On CHOW: How to brine your holiday turkey
BNET Business Network:
BNET
TechRepublic
ZDNet

October 29th, 2006

Researcher raided by FBI for blowing whistle on Airport security

Posted by George Ou @ 1:44 pm

Categories: Security

Tags:

The home of a PhD student and security researcher Christopher Soghoian from the School of Informatics at Indiana University Bloomington was raided by the FBI early Saturday morning.  Soghoian had created a fake boarding pass generator to demonstrate flaws in the Government's implementation of a no-fly list and posted the generator on his webpage stating that "The TSA Emperor has no clothes".  The FBI visited Soghoian on Friday and told him to take the site down and Soghoian complied.  That following morning shortly after midnight, his home was raided by the FBI and his computers along with other important items were gone.

Earlier in the week, US Congressman Ed Markey (D-Mass) called for Soghoian to be arrested and his website shutdown.  After being blasted by bloggers around the web, Congressman Markey rescinded his call early Sunday morning.

Michael Hampton of "Homeland Stupidity" wrote:
"It’s also not like this particular security problem requires any particular technical skill.  Anybody who can operate Microsoft Word could exploit this airport security problem.  And only the most basic knowledge of Web programming would be necessary to re-create this particular code.  Sites hosting mirrors of the boarding pass generator are already starting to appear on the Internet, as I predicted Friday.

So what we have is the FBI going after security researchers who are actually helping make us more secure.  Apparently it’s perfectly fine to have bad airport security.  After all, as long as nobody actually points out how bad the security is, then the security must be good!  This is really how these people think.

[UPDATE 10/30/2006 9:30 PM]
Joris Evers has more on this story and writes:

Bruce Schneier, a noted security expert, linked to it from his blog on Thursday. Schneier highlighted the same issue with the print-at-home boarding passes on his mailing list more than three years ago. U.S. Sen. Charles Schumer, a New York Democrat, warned of the same security issue last year and again in April this year.

It appears that nothing has been done in more than three years about this poor authentication issue and it took a website with a do-it-yourself PHP script and an FBI raid to garner national attention.

George Ou is Technical Director of ZDNet. See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 76 Talkback(s)
Airport security
You forgot to mention that the "war on terror", like the "war on drugs" - has spawned whole industries and is making some people very rich.
Neither war is designed to be won, after all that would kill the golden calf.... (Read the rest)
Posted by: antinym Posted on: 11/02/06 You are currently: a Guest | | Terms of Use
Yep just like  Richard Flude | 10/29/06
That really takes the cake  georgeou | 10/29/06
And do you not know better...  bportlock | 10/29/06
Clearly not  Richard Flude | 10/29/06
Actually, they are very much the same...  nucrash | 10/30/06
Not sure I can agree  tic swayback | 10/30/06
Re: That really takes the cake  none none | 10/30/06
FBI has a lot of explaining to do  dmhunter@... | 10/30/06
Sorry, George  jragosta | 10/30/06
I call Bull  nucrash | 10/30/06
I think..  jragosta | 10/30/06
What was posted...  nucrash | 10/30/06
It's still wrong  jragosta | 10/30/06
Airport security  bladehawke@... | 10/30/06
Airport security  antinym | 11/02/06
Ya, you fly alright. High on something thats for sure.  Cayble | 10/30/06
No wonder you and George get along  jragosta | 10/31/06
Evidently the FBI believes a crime ...  ShadeTree | 10/30/06
Should airlines all be arrested? Or dreamweaver?  tic swayback | 10/30/06
Let's put it this way  jragosta | 10/30/06
Sorry, that didn't work  tic swayback | 10/31/06
Whether you buy it or not, getting the gov't to act IS a legitamate reason  ajole | 10/31/06
There are already tools for forging money, it's called a color printer happy  georgeou | 10/30/06
And.. they cant print money.  Techanalyst | 10/31/06
It's not the first time it has happened...  bportlock | 10/29/06
Please stop the degenerate worship  georgeou | 10/29/06
McKinnon isn't bright enough...  bportlock | 10/29/06
Why compare him to a legitimate researcher?  georgeou | 10/29/06
I didn't compare McKinnon ....  bportlock | 10/30/06
Why did you bring him in to this discussion then?  georgeou | 10/30/06
I brought him in as an example...  bportlock | 10/30/06
Get your facts straight  moonchacha | 10/29/06
Get your own facts straight!  bportlock | 10/30/06
FBI  xstep | 10/29/06
I should be fairly safe then....  bportlock | 10/29/06
Over the atlantic.  Techanalyst | 10/31/06
So, is the FBI gonna raid...  UserLand | 10/29/06
Maybe.  Techanalyst | 10/31/06
What should the FBI have done then?  JetJaguar | 10/30/06
You found it, you fix it.  rschror | 10/30/06
Sometimes a big gesture is necessary  tic swayback | 10/30/06
So....  jragosta | 10/31/06
Not what he did  tic swayback | 10/31/06
Checking boarding passes  Erik Engbrecht | 10/30/06
Sounds like a solution for Drivers Licenses as well  nucrash | 10/30/06
Too late  ImUpAbvIt | 10/30/06
Limiting entry  jragosta | 10/30/06
Method not substance  frgough | 10/30/06
Been there, done that  tic swayback | 10/30/06
Am I the only one who thinks that...  dscates@... | 10/30/06
It's called a physics book  georgeou | 10/30/06
Really?  jragosta | 10/31/06
Incorrect  bladehawke@... | 10/31/06
It doesn't take a physics book.....  Xwindowsjunkie | 10/31/06
I have the solution  tic swayback | 10/31/06
Security through obscurity does not work  tic swayback | 10/31/06
I hope so.  Dr. John | 11/01/06
More Liberal Hypocrisy!  msspurlock | 10/30/06
The Strawman Chronicles - Part 9,312,332  nottheusual1 | 10/31/06
Actually...  Punchey | 11/01/06
FBI/Homeland Security a F**king Joke...  usc1801 | 10/30/06
There's a difference  jragosta | 10/31/06
Not in this case....  nottheusual1 | 10/31/06
Breaking into a secure area, at an AIRPORT?  Xwindowsjunkie | 10/31/06
Homeland Security vs FBI.  Techanalyst | 10/31/06
Then why do we have to show ID?  tic swayback | 10/31/06
Action vs Abuse.  Techanalyst | 10/31/06
Exactly  jragosta | 10/31/06
Name one  tic swayback | 10/31/06
I think you are missing the point  Xwindowsjunkie | 10/31/06
People keep missing the point  rdhalsteatzd | 11/01/06
a trusted worker making a hack public is a violation of that trust and  wessonjoe | 10/31/06
So, by your reasoning...  bladehawke@... | 10/31/06
The fact that an "exploit" is known by the FBI  JetJaguar | 10/31/06
above post was supposed to be in reply to  JetJaguar | 10/31/06
Fair enough  tic swayback | 10/31/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Click Here
advertisement

Recent Entries

Top Rated

    advertisement

    Archives

    ZDNet Blogs

    White Papers, Webcasts, and Downloads

    SmartPlanet

    • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
    • More from IBM
    • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
    • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
    Click Here