWS cost efficiency
Master the fundamentals of AWS cost efficiency
Get IT, finance and business on the same page
Get IT, finance and business on the same page
Why is DevSecOps important to your business?
Why is DevSecOps important to your business?
Architecting Hybrid IT & Edge for Digital Advantage
Architecting Hybrid IT & Edge for Digital Advantage

Events

Log In

Username / Email:
Password:
  |  Forgot your password?