Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Congressman Calls for Arrest of Security Researcher

Zonk posted more than 7 years ago | from the that's-a-pretty-cool-project dept.

574

Christopher Soghoian writes "Yesterday, I published a tool that allows you to Create your own boarding pass for Northwest flights. This was an attempt to document the fragile and broken state of identity/security for domestic flights in the US. Today, Congressman Markey (D-Mass) has called for my arrest." From the ABC article: "'I don't want to help terrorists or help bad guys do bad things on airplanes, but what we have now is what we in the industry call security theater. It's made to make you think you're secure without actually making you secure,' Soghoian said. 'As a member of the academic research community, I consider this to be a public service.' Soghoian admits that he hasn't actually tried to use one of the boarding passes yet."

cancel ×

574 comments

Sorry! There are no comments related to the filter you selected.

Well well well (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#16616508)

frosty piss

Another politician... (0, Troll)

bluebanzai (668397) | more than 7 years ago | (#16616516)

Another politician calling for action in places without even thinking. Massachusetts has a Hillary too?

Ummm. The First Amendment? (4, Interesting)

mbstone (457308) | more than 7 years ago | (#16616518)

The prosecutors would never file a criminal case, because it would be quickly thrown out on First Amendment grounds? Wouldn't it?

Re:Ummm. The First Amendment? (3, Insightful)

soft_guy (534437) | more than 7 years ago | (#16616568)

The prosecutors would never file a criminal case, because it would be quickly thrown out on First Amendment grounds? Wouldn't it?

With a supreme court with 7 republican appointees? I doubt it.

Re:Ummm. The First Amendment? (3, Informative)

yorktown (947019) | more than 7 years ago | (#16616876)

Unfortunately, the Supreme Court takes a very loose view of what the Constitution says. For example, it considers building a hotel and condominiums as "public use" for the purposes of eminent domain. http://en.wikipedia.org/wiki/Kelo_v._City_of_New_L ondon [wikipedia.org]

Note that all four of the dissenting justices in the Kelo decision were appointed by Republicans.

Re:Ummm. The First Amendment? (1)

Hijacked Public (999535) | more than 7 years ago | (#16616922)

And a Democrat calling for the arrest?


Oh no, both parties must be in on this together! I know my face sure is red.

Re:Ummm. The First Amendment? (5, Insightful)

Tackhead (54550) | more than 7 years ago | (#16616578)

> The prosecutors would never file a criminal case, because it would be quickly thrown out on First Amendment grounds? Wouldn't it?

Much like the guy who looks at your boarding pass, you're trusting your life to something that's just a goddamn piece of paper.

Re:Ummm. The First Amendment? (0)

Anonymous Coward | more than 7 years ago | (#16616936)

Wow. Amen.

not likely (2, Insightful)

Quadraginta (902985) | more than 7 years ago | (#16616600)

I doubt it. It's hard to see how faking a boarding pass can be considered some kind of "political speech," which is about the only kind of speech that has near-absolute protection under the First Amendment.

Otherwise, you know, you couldn't be prosecuted for faking a bill of sale for a car, or a life insurance policy, or printing counterfeit currency, or most other forms of fraud that involve a printed document -- and you surely can.

Re:not likely (0)

James_Aguilar (890772) | more than 7 years ago | (#16616670)

I too doubt that political speech would cover this case. I understand what the guy is trying to do, but you've got to be pretty fucking naive to think that you could release this kind of vulnerability and avoid any negative repercussions. Come on, security researchers, you know what the political climate is! Is there no other way to point out that something may be easily forged besides actually creating a tool to forge it!?

Re:not likely (4, Insightful)

Fulcrum of Evil (560260) | more than 7 years ago | (#16616770)

Come on, security researchers, you know what the political climate is! Is there no other way to point out that something may be easily forged besides actually creating a tool to forge it!?

No, because anything less will be dismissed as fearmongering.

Re:not likely (1)

twistedsymphony (956982) | more than 7 years ago | (#16616836)

exactly... I believe this is what we call "Taking one for the team".

Re:not likely (5, Informative)

kfg (145172) | more than 7 years ago | (#16616684)

Otherwise, you know, you couldn't be prosecuted for faking a bill of sale for a car, or a life insurance policy, or printing counterfeit currency, or most other forms of fraud that involve a printed document -- and you surely can.

I just created a fake bill of sale for a car. I have committed no crime, because I have not proffered it as genuine to anybody.

Fraud is a crime of intent.

KFG

Re:not likely (4, Insightful)

finkployd (12902) | more than 7 years ago | (#16616702)

No, you can be prosecuted for attempting to pass these off as real, but not just printing them (well, in the case of money that may not be true). Obviously, this guy was not encouraging people to print them and break the law and threaten national security, he was attempting to make a point about how silly our pseudo-security efforts regarding airlines are. In the collective mind of the federal government, educating the public just how ineffective most security measures are is probably the more more dangerous scenario though.

Finkployd

Re:not likely (1)

Tim C (15259) | more than 7 years ago | (#16616756)

I suspect very strongly that in the case of money, simply having the means to create counterfeit bills will probably land you in a whole heap of trouble. Governments tend not to have much of a sense of humour when it comes to that sort of thing.

