I didn't sleep at home last night. It's fair to say I was rather shaken up.
I came back today, to find the glass on the front door smashed.
Inside, is a rather ransacked home, a search warrant taped to my kitchen table, a total absence of computers - and various other important things. I have no idea what time they actually performed the search, but the warrant was approved at 2AM. I'm sincerely glad I wasn't in bed when they raided the house. That would have been even more scary.
I'm trying to maintain a semi-normal life. I have grad-student work to do - and a conference deadline of Nov 20th for a paper I'm working on.
Damn that's scary. I can't believe it's gone, this far, I would've though anyone with half a brain would realize you did this with good intentions, but that's America under Bush for you.
ReplyDeleteCrazy. This is absolutely crazy. You know why they are doing this don't you? They are now aware that their "security" sucks and to try to cover their asses they are making an example of you.
ReplyDeleteDon't worry about it, if you are looking for legal help still, let me know, I might be able to put you in touch with someone who can help :)
cheers!
We're all backing you Chris, (and our own 1st and 4th amendment rights too). When the situation gets sorted out this is going to be some serious egg on their face for being such extremists.
ReplyDeleteGood thing its no longer America undr Clinton -- they would have rolled in with tanks and air support.
ReplyDeleteToo bad the government bureaucrats don't have a clue about security. Their first reaction is to bury it.
Where's the source man? Its time to spread it far and wide so they will actually fix the system instead of hiding behind 2AM searches.
Dude, they've got a job to do. They've got to protect the country. I don't know if you get this or not, but we're at war. The terrorists want to kill us, and you tried to help them. Do you want to see Americans die? You deserve to be thrown in jail, at the very least. You're a traitor; a modern day Benedict Arnold. In my opinion, you deserve to nothing less than execution.
ReplyDeleteCrazy and scary. No one should be invaded like that.
ReplyDeleteAnonymous detractor above me must not realize that any terrorist worth his salt already knew this, and that this was only an attempt to call attention to the flaw so that it could be fixed before it was abused, or else is a shameful troll.
ReplyDeleteNote to anonymous detractor, in case not a trol: He is not trying to help people hijack airplanes. He is trying to call security holes to the attention of the public so that they will be fixed. The fact that this does not seem to have been fixed yet, but he has already been searched, leads me to believe that our governments priorities are somewhat out of order.
In any case, I trust the feds a little less every day. Good luck, man; don't let 'em get you down. I sent an angry message to Markey calling for a public apology, but I doubt you'll get it.
I sense a police state in our near future...
Hey anonymous,
ReplyDeletetechnically, it's TSA that's helping the terrorists, by wasting energy and effort on things that are easy to get around. Now, me, I don't want to see Kip Hawley, James Loy, or any of the rest executed for helping terrorists. I'd just like them fired, and replaced by people who focus on the job of protecting us and our airplanes.
Welcome to the United States of America. You allowed the dictatorship to take power, stop complaining.
ReplyDeleteYours without sympathy,
THE REST OF THE WORLD
"Dude, they've got a job to do. They've got to protect the country. I don't know if you get this or not, but we're at war. The terrorists want to kill us, and you tried to help them. Do you want to see Americans die? You deserve to be thrown in jail, at the very least. You're a traitor; a modern day Benedict Arnold. In my opinion, you deserve to nothing less than execution."
ReplyDeleteHa ha ha ha, that guy was a douche.
I'm sure he still believes Iraq had weapons of mass distraction, and that America can do no wrong.
I'm more interested in the other things they may have taken from you. I mean, it was a shoe in they'd take the computer, but what else is gone?
Anyway, it should be noted, whenever you expose the Gov't sucking ass, they'll take what you used to show it. Airport security is a joke, and will continue to be so.
To me, you want to end people attacking us, figure out what they f'ing hate us so much and try to change that. I mean, hell, how long have we crapped on the people of the middle east? And now we're surprised they want revenge?
Keep fighting the good fight bud, and get a good lawyer. I bet you'll be getting some good offers soon.
You had to know this would happen. Tell us, did you even try to alert anyone to this prior to your stunt? You wanted your 15 minutes of fame and instead you'll probably get 15 years in prison. Not too bright.
ReplyDeleteto anonymous at 3:29 pm - try cracking open a few history books and see where that mentality has taken the world.
ReplyDeleteOverstating the obvious, you need a lawyer ASAP, particularly if this gets referred to the US Attorney's office. If it does, and gets taken to a grand jury, you stand an excellent chance of being indicted on whatever they decide to charge you with. That does not judge your guilt or innocence on anything mind you, but it moves you from "target of an investigation" to "defendant." Not good.
