Charges Dropped In Fake Boarding Pass Case

An anonymous reader writes, "Investigators have dropped the criminal case against Christopher Soghoian after satisfying themselves that he acted without criminal intent. The grad student had created a web site capable of printing fake airline boarding passes. Soghoian is quoted: 'If they fix the airport security problems... then this entire process has been worth it. If they don't fix airport security, then... what was the purpose?'" Soghoian's blog has insightful comments about the divide between security researchers and government officials on subjects such as TOR.

Security, hah, I penetrated it by accident

[Ancient_Hacker]

I was innocently looking for some bar-code scanners ( I was hoping to label my books with bar codes ), and bid on a batch of 9 of them on eBay.

Got them for under $1 each.

To my dismay, they can't read standard bar codes.

To my amusement, and dismay, I figured out WHY they wouldnt read standard bar codes.

Some airline sold them to a liquidator. With their custom code in the flash memory to scan their baggage and boarding pass tags.

It wasnt too hard to learn all this. Every scanner had several stickers on it with diagonal red stripes and phrases like

"/// SECURITY DEVICE #xxxxxxxx/// "

"/// USER MUST HAVE SIGNED CONFIDENTIALITY AGREEMENT A8R55-2/// "

"/// FIRING OFFENSE TO REMOVE FROM RED ZONE (UNION HBK, PG 37)/// "

"/// DEADULUS & EARHART AIRLINE CUSTOM FIRMWARE VERSION 1.22"/// .

I wonder what their thought processes where?, something like:

• These old hand scanners are getting dirty, let's throw them away.... Wait, there's probably a few cents of value left in them, lets sell them to that liquidatior, you know, the one that pays us $20 per pallet of old stuff.
• Never mind these will help somebody impersonate a baggage loader or gate agent.
• Never mind someone can use them to validate that their tag-faking software is printing out valid tags.
• just, never mind.

Re:Paranoia

[m3tr1k]

First and foremost, I've been a slashdot lurker, and finally registered for an account because I think I have something of value to say here.

So, I think you guys have totally overlooked the point of all this. The way he talks about fixing the airline boarding pass security issue highlights to me that he is a security minded individual and has taken this step because he's noticed a vulnerability and has generated a proof of concept to illustrate the need for reform. This is often the only way to spark change rapidly in a ginormous looming organization as many of these airlines are. In my opinion, this public disclosure of a vulnerability is no different than the daily postings on SecuriTeam or Remote-Exploit or similar sites.

I see the argument then being "well, he probably said that to get out of a lawsuit". While I'm in no position to agree or disagree, from a larger perspective, even if that was the case, this vulnerability has been address, the ball is in the airlines court to clean up their mess. He knew that was how it would go down, and that makes this guy a whitehat. He convinced the FBI of this, and thats why they dropped the charges. We may not have the most reliable and efficient government in the world, but hey at least they are trying to embrace technology. I'd like to think that our government recognizes the need for public disclosure of *SOME* vulnerabilities to enact change... but that may be too optimistic of me.

Security is never absolute, and I am a firm believer that we cannot enhance our own security without first understanding how to break it. This guy is the bug finder, who will fix the bug? Long story short --> chalk one up for the whitehats!

And if dude wasn't white? Well .. I'm not touching that with a ten foot pole-arm +1 even.

just my .02
peace'n'reallylouddrumandbass ;P

-Mars

Re:Paranoia

[Fallingcow]

They could be instilling real terror on a daily basis but they're not! Hell, even failed attempts to blow up stuff would instil terror as it would confirm that they are still trying! It doesn't make any sense, unless they're simply not as powerful as we are being led to believe, in which case why are the politicians still trying to take away our freedoms?

BINGO.

Been saying this since ~6 months after 9/11.

Rummy also told us that A.Q. had several super-high-tech underground bases in Afghanistan, any one of which would have made Cobra Commander or Dr. Evil proud. Did you see the diagrams of them that the Whitehouse produced? It was some hilarious bullshit.

The lying didn't start with Iraq. A lot of people have forgotten, I think, the degree to which the Bush administration was spewing what should have been easily exposed as lies (I guess a lot of people fell for them; if Bush has achieved nothing else, he's convinced me that people are, on average, way, way dumber than I thought they were) since 9/12/01. They lied to hype up the war in Afghanistan, and they lied to exaggerate Al Qaeda's ability to project meaningful force into the U.S. Remember them saying how there were dozens or hundreds of "sleeper cells" here just waiting to be activated? What happened to that? They certainly haven't found any (thought they did a couple of times, turned out that they were just incompetent as usual) nor have we been attacked again, and they've stopped talking about it.

Remember the short-lived "Total Information Awareness" office whose first public message was to encourage U.S. citizens to spy on their neighbors? Ha!

This administration has been lying to us and manipulating us from the beginning. The willingness of most people here to accept it has convinced me that, excepting the unlikely chance that education will be overhauled, the dream of America is doomed. The country may survive, but our ideals, which began slowly dying as soon as the ink on the Constitution had dried, are dead, and cannot be saved in our lifetimes.

It turned out that We the People were just too dumb (or were made to be too dumb) to handle it. Let it be said that the final blow was struck by mass ignorance and apathy.