10 years ago, in this case, I'd have laughed if somone had suggested the guy could be arrested just for this. Since the attack on the WTC, however...

Re:not likely (1)

raehl (609729) | more than 7 years ago | (#16616916)

No, you can be prosecuted for attempting to pass these off as real, but not just printing them

But you could be civilly sued for violating NWA's trademark and copyright.

Re:not likely (2, Funny)

Hijacked Public (999535) | more than 7 years ago | (#16616956)

And you definitely don't want a pissed off r. Dre knocking on your front door.

Re:not likely (2, Insightful)

MoreBonez (968956) | more than 7 years ago | (#16616820)

I doubt it. It's hard to see how faking a boarding pass can be considered some kind of "political speech," which is about the only kind of speech that has near-absolute protection under the First Amendment.
But he's not faking a boarding pass. He published a tool that allows it to be done in order to make a point about aviation security, which is regulated by the government. Sounds like political speech to me.

Whether that argument would hold up in court while he's being accused of helping terrorists is a different question.

Re:not likely (1)

SnowZero (92219) | more than 7 years ago | (#16616868)

I think it would have been more responsible on the researcher's part if he had simply announced that he could make fake boarding passes, rather than fielding a system for doing so. As an undergrad, I found some holes in our university IT system, and in the grading systems for two classes I took. Instead of exploiting it, I told the people in charge so they could fix it. There are cases where the person with the problem won't admit it, and wants you to keep it secret. In those cases you might eventually have to go forward and release an exploit to make people listen.

Security research is a good thing, and the self-printed boarding passes really are a joke (I never use them since I think they are a stupid idea). However, as an analogy, you don't need to rob an ATM in order to show a weakness in the US banking system. If you look at the default name for the boarding pass generator, you really can see how this guy is trolling for trouble. Somebody bit.

Re:not likely (3, Interesting)

dgatwood (11270) | more than 7 years ago | (#16616910)

Passing a fake bill is illegal. Selling a printing press is not, even if that printing press can be used to print bills.... Telling people how to make a plate based on existing currency... it's the same as making any other kind of plate, so also not illegal in all likelihood.

There isn't anything here that hasn't been obvious to every single person who reads Slashdot for years. It's all smoke and mirrors, and anyone with even a modest level of intelligence knows this, not just geeks. The only thing surprising here is that we have a Congressman who is so completely computer illiterate and clueless that he actually believes that the stuff in this article would be a surprise to anyone.

You know, now that I think about it, given the quality of federal legislation in the past few years... it's not really that surprising after all. In fact, it explains a lot.

Re:Ummm. The First Amendment? (1)

kfg (145172) | more than 7 years ago | (#16616638)

The prosecutors would never file a criminal case, because it would be quickly thrown out on First Amendment grounds?

We don't need no stinkin' court.

KFG

Re:Ummm. The First Amendment? (4, Funny)

finkployd (12902) | more than 7 years ago | (#16616640)

Clearly you do not understand that we are at war. Anything that the Whitehouse defines as terrorism related or critical to our war effort is off limits to your constitutional whining. to suggest otherwise indicates that you clearly need some waterboarding, you filthy enemy combatant.

Finkployd

Re:Ummm. The First Amendment? (1)

dark_requiem (806308) | more than 7 years ago | (#16616694)

Oh, that's rich. Really funny. Who needs criminal convictions and constitutional law when you could just classify the guy as an "unlawful enemy combatant" and lock him up with no charges and no recourse? The first amendment? You're living in a fantasy land of yesteryear my friend.

Re:Ummm. The First Amendment? (1)

BSAtHome (455370) | more than 7 years ago | (#16616824)

Killing (arresting) the messenger isn't going to work. It never has and it never will. You actually get the opposite result because the knowledge goes underground. Ruling by fear is not a lasting prospect.

Re:Ummm. The First Amendment? (1)

bumptehjambox (886036) | more than 7 years ago | (#16616698)

First Amendment isn't a pass to do whatever you want. I mean I COULD make a fake insurance card for my car and save a few hundred bucks each year, it'd be easy, god I want to, but it's illegal and would get me in big trouble. Faking a boarding pass is like faking a ticket for a concert or something, first of all- it's stealing, but nowadays with security precautions and such it is also treason... or conspiracy... or whatever...

Re:Ummm. The First Amendment? (0)

Anonymous Coward | more than 7 years ago | (#16616794)

Its only stealing if you use it. If you havent used it or tried to pass it off as real then its just a piece of paper with ink on it.

Re:Ummm. The First Amendment? (1, Interesting)

rthille (8526) | more than 7 years ago | (#16616830)

Been in that cave long?

They don't have to file a case. Congress did away with Habeas Corpus recently, so they can just 'disappear' you, like all the other terrorists...

I'm really thinking that armed insurrection is going to be coming soon to the U.S....

Re:Ummm. The First Amendment? (1)

jcr (53032) | more than 7 years ago | (#16616932)

If congressman Markey is a lawyer, his obvious lack of familiarity with the US constitution should be grounds to revoke is license to practice law: obviously he must have cheated on his bar exam.

