Google Security Intern Raided by FBI for Fake Boarding Pass Site

20 comments

BoingBoing reports that a grad student in Informatics who is also apparently an intern in Google's Application Security Group was questioned by the FBI and forced to take down the portion of his site which generated fake boarding passes to highlight security flaws.

They later returned to seize his computers and other items.

From Chris's blog:

I didn't sleep at home last night. It's fair to say I was rather shaken up.

I came back today, to find the glass on the front door smashed.

Inside, is a rather ransacked home, a search warrant taped to my kitchen table, a total absence of computers - and various other important things. I have no idea what time they actually performed the search, but the warrant was approved at 2AM. I'm sincerely glad I wasn't in bed when they raided the house. That would have been even more scary.

I'm trying to maintain a semi-normal life. I have grad-student work to do - and a conference deadline of Nov 20th for a paper I'm working on.

Christopher Soghoian's webpage, his resume

The really surprising thing is that he seems slightly surprised to be targeted by the FBI now. I think he meant well, though it doesn't sound like he was trying to become a conscientious objector in the process.

He apparently has set up a PayPal account for his defense fund, though I couldn't find the link.

Comments

boingboing

boingboing doing a pretty good job of keeping up with this. congressman is already playing CYA.

gawker's picked up on it, too.

Paypal

No paypal from me. I don't support hackers. Sorry, did I say hacker? I meant 'people who highlight security risks'. How magnanimous of him to do so publicly.

hmm

hmm

Posting tools to defeat security and then crying foul when they take his toys away?

stupid is as stupid does.

Of course his warped sense of entitlement should get him a few brownie points at the plex.

Did this guy even try to

Did this guy even try to report the security flaw by normal channels? Did he write to the TSA and explain the flaw? Did he write his Congressman? Seems to me there is a big difference between grandstanding and being a responsible citizen. Even if you think the TSA, US airport security screenings and the Department of Hopeless Security are a giant cluster f*ck of incompetence, you still don't go publishing a software program to help circumvent security to the web.

Sorry this guy does not deserve Paypal he deserves a Darwin Award.

I call bullshit on the entire story

it's a bit too much of a coincidence to me that the scans of search warrants (on blogger , on imageshack, my mirror) are the exact same thing you can get by using the fake warrant generator (example PDF)

Irresponsible?

>>forced to take down the portion of his site which generated fake boarding passes to highlight security flaws.

>>Inside, is a rather ransacked home, a search warrant taped to my kitchen table, a total absence of computers

What the Hell did he expect would happen? Never heard of 9/11?

PayPal????? - Cant imagine many people here will send a bean.

if that guy had reported the

if that guy had reported the thing no one would have paid any attention to it..its just that the flaw came out in open before everyone so they took such an action..
and they shd also look to remove the flaw from their systems.

FBI confirmed

I call bullshit

Yeah, those scans and the fake warrants appear to make this stink, but apparently, the Fibbies confirmed it:

Wendy Osborne, a spokeswoman for the FBI's Indianapolis office, said agents searched the apartment of Christopher Soghoian, a 24-year-old doctoral student, in Bloomington on Saturday.

I want to scream "wake up"

I want to scream "wake up" at some of you. People like this are like vaccines... litle bits of impotent virus that are good for you, because they prompt your immune system to beef up and get ready for the real threats.

This "flaw" has been in place and publicly discussed ad nauseum for years, and your diligent public servants have instead spent your tax dollars blasting you with propaganda and "manipulative impressions" (like no liquids... except some...or not... in small quantities...in 1 quart clear Zip-LOC™ bags) instead of doing the right thing and fixing the problem.

Back off with your righteous party-line accusations. Just by shutting up you will help this problem get the attention it deserves, instead of deligitimizing it by calling the guy a hacker and pushing the public's attention to the criminal and his punishment instead of the real crime (leaving a gaping security hole in place for years, that any moron could exploit).

I'm well awake

You're missing the point. Nobody's denied that maybe he did what needed to be done. The problem is whining when you get caught.

If you can't do the time.....

Not missing the point, but

Not missing the point, but thanks for the clarification.

He interned with Avi Rubin. There is a fine line to walk between getting in trouble and getting your own lab at Bell Labs, or your own Center at Johns Hopkins.

We as a society create a large part of our ills. Here we go working the recipe again.

I ran that through Babbelfish

Quote:
We as a society create a large part of our ills. Here we go working the recipe again.

I ran that through babbelfish to translate that from liberalese to English and what it said was 'I don't want to take responsibility for my actions'.

Nobody made him do it. Not me, not society'. Suck it up. It's free will in action, not an excuse to blame 'society'.

>and what it said was

'I don't want to take responsibility for my actions'.

LMAO!

Even still... I have to say both sides have points here. This guy was stupid to think he wouldn't get in trouble, but we are legislating ourselves to the point where we have soft systems.

if he is arrested

how about the wankers who allowed the loophole to go one for years? (known loophole)

reckless endangernment?? negligence? criminal incompetence?

Facts

Andy please don't cloud up an emotionally irrational issue with facts, don't you know it's opinion and speculation that people want, it's much more entertaining

Security Flaws

Some issues should be best dealt with behind closed doors as there is that moment of opportunity where the solution doesn't yet exist and the vulnerability is wide open which is how vulnerability reports result in servers getting hacked all the time, let alone planes flown into buildings.

Stating that a problem exists vs. posting the code to actually exploit that vulnerability is a HUGE difference between being mentioned on the Evening News vs. fun time in the federal prison showers playing pick-up-the-soap.

I think this twit will think twice before publicly posting code to exploit serious security issues like this in the future, assuming he has any future once the Feds are done with his dumb ass.

I ran that through

Quote:
I ran that through babbelfish to translate that from liberalese to English and what it said was 'I don't want to take responsibility for my actions'.

Hey wheel, let me try again to clarify. You seem to be stuck on the righteousness bit. Step a bit further away from Incredibill's aura, and see if you can grasp this:

I don't give a rat's ass about this individual's whinyness. What I commented on is how we (our society) allow things to exist as long as *everybody* doesn't know about it, and then we POUNCE and ARREST and PROSECUTE when some scapegoat embarasses all of us for our laziness. That IRRATIONAL RIGHTEOUS RESPONSE alienates, believe it or not. I know you it might contradict what you hear at sermon every week, but every "soul" we alienate (especially when we mis-use authority and might to do so) is likely to come back and bite us IN THIS LIFE.

This guy is nothing. The issue is everything, but maybe that's just too complex to grasp while Fox News is on in the background. Bad boy bad boy, what a loser. He'll get his, eh?

on third thought...

This guy is nothing?

But his personal actions have the direct potential to hurt thousands so who should take responsibility? There were a load of other things he could have done to draw what is an international scandal to the attention of the public but putting the means into the hands of a terrorist is not one of them.

Gimme a break. That info

Gimme a break.

That info was out there on the web for years, no? And you are saying it took a web page to enable someone to print a fake boarding pass, when anyone could go to the airline site and get the file for themselves just as easily? Editing some text of the HTML code is "putting the means into the hands of a terrorist"?

Geesh. Re-read George Orwell and Dennis Wrong on Power. You may already be entrained, but it really is possible to break free from it.

I'll agree the guy needs some poly sci education, which the taxpayers should be happy to pay for.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.