Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Raids Security Researcher's Home

Posted by ryuzaki0 on from the senator-did-it-first dept.

Sparr0 writes, "The FBI has raided the home of Christopher Soghoian, the grad student who created the NWA boarding pass site. Details can be found on his blog including a scanned copy of the warrant. The bad news is that he really did break the law. The good news is that Senator Charles Schumer did it first, 19 months ago, on an official government website no less. The outcome of this trial should be at least academically interesting. At best, it could result in nullifying some portion of the law(s) that the TSA operates under." Read on for Sparr0's take on what laws may apply in this case.

Boiling down some of the legalese, the charges (if any are filed) will be "conspiracy to knowingly present a false and fictitious claim upon or against the United States, or any department or agency thereof in violation of USC 18 (secs. 2, 371, 1036, 1343, 2318) and USC 49 (secs. 46314 and 46316) and 49 CFR (secs. 1540.103 and 1540.105)" (edited for brevity).

4 of 516 comments (clear)

  1. Legal Defense Fund by Anonymous Coward · · Score: 4, Informative

    Soghoian is setting up a legal defense fund. You can learn more and donate at
    http://slightparanoia.blogspot.com/2006/10/legal-d efense-fund.html

  2. Re:Too bad it has to be this way by chazwurth · · Score: 4, Informative

    The line between sensible and thoughtless disclosure is a tricky one though. If the secret society of bad guys already know about it then all bets are off, but how do you know?

    In this case, the vulnerability had been made clear by others months prior to this disclosure. In fact, this wasn't so much a disclosure as much as it was a public demonstration of just how easy it is to exploit the already known vulnerability. ...unless you wanted to make a point and shame an organisation, then it would be foolish and malicious, and possibly illegal.

    Attempting to shame an organization isn't necessarily foolish and malicious. If that organization is a government body charged with insuring your safety, and it is failing spectacularly to do so, you might desire to shame it publicly in order to improve its behavior. Illegal, I'll grant -- and often the law is unjust.

    --
    The plural of 'anecdote' is not 'data'. --Dan Kaminsky
  3. From Senator Schumer's Feb 13, 2005 Press Release by Kanaka+Kid · · Score: 4, Informative
    From Senator Schumer's (D-NY) Feb 13, 2005 Press Release:

    Schumer today laid out the following scenario in which someone on the terrorist watch list can get through airline security undetected:

    1. Joe Terror (whose name is on the terrorist watch list) buys a ticket online in the name of Joe Thompson using a stolen credit card. Joe Thompson is not listed on the terrorist watch list.

    2. Joe Terror then prints his "Joe Thompson" boarding pass at home, and then electronically alters it (either by scanning or altering the original image, depending on the airline system and the technology he uses at home) to create a second almost identical boarding pass under the name Joe Terror, his name.

    3. Joe Terror then goes to the airport and goes through security with his real ID and the FAKE boarding pass. The name and face match his real drivers license. The airport employee matches the name and face to the real ID.

    4. The TSA guard at the magnetometer checks to make sure that the boarding pass looks legitimate as Joe Terror goes through. He/she does not scan it into the system, so there is still no hint that the name on the fake boarding pass is not the same as the name on the reservation.

    5. Joe Terror then goes through the gate into his plane using the real Joe Thompson boarding pass for the gate's computer scanner. He is not asked for ID again to match the name on the scanner, so the fact that he does not have an ID with that name does not matter. [Since Joe Thompson doesn't actually exist it does not coincide with a name on the terrorist watch list] Joe Terror boards the plane, no questions asked.

    Based on the above press release by a US Senator, shouldn't Schumer be charged with similar crimes?

  4. Security post 9/11 by Cr33pybusguy · · Score: 5, Informative

    Security is a joke in airports.

    I was a airplane re-fueler at Edmonton International Airport post 9/11 (Shell Aerocenter 2002-2003) . I can tell you this. EVERY refueler and most baggage handlers carry knives or a multi-tool (ie. leatherman) of some sort. So do many pilots. Why is this? We use them to lever open hatches, latches, open your bags for the video cameras ect. (I shit you not. I know several guys who carry those little keys that fit the little locks on your bags so they can poke around in your bags) It would be a snap for some one on the inside to plant a knife. Or even a small gun.

    But how do you get past security you ask. I'll tell you. We don't. We have our own entrances and exits and these don't use metal detectors or our steel-toed boots would set them off every time. The only thing that is our security check is our id tags. Sure we go through an extensive process before we are issued one but there's lots of criminals working at your airports. That and they aren't that tough to forge. If you have a "friend" at your local DMV you could probably do it.

    So security is tight at the terminal? You can charter a small to large plane at your local FBO. We never check you or your bags. Why would we? We think you are some rich guy who jaunts around on his private jet. Perfect for loading with explosives and plowing into buildings on you jihadic quest.

    But what about the regular people who go through security? Did you know that you are allowed 10 packs of matches but no lighters? I can do a shit load of damage with ten packs of matches and I'm sure you could too! Oh yeah the metal detectors that you walk through aren't sensitive enough to pick up a bic lighter. If you get caught with one. Just say oops, my bad I forgot about it and make sure they see your pack of smokes. They'll take the lighter away and thats it!

    If you are worried when they swab your laptop and you've been chopping some of columbia's finest ontop of it don't worry. They are searching for bomb residue. But here's a secret. They don't swab your MP3 players, video cameras, and cell phones. They just scan them with the machines. I'm not sure how many ounces of high explosive you fit in a video camera but i'm guessing it's a fair amount.

    What about sniffing dogs? I fly all over the place to meet up or disembark from ships. I can't remember the last time I saw one. Why? They are a bitch to train. (pun semi-intended) Something like one out of every 20 makes the grade. And THEN they are split up for K-9 tracking, bomb sniffing, narcotics, sniffing, blind leading ect. The odds of running into a dog is pretty slim unless ou are at one of the well funded big airports. (LAX, Heathrow ect.) Most of the guys who I work with on multi-national ships regularily bring some drugs home. Not alot, but a few grams to help make the welcome home party a bit more welcoming.

    These flaws are just a few I could think of off the top of my head. So whats the point? If you are creative enough (and hackers prove this regularily) and determined enough you can get past and security thats in place. Especially when it's so shoddy like it is at our airports.

    So to be honest some one forging a boarding pass should be the least of their worries. Happy flying!

    --
    Hee Hee The drinking bird does all the work!