-jcr

This is nothing new.. (4, Insightful)

RightSaidFred99 (874576) | more than 7 years ago | (#16616522)

You could have just used an old boarding pass or copied an old one, or scanned and photoshopped an old boarding pass and changed the date/time.

Or, gee, the terrorists could just have someone else buy a plane ticket, or buy it themselves, or buy for a different flight, whatever.

The whole thing is ridiculous. It's ridiculous that this is thought to be some newly discovered weakness, and it's ridiculous that the powers that be are actually getting upset over it.

Re:This is nothing new.. (1)

foobsr (693224) | more than 7 years ago | (#16616808)

it's ridiculous that the powers that be are actually getting upset over it

Then, how much power do they have?

CC.

This is actually quite brilliant (5, Insightful)

panaceaa (205396) | more than 7 years ago | (#16616866)

There IS brilliance behind his idea. Perhaps you didn't read it... but basically, you can fly on a fake identity without any screening of your actual identity.

1) Go to 7-Eleven and buy a pre-paid credit card with cash using a fake name. This will be the name you fly under.
2) Buy a ticket with this credit card.
3) Print out an ADDITIONAL ticket for your real identity. He gives you an HTML form to do this.

Now, show up at the airport. Go through security with the fake ticket... it will match your ID, but since it's not in any computer systems, they won't check to see if you're on the no-fly list. When at the gate, provide the ticket you actually bought. Nowadays you don't need an ID at the gates anymore -- just have your ticket scanned and hop on the plane!

Now, I'm not exactly sure if you can check bags. If you have to go to the counter before security, they ask for your ID. But if you can avoid that (and you can now, as far as I know), you can fly on a fake identity.

Re:This is nothing new.. (1)

nospam007 (722110) | more than 7 years ago | (#16616924)

Or, gee, the terrorists could just ...,... buy it themselves, or buy for a different flight, whatever.
--
Try to buy a one-way ticket, cash, with a Saudi passport and you'll see that printing one yourself is easier on your rectum.

where do you sit?? (1)

commodoresloat (172735) | more than 7 years ago | (#16616928)

Another problem with this is, what good is a fake boarding pass? Remember, the 9-11 hijackers used real boarding passes; all this can do at best is save you a few hundred bucks -- hardly a big deal if you're willing to kill yourself on an airplane to make some kind of point. The biggest problem I see is, let's say you get your fake boarding pass and you manage to get onto the plane with it; then what? Where the hell are you going to sit? Pick an empty seat; then when the real passenger shows up, your forgery will quickly be discovered; pick a full flight and you're gonna look pretty obvious standing around in the aisle when it's time for the plane to take off.

Re:where do you sit?? (1)

panaceaa (205396) | more than 7 years ago | (#16616960)

You use the fake boarding pass to create a pass for your real identity. This gets you through security. Then you buy an actual ticket using a fake identity, and you sit in that seat when you get on the plane. (You also use the real ticket at the gate for boarding -- they don't verify IDs there.)

Get a job (-1, Troll)

Anonymous Coward | more than 7 years ago | (#16616524)

For fuck's sake, get a job and stop bothering patriotic US-American companies, you fucking commie.

He is not alone (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#16616532)

I think you should be arrested too. Your little "experiment" is dangerous and illegal. Carrying a gun past the security checkpoint just to show that the checkpoint sometimes misses detecting weapons is a crime. You sir, have committed a similar crime. My only advice to you is: get an attorney and watch out for your cornhole.

Arrest? (4, Insightful)

Anonymous brave dude (950545) | more than 7 years ago | (#16616536)

So, some guy said he should be arrested. Does that mean anything?

Re:Arrest? (1)

JourneyExpertApe (906162) | more than 7 years ago | (#16616632)

When he's a congressman, I'd say it does. Although technically a member of the legislative branch, not the executive, a congressman can be very influential.

Re:Arrest? (0)

Anonymous Coward | more than 7 years ago | (#16616696)

Of course not, but Zonk and the editors love to stir shit up to rile up the slashbots and increase pagehits.

They are using this site to influence the coming elections on Nov. 7. This place has changed from "news for nerds" to "political platform for us editors".

Re:Arrest? (1)

creimer (824291) | more than 7 years ago | (#16616716)

It's an election year. Some ambitious prosecutor will step up to the plate and file charges for 15 minutes of media fame. It's like the old king saying to himself, "Won't anyone get rid of this meddlesome priest?", and a half-dozen knights running out the door to finish the job.

Yes and no (1)

rewt66 (738525) | more than 7 years ago | (#16616726)

It doesn't mean that the guy will be arrested, no. So in that sense, it doesn't mean anything at all.

On the other hand, it isn't just "some guy", a Congressman said that he should be arrested. This means that we have semi-hysterical, technically clueless blowhards deciding national policy. I think that means something, and what it means is really bad...

Re:Arrest? (3, Insightful)

camperdave (969942) | more than 7 years ago | (#16616962)

Yes, it means that politicians are not interested in fixing the problems, but in hushing up the whistle blowers. It's the age old problem of killing the messenger.

