Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Government Politics Your Rights Online

Charges Dropped In Fake Boarding Pass Case 135

An anonymous reader writes, "Investigators have dropped the criminal case against Christopher Soghoian after satisfying themselves that he acted without criminal intent. The grad student had created a web site capable of printing fake airline boarding passes. Soghoian is quoted: 'If they fix the airport security problems... then this entire process has been worth it. If they don't fix airport security, then... what was the purpose?'" Soghoian's blog has insightful comments about the divide between security researchers and government officials on subjects such as TOR.
This discussion has been archived. No new comments can be posted.

Charges Dropped In Fake Boarding Pass Case

Comments Filter:
  • More detail (Score:4, Funny)

    by krell ( 896769 ) on Thursday November 30, 2006 @09:03AM (#17048254) Journal
    Unfortunately, the investigators who dropped the charges were unable to be reached as they were enjoying their cushy first-class-flight South Pacific vacations.
  • Eh? (Score:4, Funny)

    by voice_of_all_reason ( 926702 ) on Thursday November 30, 2006 @09:09AM (#17048326)
    his life got turned upside down

    Yes, but was it "flipped" as well?

    Perhaps, while we sit here, he would like to take a minute and tell us.
  • by 4solarisinfo ( 941037 ) on Thursday November 30, 2006 @09:11AM (#17048374)
    If you can't print a fake boarding pass, you can always scribble something illegible on an old ticket with a magic marker. Ever had that happen? "Sorry your flight is delayed, we're transfering you to another airline, just show them this.." and you're thinking, wonder if this scribble will get me to Hawaii?
    • Re: (Score:3, Interesting)

      by Anonymous Coward

      True. I took a flight recently (from the middle east to the UK), and they screwed up and put the wrong name on the ticket. The travel agent insisted everything would be fine at the airport, but I wasn't so sure. Upon reaching the airport, I checked with the help desk. You know what they did? They took my ticket, grabbed a pen, crossed out the wrong name and wrote in the right one. Nobody batted an eyelid when I checked in or boarded.

      • by AGMW ( 594303 )
        Nobody batted an eyelid when I checked in or boarded.

        I'm laughing about this, but I'm crying inside! If enough "terrorists" just tried to scam their way onto flights _some_ of them would make it regardless of what Security Theatre measures were in place, which just makes the whole exercise a waste of time and money!

        ... and why have we been saddled with all these illusions of security? Because we (the public) think the Government ought to "do something about it", and the Gov, with one eye on getting re-e

  • Golly. (Score:4, Funny)

    by Black Parrot ( 19622 ) on Thursday November 30, 2006 @09:11AM (#17048380)
    Don't the morons running this place realize that it isn't safe to forego shooting the messenger?
  • Strange laws? (Score:4, Interesting)

    by jopet ( 538074 ) on Thursday November 30, 2006 @09:20AM (#17048506) Journal
    Can somebody explain US laws to me here? Is it or is it not legal to put up a website that helps to print fake boarding passes? If it is not legal, why was the case dropped? If it is legal, would it be ok to put the website online again?

    I have a hard time to imagine what law could be violated by this unless somebody tried to actually use such a fake boarding pass to get on a plane or into a restricted area.

    I could imagine that the mere act of printing a fake boarding pass *could* (depending on how it is done) violate the copyrights of the company. Anything else?
    • Re: (Score:3, Funny)

      by Vengeance ( 46019 )
      I hate to tell you this, but our legislators couldn't explain US laws to you.

      Hell, many of 'em freely admit to not reading the legislation they vote upon. Asking 'em to actually understand it is obviously going way too far.
    • Re: (Score:3, Informative)

