Aeroplane
A security researcher created an online service to print fake boarding passes

FBI pulls plug on boarding pass hack

Student launches website to print fake airplane boarding passes

Tom Sanders in California

vnunet.com, 31 Oct 2006

The FBI has forced a security researcher who created an online service for printing fake Northwest Airlines boarding passes to take down his website. 

The PHP script-based online service allowed users to create and print boarding passes for the airline under any name and for random itineraries and seats.

Advertisement

Although the bogus passes would not allow passengers to board a plane, they could be used to pass initial airport security clearing and gain access to the gate area.

Terrorists could use a similar method to bypass security and avoid detection by name-based blacklists.

The website was available from 25 to 27 October, and can still be accessed through Google's cache

The creator of the website is 24 year-old Christopher Soghoian, a computer security graduate student at the Indiana University Bloomington

Soghoian suggested in his Slight Paranoia blog that people could use the fake boarding passes to "meet elderly grandparents at the gate", upgrade to business class or demonstrate the ineffectiveness of the US passenger screening process. 

The service prompted US congressman Edward Markey to call for Soghoian's arrest. The student was presented with an order from the FBI on Friday afternoon, instructing him to take down his website.

Soghoian came home on Saturday to find the glass of his front door smashed. He found an FBI search warrant taped to his kitchen table, and the authorities had seized all his computers and storage media as well as several documents.

Before his apartment was searched, Soghoian ridiculed Markey's comments, pointing out that the idea behind his website has been widely publicised by Senator Charles E Schumer in 2005. 

"Schumer did not produce a PHP script that would do it for you, but he provided detailed enough instructions that a terrorist or evil-doer with basic computer skills could do it," argued Soghoian.

"I have not flown, or even attempted to enter the airport with one of these fake boarding passes. I have not even printed one out. All I have done is create a PHP script which highlights a security hole made public by others before me."

The student has opened a PayPal account where he is soliciting contributions to fund his legal defence.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Have your say on this article

Further reading

Related whitepapers

Related jobs

Most watched

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

More video

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

a padlock

Microsoft to plug security holes

Microsoft has given advance warning of a number of security...

Nokia handset

Top 10 articles, 10 July 09

No Nokia Android phone, ActiveX attacks and Google enters into...

Can Google beat Microsoft at its own game?

Google's announcement this week that it plans to step into...

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Primary Navigation