Not only boarding passes... (2, Insightful)

GillBates0 (664202) | more than 7 years ago | (#16616544)

...it also amazes me immensely, how a simple 'printout' passes as an 'authentic' document in a variety of situations.

The wide spread use of e-commerce has expedited the adoption of regular printouts as tickets, receipts, passes and other situations I can't think of right now.

Are people so dumb as to not realize, how simple their official 'logos' are to create using an image processing software? Agreed, most of these 'receipts' merely provide a number, which acts as an 'index' in some internal database somewhere.

But this guy does have a point. Merely admitting a person holding a an easily reproducible printout of an 'eticket' or boarding pass is just lame.

Re:... but Costco store cards as well.... (1)

mikael (484) | more than 7 years ago | (#16616980)

A woman managed to board an international flight using only her storecard as proof of identity instead of a passport...


passenger used her costco card to get on flight

Newark (4, Insightful)

From A Far Away Land (930780) | more than 7 years ago | (#16616550)

Listening to the radio this morning, they said Newark airport staff failed 20 of 22 tests involving guns and bombs being smuggled past security by undercover agents. Airport "security" is a joke, and a distraction from real issues. When they stop taking away your toothpaste and maple syrup in the carry-on luggage, maybe then I'll take something about airports seriously again.

Re:Newark (0)

Anonymous Coward | more than 7 years ago | (#16616730)

so we should just stop screening for weapons, let people pack whatever they want in their carry-on, and not require tickets/boarding passes, since none of those requirements is fool-proof?

Re:Newark (2, Insightful)

Macthorpe (960048) | more than 7 years ago | (#16616856)

You are suffering from a frighteningly advanced case of "Two-tone perception disorder".

Just because he doesn't want security taking away his toothpaste doesn't mean he advocates allowing firearms on a plane.

Re:Newark (1)

wrackedmind (902061) | more than 7 years ago | (#16616784)

They never took my toothpaste.

Democratic morons like ... (-1, Troll)

Anonymous Coward | more than 7 years ago | (#16616560)

Democratic morons like this Congress critter will prevent the takeover of the Congress by the Democratic Party. If the idiots in the Democratic party would just keep their mouths shut, then they just might sweep the election in November. The Republicans have completely messed up in so many areas: Iraq, page scandal, etc.

If the Democrats snatched defeat from the jaws of victory, then they deserve to lose. Morons.

Creating loopholes? (4, Insightful)

pjt33 (739471) | more than 7 years ago | (#16616566)

It's astounding that Markey thinks that the website which prints fake boarding passes is creating a loophole. Politicians may not have a grasp of technology, but it only takes common sense to see that the loophole exists independently of any specifictool which creates the document to exploit it.

Re:Creating loopholes? (1)

oGMo (379) | more than 7 years ago | (#16616644)

I think the problem is they don't have a grasp of common sense, either.

Re:Creating loopholes? (1)

creimer (824291) | more than 7 years ago | (#16616762)

They're too busy grasping at the pages.

odd logic (1)

Quadraginta (902985) | more than 7 years ago | (#16616722)

Mmmm....so since your ability to be killed by a giant fireball exists independently of any specific tool (e.g. a nuclear bomb) that exploits it...you would perhaps also think it would be contrary to common sense to call for restrictions on who can possess (or publish on the Web directions for building) a nuclear bomb?

Re:Creating loopholes? (1)

raehl (609729) | more than 7 years ago | (#16616758)

It does create a slight loophole. Let's say I'm on the no-fly list. If I try to enter the terminal on a boarding pass with a different name and no ID, I'll get more thurough screening. This would let me print a fake boarding pass with my name and enter the terminal using ID, then fly on the real boarding pass with the fake name.

Also, if I am flagged for extra screening, it allows me to avoid it - I just note that the "extra screening" code has been noted on my boarding pass, then use my trusty fake boarding pass without the flag written on it to get through security without the extra screening.

So this does illustrate that a lot of the 'security measures' (no fly lists, random extra screening) are, indeed, security theater - you don't have to do any of them if you don't want to.

But that's not to say checking ID's is pointless. People don't understand the REAL (undocumented) reason that your ID is checked at the security line.

It USED to be, many years ago, that ANYBODY could go into the terminal, whether they were going to fly or not. Of course, everyone has to be screened, even if you're not flying, which uses resources.

Checking ID's reduces the number of people going through security. That's it. It's not designed to keep any particular person out (since you don't have to show ID anyway), it just means that less people are likely to go through security who are not actually flying. This reduces the number of people that need to be screened, and thus reduces the amount of money that needs to be spent on equipment and screeners.

At worst, all this website does is make it easier for people to fly on tickets that are not their own, which is a profit concern for the airlines, not a security concern for the traveler.

Another article mistake.... (1)

Hap76 (995519) | more than 7 years ago | (#16616576)

I think the correct title of the congressman is "Edward Markey (D-Ass)".

Then again, maybe ignorance of reality is a job requirement for his position - if not, how would Congress ever come up with a budget?

Re:Another article mistake.... (1)

DrTacos (1005367) | more than 7 years ago | (#16616674)

D means democrat. All democrats are asses.