      by will_die ( 586523 )
      First off the title is really off, he was never charged so thier are no charges to be dropped. What happened is that they got a criminal complaint from a congressman against this guy, they filed paper and started investigating; also the airline company complained about it. With a congressman breathing down thier necks they decided to confiscate his equipment from the site. The decision today is that they would no be going forward with the procecution by filing charges.
      There is currently now federal law
      • by damsa ( 840364 )
        Putting symbols on the ticket is not a copyright offense, it is a trademark offense. If he was charged, he would probably be charged with counterfeiting airline tickets. People should be glad that there is a law like that, otherwise people can sell counterfeit concert tickets etc... without any criminal consequences. Of course in this case, the charges were rightfully dropped.
        • Except these wouldn't be plane tickets. They won't get you on a plane. In that sense, they are about as much "plane tickets" as me scrawling "free trip to hawaii" on a sheet of paper.
          • by damsa ( 840364 )
            Boarding passes, not plane tickets. I stand corrected. However, boarding passes is what gets you on the plane, not plane tickets. Nobody at the airport will ask for your ticket because a quite a few people do not carry one. People use e-tickets and print out a boarding pass at home or at the airport.
            • But there's no way you could sell a "counterfeit boarding pass", as the person BUYING it would already know something is wrong. You can't buy a boarding pass, as the ticket has to be in your name to begin with. So I would actually kind of doubt there is even a law regarding them since the buyer would already know there's a problem. Doesn't seem parallel to counterfeit concert tickets at all, because there is no way the buyer wouldn't know they are counterfeit.
              • by damsa ( 840364 )
                How would a buyer know that a boarding pass is not legit if it looks exactly like a regular boarding pass? I am such and such internet discount travel agency. Here is your boarding pass and here is your e-ticket and confirmation number. No check in required. Just present boarding pass at the gate. When you buy a ticket online, all you get is a confirmation number and then print your boarding pass before your flight. Unless you call and get confirmation, you wouldn't know whether your pass was good or not.
                • First off, you would know because no one else ever gives you boarding passes. Travel agents give you tickets and you print off your OWN boarding passes. Your travel agent does not. If you buy an eticket through a travel agent, you still have to print off your own boarding pass. Having someone give you boarding passes would be as normal as buying a movie ticket and being given a torn stub.

                  Secondly, without some actual citation of law, I still believe this would fall under general fraud laws, not some spe
                  • by damsa ( 840364 )
                    Some people don't know you are supposed to print your own boarding passes, I would venture that number of people to be a sizable amount. Here is is the relevant statutes pertaining to counterfeiting. http://www.usdoj.gov/usao/eousa/foia_reading_room / usam/title9/68mcrm.htm/ [usdoj.gov] My point to the OP was that use of the logos and such on the boarding pass would constitute trademark infringement and may be in fact criminal counterfeiting.
                    • Kudos to you for finding this information, but I still do not think it is applicable to this case or the ones you brought up. Reading all the various parts of the law, it seems the law is intended to apply to real goods and services. In other words, selling a fake Mickey Mouse doll or an unauthorized Brittney Spears Makeover. It does not appear to be directed towards fraud, where no goods or services are actually delivered. This is what I'm talking about when I think selling fake boarding passes would b
                    • by damsa ( 840364 )
                      I don't think it's applicable to this case either, I was just correcting the original poster that if there was a prosecution based on intellectual property it would be based on trademark law, not copyright law and trademark law is created to protect consumers.
                    • Well, hopefully you can understand my confusion in that you said "People should be glad that there is a law like that, otherwise people can sell counterfeit concert tickets etc... without any criminal consequences", while it would appear that said law wouldn't apply to counterfeit boarding passes or counterfeit concert tickets, and pre-existing law that had nothing to do with copyright or trademarks would come into play to bring in the criminal consequences. So just take this as a correction to your correc
      • You just made all of that up, because its totally wrong.
    • You obviously haven't been to the US lately - laws are apparently now irrelevant, and we live in boarderline if not actual police state.
  • Yeah but... (Score:1, Insightful)

    by Anonymous Coward

    I bet he doesn't have all his computer equipment back that was confiscated from him during the investigation. Who needs a guilty verdict to punish him? Due process is dead.

    • Re: (Score:3, Interesting)

      by borroff ( 267566 )
      I bet he has a number of speaking engagements and (maybe) a book deal. Knowing this was a possible outcome (and he certainly seems astute enough to know that might be the case), he seems to have done quite well. He could have done worse as a grad student writing a thesis.
    • Re:Yeah but... (Score:4, Informative)

      by fotbr ( 855184 ) on Thursday November 30, 2006 @11:03AM (#17050010) Journal
      He says he's got his computer back, and will be getting the rest of his stuff back very soon.

      But this is slashdot, where reading isn't a prerequisite to posting.
    • Comment removed based on user account deletion
  • by BadAnalogyGuy ( 945258 ) <BadAnalogyGuy@gmail.com> on Thursday November 30, 2006 @09:21AM (#17048514)
    I don't have a problem with ID checks, though the USCOA does. When I fly internationally, I am subject to ID checks at almost every port of call. That's just the way things are when you enter and leave countries. However within the U.S. there is no requirement that you submit to an ID check. It is your right to refuse this check. So anyone can claim to be anyone and get past the TSA checkpoint with nothing but a boarding pass. The No-Fly list is made useless by this simple loophole.

