All the latest UK technology news, reviews and analysis
|
|
|
31 Oct 2006
The FBI has forced a security researcher who created an online service for printing fake Northwest Airlines boarding passes to take down his website.
The PHP script-based online service allowed users to create and print boarding passes for the airline under any name and for random itineraries and seats.
Although the bogus passes would not allow passengers to board a plane, they could be used to pass initial airport security clearing and gain access to the gate area.
Terrorists could use a similar method to bypass security and avoid detection by name-based blacklists.
The website was available from 25 to 27 October, and can still be accessed through Google's cache.
The creator of the website is 24 year-old Christopher Soghoian, a computer security graduate student at the Indiana University Bloomington.
Soghoian suggested in his Slight Paranoia blog that people could use the fake boarding passes to "meet elderly grandparents at the gate", upgrade to business class or demonstrate the ineffectiveness of the US passenger screening process.
The service prompted US congressman Edward Markey to call for Soghoian's arrest. The student was presented with an order from the FBI on Friday afternoon, instructing him to take down his website.
Soghoian came home on Saturday to find the glass of his front door smashed. He found an FBI search warrant taped to his kitchen table, and the authorities had seized all his computers and storage media as well as several documents.
Before his apartment was searched, Soghoian ridiculed Markey's comments, pointing out that the idea behind his website has been widely publicised by Senator Charles E Schumer in 2005.
"Schumer did not produce a PHP script that would do it for you, but he provided detailed enough instructions that a terrorist or evil-doer with basic computer skills could do it," argued Soghoian.
"I have not flown, or even attempted to enter the airport with one of these fake boarding passes. I have not even printed one out. All I have done is create a PHP script which highlights a security hole made public by others before me."
The student has opened a PayPal account where he is soliciting contributions to fund his legal defence.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
UK Based Channel Sales Executive - Security and Service...
Graduate Developer - Manchester. My client has an opening...
.Net Graduate Developer - Manchester. My client is looking...
Accounting Business Analyst/Systems Accountant (Back...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
That is a statement Chris!
You say the question is and then make a statement with a question mark attached. A question starts with for example: "What would have happened? You just tell us what you think would happen. I wondered why I was asked to take off my shoes in an airport search, it was Chris, he 'soled' the idea to terrorists. Chris the word is 'sold' a derivative of the verb 'to sell' The point is, all hackers should be fined and jailed when they are caught and banned from using a computer. ASM
Posted by: A. Stephen Mark 01 Nov 2006
The Real Question
The real question is if this rather massive security hole hadn't been pointed out by a rather "average" american then it wouldn't have been evident, it would however have been left open to be exploited by someone else, someone else who would more than likely not made it publicly available and may have soled it to terrorists? So surely the gentleman in question has done the US a favour?
Posted by: Chris 31 Oct 2006