Re:Another article mistake.... (1)

creimer (824291) | more than 7 years ago | (#16616804)

I thought "D-Ass" was for shorthand for "Dumb Ass". A lot of politicians fit into that category.

Re:Another article mistake.... (0)

Anonymous Coward | more than 7 years ago | (#16616712)

The correct term is actually "(D-Masshole [wikipedia.org] )", which is what the rest of New England call people from the Gay State.

If you couldn't tell from John Kerry and Ted Kennedy, Massholes aren't exactly known for their intelligence and reasoning skills.

It hardly comes as any surprise that a Masshole would think that the only way to solve a problem with people forging documents is to destroy the tools they use to create them - ignoring that the evil people probably already can do this without the website.

I can see it now.. (1, Interesting)

The Living Fractal (162153) | more than 7 years ago | (#16616584)

(airport announcer over intercom) Boarding Northwest Flight 171 has begun...

Passenger 1, with fake ticket, gets to seat 13F first. Sits down and gets comfortable.
Passenger 2, with real ticket, gets to seat 13F, finds someone else in their seat, and politely claims that it is their seat.
Passenger 3 gets to seat 13F, finds two people arguing over whos seat it is, and considers his mistake.
Flight attendant 1 arrives on scene, cannot determine who is the proper passenger, and has Air Marshall 1 escort them both off the plane, where the receive black bags over their heads and are both never heard from again.

Passenger 3, like passenger 1, forgot to change the seat number they printed for the fake ticket they heard would work 'from a friend on the internet'.

But, let's be serious for a minute. This would never work for actually getting to FLY somewhere. You would get into the seat dispute and the person with the real ticket would win every time. And you'd end up in a dark, dark room with FBI agents, then finally in prison for a long time. Gee, that was worth it.

Of course, the real threat is probably just being able to get to the plane. So, point taken. And it truly is a sad state of affairs for security. I am curious to see if this guy gets arrested and if so, convicted of a crime.

TLF

Re:I can see it now.. (1)

Seantotheizzo (1011799) | more than 7 years ago | (#16616658)

Haven't you guys ever flown on an airplane before? Or even a concert? They scan the barcode on the ticket. If you tried to rescan the same barcode, it would tell you the ticket has already been admitted. They would then flag security and handle it however. There would be no two people trying to sit in the same seat.

At the very least, if this exploit were a real threat, it would have to somehow avoid that, which seems impossible to me.

Re:I can see it now.. (1)

equex256 (927355) | more than 7 years ago | (#16616660)

Not all flights are full so it won't always become a dispute. But they count the passengers against the boarding passes, i suppose.

Re:I can see it now.. (1)

equex256 (927355) | more than 7 years ago | (#16616738)

They count confirmed passengers (from the ticket order database, same one they use to call up missing/late passengers after normal boarding has occured) against the boarding passes, i suppose.

Re:I can see it now.. (1)

Volante3192 (953645) | more than 7 years ago | (#16616686)

Well, then you just have someone use the online booking system to see if there's still a seat available and, if so, where, then call you. I know United has this option. Pretty sure NWA does too.

Re:I can see it now.. (1)

James_Aguilar (890772) | more than 7 years ago | (#16616752)

AFAIK, the tool does not make a real barcode. You wouldn't even get past the gate.

Re:I can see it now.. (1)

JourneyExpertApe (906162) | more than 7 years ago | (#16616760)

I could have sworn that the last time I flew, they actually scanned my ticket before I boarded. If they don't do this, then they definitely should. How hard would it be to check the barcode on a ticket against a database of tickets that have actually been sold?

Re:I can see it now.. (1)

codeshack (753630) | more than 7 years ago | (#16616768)

No, it wouldn't. The last time someone sat in my seat on a plane, I didn't call the f'ing Air Marshals -- I noted it politely and they moved without incident. Most flights aren't booked full (and you can see in advance on the Web if they are or not.)

The point is that people on the no-fly list can get onto planes. Whether that's a real threat is the issue -- nobody's going to be able to guess the index numbers in Northwest's database of "real tickets", but they sure can falsify their information.

-1, Redundant (0)

Anonymous Coward | more than 7 years ago | (#16616800)

If you had read the article you would have seen the bold text stating that the boarding passes are not 'real' and would not get anyone aboard a flight.

In any case, your conclusions are flawed. If these faux passes could get Passenger 1 aboard a flight, he or she would simply move to another seat when Passenger 2 arrives. A more likely scenario is that Passenger 1 would probably just occupy one of the lavatories until the flight was completely seated, and then take an empty seat.

Re:I can see it now.. (1)

jonin (471268) | more than 7 years ago | (#16616802)

I understand that no ones RTFA so let me sumarize, but the article discusses how to purchase a legitimate ticket with a legitimate seat on the flight without using your real identity or purchasing a legtimate seat and using a printout of a similar ticket to get past security.

Re:I can see it now.. (1)

R3d M3rcury (871886) | more than 7 years ago | (#16616930)

Well, first, a boarding pass can get you to the gate. From there, you can force your way onto a plane.

Remember the guy who stormed the gate at BWI Airport back in '70s? He was going to hijack a plane and crash it into the White House and kill Nixon? Ah...found it [wikipedia.org] .

