Slashdot Mirror
FBI Accuses Researcher of Hacking Plane, Seizes Equipment
chicksdaddy writes: The Feds are listening, and they really can't take a joke. That's the apparent moral of security researcher Chris Roberts' legal odyssey on Wednesday, which saw him escorted off a plane in Syracuse by two FBI agents and questioned for four hours over a humorous tweet Roberts posted about his ability to hack into the cabin control systems of the Boeing 737 he was flying. Roberts (aka @sidragon1) joked that he could "start playing with EICAS messages," a reference to the Engine Indicating and Crew Alerting System.
Roberts was traveling to Syracuse to give a presentation. He said local law enforcement and FBI agents boarded the plane on the tarmac and escorted him off. He was questioned for four hours, with officers alleging they had evidence he had tampered with in-flight systems on an earlier leg of his flight from Colorado to Chicago. Roberts said the agents questioned him about his tweet and whether he tampered with the systems on the United flight -something he denies doing. Roberts had been approached earlier by the Denver office of the FBI which warned him away from further research on airplanes. The FBI was also looking to approach airplane makers Boeing and Airbus and wanted him to rebuild a virtualized environment he built to test airplane vulnerabilities to verify what he was saying.
Roberts refused, and the FBI seized his encrypted laptop and storage devices and has yet to return them, he said. The agents said they wished to do a forensic analysis of his laptop. Roberts said he declined to provide that information and requested a warrant to search his equipment. As of Friday, Roberts said he has not received a warrant.
Roberts was traveling to Syracuse to give a presentation. He said local law enforcement and FBI agents boarded the plane on the tarmac and escorted him off. He was questioned for four hours, with officers alleging they had evidence he had tampered with in-flight systems on an earlier leg of his flight from Colorado to Chicago. Roberts said the agents questioned him about his tweet and whether he tampered with the systems on the United flight -something he denies doing. Roberts had been approached earlier by the Denver office of the FBI which warned him away from further research on airplanes. The FBI was also looking to approach airplane makers Boeing and Airbus and wanted him to rebuild a virtualized environment he built to test airplane vulnerabilities to verify what he was saying.
Roberts refused, and the FBI seized his encrypted laptop and storage devices and has yet to return them, he said. The agents said they wished to do a forensic analysis of his laptop. Roberts said he declined to provide that information and requested a warrant to search his equipment. As of Friday, Roberts said he has not received a warrant.
What's the difference? A bomb has the potential to destroy the plane and kill everyone on it. A spurious warning message on a cockpit display has the potential to divert the plane to an alternate airport (although my guess is they would just look into the cabin, see that the oxygen masks hadn't deployed, and continue as scheduled).
I know that seems logical, but that's not how it works.
For the moment, accept the notion that threatening people with scary behavior (O2 mask dropping) is a crime. Be real, it's a crappy thing to do. Then the laptop is the tool used (threatened to be used) in the commission of that crime. If the O2 masks were triggered on a Morsecode interface, and he had a morse code key, they would take that too. They can hold that evidence until the DA decides to press charges. No, they can't come into his home now and take things, but what other tool would he be using to commit the crime with?
If he was waving a pitchfork around threatening skewer people's luggage, they'd have the pitchfork in evidence. If you slam a cream pie into an official's face, they'll hold onto your pie plate.
He has every right not to reveal his password, and if they try to keep his laptop after the court system is through with case, this is wrongful seizure. But while the legal process is working, the pitchfork, the pie plate and the Macbook are going to get to know each other a little better.
a) The plane manufactures aren't creating a vulnerability; yup, commercial internet equipment is vulnerable. Big surprise. However, the assertion that it creates a vulnerability in another system is just bullshit. However, I know a hell of a lot more about avionics design than the average slashtard, so the retardedness spewed here is understandable. Small example; there is no dynamic memory allocation on flight safety critical systems.
b) To the FBI's level of understanding, the guy demonstrated a) intent, b) ability and c) claimed to be doing such. What they did was absolutely correct, and the seizure was clearly part of the arrest. Yes, they need a warrant to get his password, but from their level of understanding (we don't expect cops to be rocket scientists or avionics engineers) they made the right call.
Here is the tweet.
Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)
To me that is not a comment about airplane security but a threat to tamper with airplane operations. Making a comment is legal making a threat is not.