ReplyDeleteAs with state and county criminal courts, if you cannot afford an attorney you are entitled to representation by the federal public defenders office. I strongly suggest that you investigate this first thing Monday morning.
Wow! can you guess which poster above is the reactionary Republican moron who hasn't bothered to read the background of this ridiculous home invasion?
ReplyDeleteDefinitely time to get the source code out as a bit torrent so we can get it up on as many sites as possible. Also time to rat out Senator Shumer (D-NY)as the original source of the idea. Check it out at http://www.senate.gov/~schumer/Schumer
Website/pressroom/press_releases/2005/
PR4123.aviationsecurity021305.html
Scarier - actions of the US government in this case or the "anonymous" guy thinking it's the right thing ... and maybe he represents a majority?
ReplyDeleteStay strong.
cute anonymouses.
ReplyDeletewell this is certainly the most interesting and frightening thing that could happen to me.
i think though that anonymizing tools in general are getting to be significantly useful and incredible, so that people will continue to speak their mind without these repercussions.
so no worries yet, except for this MAN himself and his new personal problems. but this just goes to show how important it is that we keep working on anonymizing networks and bring the tools to the mainstream.
Hey - I know a smart way to run a country...
ReplyDeleteImprison or scare out all the smart folks who point out the flaws in the system. Does anyone remember Germany in the late 30's early 40's? Way to go team.
You knew that what you were posting was against the laws of your country.
ReplyDeleteLive with it.
College students are often sheltered from the realities of the world. More so in liberal colleges.
ReplyDeleteIf you meant well, hopefully they will take that into account. You did a stupid thing and you are seemingly pretty young.
If you didn't mean well, then I hope they recognize that as well.
Complete insanity. Though to what end the current administration will go to satisfy themselves of their mission to "protect America"?
ReplyDeleteCall the EFF, ACLU, etc. Get your paypal links working and let's get you some coin to deal with this.
Sit tight - you have allies.
This is REALLY DUMB.
ReplyDeleteYou know that, right?
I mean, you have finally figured it out, right? That it's DUMB to do this,
right?
(probably not)
Well, when you do finally figure out
that it's dumb, great, now do smart
stuff from here on out.
As they are reading this:
ReplyDeleteDear FBI-Agents,
when do you notice, that you and your organisation are out of control? You are there to protect freedom, democracy and free speech. Instead, you're harassing people who are in principle in your camp by pointing to security flaws.
Chris, do you have backups of your hard disk? OFF SITE BACKUPS?
ReplyDeleteSeriously you need them now, and you need them in a safe, secure, secret, confidential place, like your lawyer's office.
What are they afraid of ¿Terrorists? Really? Is (anti-huah!)terrorism the reason of ALL of this? Who are the people for whom this government is acting for?
ReplyDeleteYou may want to give Jennifer Granick a call, she runs the Center for Internet and Society out of Stanford. She's run Internet-specific defence cases before. Not sure if this would fall under her realm or not - but it couldn't hurt to get in touch with her.
ReplyDeletehttp://cyberlaw.stanford.edu/
&
http://cyberlaw.stanford.edu/blogs/granick/
"You had to know this would happen. Tell us, did you even try to alert anyone to this prior to your stunt? You wanted your 15 minutes of fame and instead you'll probably get 15 years in prison. Not too bright."
ReplyDeleteThe loop-hole had already been found, and brought to the intention of the authorities. They did nothing. Chris' actions have publicised the hole so that it will be fixed, and so protected the country from these terrorists (who most likely knew about this anyway).
But I know that the people who think this way won't listen to reason, and will continue to blame people Chris for America's gaping problems.
Chris,
ReplyDeleteI know that you may be up to your ears in referrals by now, and I agree that the ACLU and the EFF could be great resources, but I just want to make sure you also know that, at the more local level, you might want to let the folks at the Bloomington Peace Action Coalition know that you're looking for a lawyer, and you would also probably be able to find support at the Unitarian Universalist Church of Bloomington, if you're looking for ways to spread the word and/or raise money in B-town.
If you want more direct help, give me a shout. I would be more than happy to send some emails and help with the lawyer search, if it's still on.
Sorry that we passed like ships in the waters of the Informatics building, man, but it's been nice getting to know you a bit via Planet Info, and I wish you the best of luck.
Wow... I found your blog by clicking that little "next blog" link on blogger... good grief. At first I thought all this was a hoax blog, but it sure sounds like it's really happening to you... totally sucks. I wish you the best.