Obviously, it'd be trickier to get through security with a .22 and a couple of gallons of gasoline than it was in 1974...

Politics got a little more fake... (1)

bumptehjambox (886036) | more than 7 years ago | (#16616590)

It seems as if he's doing this to show that "Democrats are hard on terror too" to get that much needed vote from the thousands of very unsure voters. The fact is, as the article states, this isn't getting you on a plane. It will get you through the security checkpoint, but that does nothing really. This is entirely political, and pathetic. I hope this isn't an indication of how desperate Democrats are for a vote, if so, they're surely doomed. Atleast I'm used to it by now :/

Re:Politics got a little more fake... (1)

subtilior (694729) | more than 7 years ago | (#16616896)

Naah this is typical Democrat ignorance. If you think the Dems are better than the Repubs, wait til they get into power - leftist parties are generally harder on civil rights than rightists, if only 'cos they feel they have less to lose and more to gain by putting up a show of strength. The actual reason why we're losing our freedoms is that we have a very very broad suffrage in our current political systems, and cos the majority of working stiffs don't give a toss for freedom when they can have comfort. If the suffrage was restricted to people with more of a stake in the fortune of the nation, we would have a better record for retaining our liberties. viz. the 19th century, for example.

Arrest me! (1)

Seantotheizzo (1011799) | more than 7 years ago | (#16616594)

I know how to print out fake money.

Although, I've never tried to use it.

Arrest me, and I'll try to post bail with it :D

Re:Arrest me! (1)

zen-theorist (930637) | more than 7 years ago | (#16616720)

1011799? dude you need to learn to fake your /. userid first.

but of course (4, Interesting)

Phantom of the Opera (1867) | more than 7 years ago | (#16616598)

This whole homeland security mindset is not one of rationality. It is one of panic. There is an element of OMG - he's giving the badguys ideas. This call to arrest him is probably more along the lines of OMG - he's giving passengers the idea that they are unsafe. It isn't the issue wether they are unsafe or not, but making them feel that is going to have negative affects on the airline industry and get people jumpier. All in all, its going to make going on a plane that much less pleasant.


"The Bush Administration must immediately act to investigate, apprehend those responsible, shut down the website, and warn airlines and aviation security officials to be on the look-out for fraudsters or terrorists trying to use fake boarding passes in an attempt to cheat their way through security and onto a plane," Markey said in a statement. "There are enough loopholes at the backdoor of our passenger airplanes from not scanning cargo for bombs; we should not tolerate any new loopholes making it easier for terrorists to get into the front door of a plane."


One, shouldn't they already be on the lookout for frausters and terrorist.
Two, this isn't a new loophole. It's been there a while folks.

Well (5, Insightful)

finkployd (12902) | more than 7 years ago | (#16616624)

The emperor generally does not like having his nudity pointed out. Many in government know they are bit players in a pointless security theater, but react violently when told that. I suppose they like to feel that what they do is important and useful (read TSA agents, pretty much the entire DHS, etc). After all, how would you like it if your entire job consisted of going through a dance routine designed to make the clueless public feel as though the government is doing something to keep them safe?

I suppose Congress is a bit different, I have no problem believing most of the genuinely are clueless and believe wholeheartedly that keeping lighters, tweezers, and bottles of water off airlines is critical to our national security. That also seem to really believe that torture and massive surveillance is an effective way to combat terrorism, further displaying a total lack if understanding. The Republicans (at least those loyal to the Whitehouse) are in a unique position where they have to pretend all of this fluff is important, but somehow selling the ports to Middle East companies, looking the other way on illegal aliens, and ignoring Bin Laden to focus on the mess we created in Iraq are perfectly acceptable.

Finkployd

Re:Well (0)

Anonymous Coward | more than 7 years ago | (#16616954)

It should be pointed out that this particular congressman is a Democrat...

Called them up: talked security vs obscurity (5, Insightful)

geekotourist (80163) | more than 7 years ago | (#16616634)

I called up their Washington DC office. The person who answered didn't know about this issue and the call for an arrest. I made three points:


1. Arresting the messenger doesn't help security- it makes people more afraid to point out security holes.
2. Security holes don't shrink by pretending they don't exist
3. Just before elections isn't the best time to make people in Silicon Valley rethink democrats on security. Markey has usually been thoughtful on security- he should rethink his policy of calling for arresting the messenger.

More useless window dressing? (1)

plastic.person (776892) | more than 7 years ago | (#16616642)

Can someone remind me why people without tickets cannot access the terminals?

Re:More useless window dressing? (2, Funny)

eln (21727) | more than 7 years ago | (#16616750)

Because everyone knows terrorists aren't smart enough to buy a ticket before attempting to blow up the airport. Obviously.

Impossible. (4, Funny)

DAldredge (2353) | more than 7 years ago | (#16616652)

This is impossible. EVERYONE knows it is only those with a R after their name that wish to take away our rights and jail those they do not like.

What Does This Have To Do With Anything? (4, Insightful)

hondo77 (324058) | more than 7 years ago | (#16616654)

The 9/11 hijackers all had valid boarding passes. What do fake boarding passes have to do with security?