    So what then? Change the Constitution so that we lose the right to security in our papers? I dunno.

    But what I do know is that a not-really determined terrorist can plant a bomb anywhere outside the TSA security perimeter with impunity. In fact, a bomb can be placed anywhere in any city at any time and cause the type of destruction that generates terror.

    Is the solution to negotiate with the terrorists? I dunno.

    I don't like to give these crackpots any more legitimacy than they deserve, but if we are truly afraid of them wouldn't it help to find out what they want and then find a way to come to a mutual agreement?

    If we're not afraid of them, then stop all this nonsense about making our country safer by strip searching grandma. The initial price of freedom is blood, but the recurring cost of freedom is risk. You can't have freedom without risk. You can reduce risk by reducing freedom and that's what the current tack is, but it's a mistake to assume that we have all agreed to this level of reduced freedom because a few fraidycats are unwilling to live in a risk-filled world.
    • Re: (Score:2, Insightful)

      by killercoder ( 874746 )
      Lets start counting up the ID checks from my last visit to the US: 1) Checkin counter, including where I'm staying info, with passport check. 2) Customs Counter in Canada, with passport check, included info on where I'm staying. US Customs in less than 20 feet from the checkin counter. 3) Security Desk, with passport and boarding card check, 20 feet further. 4) Passport check to get on the plane The return trip: 1) Checkin counter, with passport check 2) TSA Security checkpoint, with passport check (10 fe
      • Re: (Score:2, Insightful)

        by goosman ( 145634 ) *
        How many terrorists have been caught in the last 6 years by TSA personnel?

        That's classified of course! (mostly so they don't have to tell you that it's zero!)
      • by JimBobJoe ( 2758 )
        How many terrorists have been caught in the last 6 years by TSA personnel?

        None. In fact, I don't believe there has been a single instance of a terrorist or a hijacker caught by airport security worldwide. We've got nearly 40 years of airline security history too.

        Since the experience is if a terrorist or hijacker get to the airport they will get on the plane, then the lesson should be more resources need to be spent preventing them from getting to the airport in the first place. Once they get to the airport,
    • by Hatta ( 162192 )
      However within the U.S. there is no requirement that you submit to an ID check. It is your right to refuse this check.

      Good luck with that one! Seriously, have you tried it?
    • I really liked your post. I thought it was absolutely spot on until I got to this:
      "I don't like to give these crackpots any more legitimacy than they deserve, but if we are truly afraid of them wouldn't it help to find out what they want and then find a way to come to a mutual agreement?"

      What if what they want is a Global Islamic State, ruled by the Koran and anyone resisting put to the sword?

      I'm all for pragmatic compromise, but at a certain point it's time to simply kill the psychos.*

      * yes, I'm FULLY awa
    • I don't like to give these crackpots any more legitimacy than they deserve, but if we are truly afraid of them wouldn't it help to find out what they want and then find a way to come to a mutual agreement?
      They want you dead. Its truly as simple as that. They want all "infidels" wiped from the face of the planet. There is no way to come to a mutual agreement, so long as there is no way to half-kill you.
  • The actions by any organization larger than, uhm, 200 people, are controlled by written procedures and norms, which are software. You'd, probably, learn this much in a management course (not that I tried).

    The bigger the organization, the more likely you are to deal with someone who is merely executing the instructions — unable of, and unthinking about changing them. An organization like government, or a huge department like Homeland Security is all about it. A few "software engineers" and "analysts" high above devise the algorithms, some more "coding monkeys" codify it, and then it gets to run "in production".

    We are the users. And we get worked-up about the bugs. In this case, the bug is a security one, where a presented certificate is accepted without checking with the issuer.

    Somebody thought, that it would be good to limit the crowds next to the gates to people with boarding passes. Checking, that the pass is valid (as airlines do at the actual gates), either did not occur to the coder at all or was deemed too expensive...

    The new release will, hopefully, have a fix. If not, than, certainly, the next one. Nothing, you've never heard before.

    • by jefu ( 53450 )

      It has been my experience that bureaucracies don't generally want to believe that their policies and procedures are, indeed, essentially software and could therefore be considered as such, with provisions for analysis and with their design including provisions for exceptional cases. It is tough to debug such things once they get deployed - in part because there are usually few ways to report "bugs" and often nobody to read such bug reports if they were generated. In the ideal, the policies would specif

      • by mi ( 197448 )
        there are usually few ways to report "bugs" and often nobody to read such bug reports if they were generated.

