FBI shuts down fake boarding pass site

• Tags:
• Security,
• FBI

Joris Evers CNET News

Published: 31 Oct 2006 11:47 GMT

• 
• 
• 
• 
• 

A website that let anyone with an internet connection and a printer create fake airline boarding passes has been shut down after US federal agents visited the creator.

FBI agents raided Christopher Soghoian's home over the weekend, seizing computers and other equipment, Soghoian wrote on his blog. They first visited him Friday afternoon with a request to take the site down, but when he got online, he found that the site had already been removed, he wrote.

Soghoian, reached via email on Monday, declined to comment for this story, citing advice from his lawyers to lie low.

Wendy Osborne, a spokeswoman for the FBI's Indianapolis office, confirmed that agents had searched Soghoian's home as part of a joint investigation with the Transportation Security Administration. "We will conduct a thorough and complete investigation," Osborne said. "We are certainly concerned with any potential breach in security, particularly at the airports."

Soghoian, a computer security student at Indiana University Bloomington, built the website to underscore an airport security weakness, he wrote. The site was spotlighted late last week after Wired News and ABC News reported on it. US Representative Edward Markey, a Massachusetts Democrat, called for Soghoian's arrest, but then backed off on Sunday.

The FBI will present the findings of its investigation to the US Attorney's Office for the Southern District of Indiana, which will determine whether Soghoian violated any federal laws, she said. At this point, the student has not been charged and he has not been arrested, Osborne said.

Soghoian's "Northwest Airlines Boarding Pass Generator" let people create boarding passes that look virtually identical to the ones printed from the Northwest Airlines website. They could be used to get past airport security, but not to get on an airplane, because the airline would have no record of the reservation, Soghoian said.

"I have not flown, or even attempted to enter the airport with one of these fake boarding passes," Soghoian wrote Friday. "I haven't even printed one out. All I have done is create PHP script, which highlights a security hole made public by others before me."

The website went online last Wednesday and immediately attracted attention. Bruce Schneier, a noted security expert, linked to it from his blog on Thursday. Schneier highlighted the same issue with the print-at-home boarding passes on his mailing list more than three years ago. US Senator Charles Schumer, a New York Democrat, warned of the same security issue last year and again in April this year.

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular
• Most Discussed