Political spectrum (2, Insightful)

delirium of disorder (701392) | more than 7 years ago | (#16616662)

Check out Edward Markey's voting record [washingtonpost.com] . He's one of the most liberal members of congress. His call to arrest this innocent security researcher further proves that the Democrats are authoritarians just like the Republicans. Only Greens and Libertarians appear to have any respect for free speech and other civil liberties.

You are most certainly correct (1)

Phantom of the Opera (1867) | more than 7 years ago | (#16616810)

That being said, he's just earned his "oooo, I'm for security" political credit for the day, and preventing a republican from scooping that.

There is something darwinian about US politics. Any politician that speaks their mind too often gets weeded out. The survivors cameoflage themselves in the Coke vs Pepsi plank (or favorite sports team plank). Right now, if you are not 'for security', you are not electable.

Coming to america (1)

Kazrath (822492) | more than 7 years ago | (#16616664)

I've only flown twice in my life. To Italy and back in September/Oct of this year. When I hit Italy it was a cakewalk. Showed the guy my passport he stamped it and I am in the country.

On the way back into the US it took me almost 3 hours and like 3-4 checkpoints later (In Philly) to finally be allowed to go to my next flight. This caused more than half the people in the line to miss their connection which only had 00:30 to 1:30 layovers. I was astounded at how ridiculous the measure we take in the US are. It still came down to the exact same things as when I landed in Italy they just made me walk through the same type of metal detectors.. take of my shoes etc. It seems VERY redundant. Hell, they even made me fill out a paper saying that I spent X money and brought back X goods into the country. Foriegners had to fill out some other additional form while in flight.

So basically what I am getting at is this: When do we draw the line? Is all of this false sense of saftey really worth the inconvience? If they really wanted to make flights safe they are going to need to stick us in airline jumpsuits (Like prisoners wear) and not allow us to carry anything onto the plane. With all of these saftey measures the guards barely even glanced at my passport. The stupid form I filled out the guy just threw it in a big bucket with the other thousand of them to either be tossed out or parsed through at some later time. How is that making me safe?

If I was a terrorist and trying to get into the country it would be very difficult because terrorists don't have access to finances to be able to purchase anything like a fake passport and clothing. And the security guys actually look up every single passport before they stamp it. And those stupid forms are all processed before they let you through. And you know terrorists are stupid they all carry metal objects like guns in their pocket before they go through the metal detectors.

Seriously, When is this crap going to end.

Would it actually work? (1)

Junta (36770) | more than 7 years ago | (#16616734)

It's been a while since I flew, but I did buy electronic tickets last time. When I first got inside the airport door, the first and only place I presented my ticket printouts was to a clerk right near the entrance. They took the printout, scanned it, looked over my ID along with their screens, and then printed out a 'real' ticket that was a bit less ordinary (though still possibly forgeable if you had their cardstock maybe...). The ticket readers at the actual boarding point were picky about the format and form factor of the tickets it would take, so for at least technical reasons this had to be done.

Have they relaxed things to the point where the web printout is enough to get you to the boarding area now? Do a lot of airports now have scanners at the boarding area so they don't need a more special ticket anymore?

If nothing else, if airports had to be/were concerned, I would think the approach would be to have kiosks/clerks to scan printouts and spit out 'authenticated' tickets like they had to do for me.

However, as the site says, even if it works exactly as theorized it would, it doesn't get anyone on to a plane that isn't desired to, or get anyone past checkpoints without being checked for things that aren't wanted on the planes either. The risk begins after takeoff in terms of leveraging an airplane for larger scale destruction. Until a would-be attacker actually gets there or something there in his place, it's really no worse than, for example, a busy shopping mall.

Shooting the Messenger (1)

machineghost (622031) | more than 7 years ago | (#16616744)

So our politicians have been reduced to shooting the messenger to making us feel safer ... do you?

/ob "Your an idiot" (0, Troll)

bugnuts (94678) | more than 7 years ago | (#16616772)

You've always been able to do this. You can change the A/B/C boarding for southwest flights. You can save things to print them out later. You can make your own spoofs, and even make a real barcode if you want. You can remove the "search my luggage" checkerboard pattern, too. You can do a lot of things when you have the html and images.

But what Christopher Soghoian is doing is rubbing the government's nose in it, while they're actually trying to prevent people from being asshats.

Maybe the government is doing it the wrong way. But like any responsible security researcher, you do not release a malicious tool before giving some ability to correct the problem first. You especially don't do it to make a political statement on the tool webpage. And sometimes there's not a good solution.

Christopher Soghoian is an asshat, and not what I'd call any sort of responsible security researcher.

Go back to defacing websites with political messages with the other script kiddies, and blaming microsoft for all the evils in the world.

University counsel? (1)

l2718 (514756) | more than 7 years ago | (#16616774)

From the submitters blog [blogspot.com] :
In all seriousness, Indiana University's legal team have essentially said I'm on my own. Thus, if this issue becomes serious, and the feds knock at my door, any offers of pro-bono legal assistance would be much appreciated.