        Bug-reporting is easy — you write to the bureaucracy's head (they'll never read it, but their staff might).

        As for reacting to a bug-report, well, that sucks with most software... Something small with a single maintainer may get fixed quickly, but large projects (like KDE or Mozilla) have bug-reports lingering for years (I filed quite a few).

    • Comment removed based on user account deletion
  • It was made perfectly clear during the meeting that parts of the US government, at least the two represented at the meeting, strongly disapprove of Tor - and in particular, thought that research universities such as IU, MIT, Georgia Tech, Harvard and others have no business supporting such projects.

    Basically, what we are talking about here is the "parts of the U.S. government" working to turn the country into a police state.

  • by Ancient_Hacker ( 751168 ) on Thursday November 30, 2006 @09:46AM (#17048858)
    I was innocently looking for some bar-code scanners ( I was hoping to label my books with bar codes ), and bid on a batch of 9 of them on eBay.

    Got them for under $1 each.

    To my dismay, they can't read standard bar codes.

    To my amusement, and dismay, I figured out WHY they wouldnt read standard bar codes.

    Some airline sold them to a liquidator. With their custom code in the flash memory to scan their baggage and boarding pass tags.

    It wasnt too hard to learn all this. Every scanner had several stickers on it with diagonal red stripes and phrases like

    "/// SECURITY DEVICE #xxxxxxxx/// "

    "/// USER MUST HAVE SIGNED CONFIDENTIALITY AGREEMENT A8R55-2/// "

    "/// FIRING OFFENSE TO REMOVE FROM RED ZONE (UNION HBK, PG 37)/// "

    "/// DEADULUS & EARHART AIRLINE CUSTOM FIRMWARE VERSION 1.22"/// .

    I wonder what their thought processes where?, something like:

    • These old hand scanners are getting dirty, let's throw them away.... Wait, there's probably a few cents of value left in them, lets sell them to that liquidatior, you know, the one that pays us $20 per pallet of old stuff.
    • Never mind these will help somebody impersonate a baggage loader or gate agent.
    • Never mind someone can use them to validate that their tag-faking software is printing out valid tags.
    • just, never mind.
    • by krell ( 896769 ) on Thursday November 30, 2006 @10:10AM (#17049226) Journal
      ""/// DEADULUS & EARHART AIRLINE CUSTOM FIRMWARE VERSION 1.22"/// . "

      Those are antiques! You might just try to re-sell them on eBay. Daedalus Airlines, in particular, had their assets sold of decades ago when the last wax-attached bird features fell off the last airliner. Both airlines declared bankruptcy, and eventually merged with the old Glenn Miller Airlines to form the Oceanic Air we know and love today. You know, the one with the slogan "Getting halfway there is all the fun". They're also the first airline to consider electrified wings in order to keep the gremlins off.
    • by throx ( 42621 )
      No security should be dependent on the technology implementing it not being distributed. A truly secure system should assume that someone wanting to penetrate it can amass every piece of technology used and STILL not allow someone through. Making your security depend on the bad guys not getting equipment XYZ is just obfuscation, not security at all.

      In the case of boarding passes it's simple - you check each one against the central database of valid passes for that flight. If you get two passes for the sa
      • Fear: When you see B8 00 4C CD 21 and know what it means

        There is nothing to fear. It is just a small fragment of MS-DOS assembly code. "B8 00 4C" is "mov ax, 4c00h", and "CD 21" is "int 21h". It is a MS-DOS system call that exits your program (system call number 4c) with a status 00 (the lower byte of ax). Now everyone knows...

        I haven't used Windows for a long time, but I wonder if it still comes with an MS-DOS debugger?

  • CIA and TOR (Score:3, Informative)

    by terraformer ( 617565 ) <tpb@pervici.com> on Thursday November 30, 2006 @10:10AM (#17049238) Journal
    Didn't the CIA take an interest in TOR at one point? Kinda hypocritical that the guberment is against it now.
  • by refriedchicken ( 961967 ) on Thursday November 30, 2006 @10:12AM (#17049276)
    "Soghoian said fake boarding passes wouldn't be an issue if identification was required and checked to travel. The student said he has been able to get on four flights without showing ID."

    I fly across country every other week and have well over 100,000 miles under my belt this year a lone and I have never once gotten through security without my ID. Wrong boarding pass, yes, but it still had my name and matched my ID. And since we have no National ID how does one make sure the the people paid $8 an hour know how to check every state and military ID and look for fakes?
    • by christo ( 329 )
      Have you tried to?