I assumed the guy is a faculty member, but it turns out he's only a student. In that case it's true he can't rely on the university to give him legal help. Note, however, that even faculty aren't always protected -- during the SDMI Challenge bruhaha, Princeton's University Counsel was agressively defeneding Ed Felten and his team, but researchers in other universities didn't fare that well.

correction (1)

l2718 (514756) | more than 7 years ago | (#16616920)

Mr. Soghoian's website [dubfire.net] confirms that he's a student in information security. Thus it's no longer obvious why the university shouldn't defend him if need be.

here's a new rule (1)

Anonymous Cowpat (788193) | more than 7 years ago | (#16616782)

since law enforcement agencies should be able to figure out if there's a possibility that someone has committed a crime and 'aprehend' them, there's no real need for some pompus, self-important, know-nothing congressman to call for their arrest. To ward off the possibility that the law enforcement agencies might look like congress' lackeys, anyone who's arrest is 'called for' by a congressperson should be placed on a 'do not arrest' list. We do not live in a society where people get arrested because an individual member of the legislature publically calls for it to happen - let's not get ourselves into that situation.

Dubyah Personally? (0)

Anonymous Coward | more than 7 years ago | (#16616788)

"The Bush administration must immediately act to investigate, apprehend those responsible, shut down the website, and warn airlines and aviation security officials to be on the look-out for fraudsters or terrorists trying to use fake boarding passes in an attempt to cheat their way through security and onto a plane"

What, George Bush personally? The FBI can't handle it? What an idiot.

Standard case of security through obscurity (1)

The Master Control P (655590) | more than 7 years ago | (#16616816)

As is common with closed-source software companies, they refuse to listen or reform when told they're unsecure. Once their insecurity is exposed, they are made to look like utter morons in front of their target audience. Rather than behave rationally by acknowledging a problem and working to fix it, they jump to Cover Yer Ass maneuvers:

* Deny the existence of the problem (ABC link, bottom of first page)
* Threaten the person or persons who made them look like incompetent idiots

As long as they believe that making a bluster will prevent them from being fired for thier incompetence, they will make a bluster rather than fix the problem because that's the path of least resistance. If the public or government act to make it known that the price of inaction exceeds the price of fixing the issue, the problem will go away. Consider this scenario:

Government office is created in which agents attempt to smuggle illicit items (knives, primers, explosives) onto planes. If they get past security, all flights from your airport are suspended for N days and you lose all income and federal subsidies in that time. That's all - no "inspections" or "review boards." Just a shitload of lost money and customers who hate your ass. Expect genuine improvements in security on very short order.

Unfortunately, expect the public to howl about the inconvenience because they want security without paying for actual security. Sorry, you can't have your cake and eat it too. [Note on slogan: Spin it as "your part in the war on terror?" The War Against Terror... "Do your part for TWAT?"]

Look at the generator, it's not that complicated (1)

CTho9305 (264265) | more than 7 years ago | (#16616846)

If you actually look at the boarding pass generator, what it does really isn't complicated - you could do the same thing with one legitimate boarding pass, a typewriter, and a photocopier. That this is worthy of calling for someone's arrest is disturbing.

Re:Look at the generator, it's not that complicate (1)

wes33 (698200) | more than 7 years ago | (#16616890)

in America, one should always be ready to be arrested, and held without charge, possibly tortured and/or sent to a secret prison in a foreign country. This is what Americans call "Freedom"

Airplane! (0)

Anonymous Coward | more than 7 years ago | (#16616862)

Recall the scene where a (presumed) terrorist walked through metal detector with machine gun and RPG with zero intervention from security, but an old grand mother gets nailed to the wall for setting off the metal detector. Sure was funny back then. Doesn't look for funny now.

Prediction (2, Insightful)

FirstTimeCaller (521493) | more than 7 years ago | (#16616864)

And what do you think the TSA's response to this will be? My money is that they decide to no longer allow people to print their own boarding passes. It will be paper ticket or nothing (and yes I'm aware that these can be forged too). So no more checkins at the gate -- stand in line along with those that have baggage to check. Just great.

Well if all else fails... (2, Funny)

aapold (753705) | more than 7 years ago | (#16616888)

Maybe you could use it to flee the country...

Looks like S.O.S.(Same Old S--t) (1)

hardburlyboogerman (161244) | more than 7 years ago | (#16616900)

The author is right in pointing out that security around an airport is a joke and is secure in name only.The Congressman should be arrested for gross stupidity and supporting the statis quo(Along with every politician in the Washington DC area)
The thinking brain is a fast dissapearing trait in professional politicians.
Do like I try to do.Re-elect no one.Throw the bastards out.

The best part was... (1)

budgenator (254554) | more than 7 years ago | (#16616950)

The best part was when the little boy cried out "But the Emperor has nothing at all on!" OOPS [taletown.com] sorry I read the wrong article! I was wondering where that Malarkey [wiktionary.org] guy went too.

I think this cartoon hits the nail on the head (1)

jlmcgraw (140716) | more than 7 years ago | (#16616968)

My father forwarded this on to me and I think it's a perfect appraisal of the situation. The goal isn't necessarily to kill anyone but rather just to keep everyone riled up and unable to focus on what's important.

http://www.wondermark.com/d/220.html [wondermark.com]
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>