      It's really simple. When you checkin with the airlines, tell them you forgot your ID, and they'll print you up a special boarding pass that has the letters "SSSS" marked on it - which means that you'll get searched a bit more carefully (i.e. they'll swab stuff in your carry-on bag to check for bombs).

      If your main goal is to bypass the no-fly list, and not to sneak something onto the plane, then this should be more than enough for you.

      Plus, in some airports, they rush SSSS passengers to the
      • I have been through the SSSS line several times and everytime they have requested my ID. I have some seen some outrageous things when it comes to the security in airports but no ID is not one of them (and I would say it is the least of my concerns).
        • Right, they requested it. But did you ever say you didn't have it? That's the whole point. You are not REQUIRED to show ID. They just put you through extra screening and let you go on. You probably get on a secret list, too...
  • DHS Tax! (Score:2, Funny)

    by bdonalds ( 989355 )
    Printing devices are just machines used for printing fake boarding passes, and they all know it. So it's time to get paid for it! -Department of Homeland Security
  • by Russ Nelson ( 33911 ) <slashdot@russnelson.com> on Thursday November 30, 2006 @10:25AM (#17049478) Homepage
    Trust is what makes a modern society function. To destroy a modern society, you destroy trust. In many ways, that has been the aim of the terrorists attacking the US. We trust boarding passes. Pointing out that they are not trustworthy is simply beyond the point. Trust is an ephemeral thing, and yet it is an essential thing. Printing out fake boarding passes to show that they are not trustworthy doesn't help to increase security; in fact ..... the terrorists win when you stop trusting people.
    • That's bullshit. Trust is something terrorists LIKE. It was trust that allowed the 9/11 hijackers to do what they did. You say that printing fake boarding passes doesn't increase security. That's not the point. The point is that it makes it crystal clear that we don't HAVE security the way things are set up. And it makes it clear that some of the "security" measures in place do only one thing - inconvenience non-terrorists (you know, the 99.99999% of the traveling public). We either need a security s
  • Comment removed (Score:4, Informative)

    by account_deleted ( 4530225 ) on Thursday November 30, 2006 @10:29AM (#17049526)
    Comment removed based on user account deletion
  • Mind Reading (Score:2, Interesting)

    by Doc Ruby ( 173196 )
    So if I ignore the security trying to stop me from boarding the plane with my large toothpaste tube, intending only to brush my teeth after dining on their airplane food, then I shouldn't be arrested? The criminal charges apply only to people boarding with criminal intent for their toothpaste?

    Look, the charges against this guy are bogus. The criminals are the people in the TSA who treat us like dirt on a cop's beat, while leaving these gaping security holes for actual attackers to exploit. Who try to cover
    • Moderation 0
          50% Interesting
          50% Troll

      Sleazy trollMods never brush their teeth, anyway. Why should they even read the posts, let alone reply when they disagree?
  • Here is a story about company that creates the paperwork for your alibi [detnews.com]. The story covers an alibi to hide an affair.

    They mention fake airline itineraries, not boarding passes, but would a fake, used boarding stub also get you in trouble?

    OT: having an affair is sleazy, but not illegal. If that alibi company is used to cover a crime, do they have any liability?

  • Chalk one up for the citizens!
  • Soghoian's blog has insightful comments about the divide between security researchers and government officials on subjects such as TOR.


    There has long been a sharp division of opinion on the merits and failings of TOR [imdb.com]... So Soghoian's observations aren't anything new...
  • Keep in mind, the photo ID requirement is not a security measure. It's a measure to keep you from selling your non-refundable tickets. From Schneier [schneier.com]:

    Unlike every other airplane security measure -- including reinforcing cockpit doors, which could have prevented 9/11 -- the airlines didn't resist this one, because it solved a business problem: the resale of non-refundable tickets. Before the photo ID requirement, these tickets were regularly advertised in classified pages: "Round trip, New York to Los Ange

  • I wonder what the differences would be in this story had this guy been "Muhammed al-Maqmood" instead of Christopher Soghoian?

    Probably get the usual terrorist plot stuff I suppose.

    Just like that video where a white guy goes on a bridge by himself and starts snapping pictures. Nothing happens, so he leaves and comes back dressed as a sheik, complete with long white robe and head covering. He then proceeds to do the exact same things he did prior without the costume. Within 2 mins he is accosted by security

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell

Working...