ReplyDeleteTo commenter above me:
ReplyDelete"A number of people before Soghoian have pointed out the airline security vulnerability his "Fake Boarding Pass Generator" website illustrated. Among them:
* Bruce Schneier (2003): Link
* Sen. Charles Schumer (2005): Link
* Andy Bowers, Slate.com (2005): Link
* Jacob Appelbaum (2005): Link"
(BoingBoing)
Man, they knew since 2003 about that (and probably other) flaw(s) and cared shit to fix it/them.
Now the security flaws got more widespread public attention! Think of it; you pay a lot of money for a flight, so you should get a minimum of security in return.
Think of Sony's Rootkit and busted Kryptonite locks: A handful of crybabies - no chance the suits will change something. But spread over the net, they HAVE to do something (and searching people's homes in the middle of the night is not the solution)
All this "War on Terror" is only bringing it further into being. Mother Teresa said something along the lines of this, "Don't bother inviting me to an anit-war rally, but I'll be the first to attend if you have a peace rally."
ReplyDeleteYou get what you focus on positive or negative.
Shit...I'm shaking...I can't believe it happened to you, but at the same time I shouldn't be surprised...Hang in there man.
ReplyDeleteTrish
http://trishymouse.blogspot.com
Well its offical, your marked man. Someone as intelligent as you should get out of the country even if this stuff isnt going down. Finish your schooling and get the hell out of there, move up to the nice friendly country of Canada. You'll fit in fine :p
ReplyDeletelife is like that.
ReplyDeleteThe good news is, the pigs are monitoring this site now. So tell them what you think!
ReplyDeleteWhat did you expect?
ReplyDeleteIf you were that concerned about airline security, you should have voiced your concerns in a more appropriate forum. Instead, you enabled every lunatic on the planet to create a bogus boarding pass.
FYI: Not all lunatics are computer savvy enough to do it on their own.
I like to think the best of people, so I'm hoping that this was just a temporary lack of judgement. Accordingly, I wish you the best . . . you've got a long road ahead of you.
Wow man, this is pretty jacked up. But as I was told early on, "If you're willing to stand up for what you think is right, you have to be willing to face the consequences."
ReplyDeleteI'm sure you'll come through this ok in the end, but it's going to be a hell of a ride. Good luck.
I am assuming that this University does teach some common sense.
ReplyDeleteIf there are security concerns with software, it is submitted to the owners privately. Not posted on the Internet, and told to have fun with it.
Do not mean to rain on your parade, but this is not a contest of the First Amendment, but a valuable lesson in stupidity. I am sure that you will make a lovely professor with teaching these kinds of things to your studends.
They broke your window? Those assholes. I can list 10 ways off the top off my head they could have made entry with less property damage that I'm sure they are aware and capable of. Their ability to differentiate between a naive college student and a potential terrorist is also confidence-ensuringly sharp. With a potential terrorist their actions are almost reasonable, for an example case prosecution of a naive college student they are way over the top. All that would be called for in that case is taking your hard drive.
ReplyDeleteSlate posted on this in February 2005. No raids then:
ReplyDelete- http://www.slate.com/id/2113157/fr/rss/
Crazy, but it's just another sad day to be an American. We're supposed to be a nation of laws, but we're really a nation of a vast, out-of-control government. We're being screwed every single day, but most Americans are too blind to see it. We're well beyond voting away this nonsense, and that's been the case for at least 50 years. For those who think its just Bush, you're wrong, it's the whole damn system.
ReplyDeleteHeaven forbid that you say the emperor has no clothes. They'll come ransack your apartment and threaten to arrest you.
ReplyDeleteThey're just after you because you publicly demonstrated the fact that 5 years after 9/11, we are no safer now than we were back then. All the work the TSA, Homeland Security, the President, and the Republican party has put towards security has done nothing. While we secure our airplanes against toothpaste, shampoo, apple juice, and other liquids in excess of 4 ounces, they did absolutely nothing about fake boarding passes and the ability those gave terrorists to get past security.
Hopefully, people see the ineptitude of the Republicans and their cronies and vote the lot of them out of office.
Exposing a flaw in the system that any half-way competent terrorist already knows about - oh yeah, that's a criminal act.
ReplyDeleteAll you've done is to pull back a portion of the thin curtain that covers the backstage area of our security theater.
You deserve an award, not a search warrant and a trashed home. You've been in touch with the news media, I hope?
I believe that this sort of “testing” should actually be encouraged. It’s how security firms create better products and systems, by having hacker’s test them and try bypassing them. It’s raw and it works. The only thing the FBI should be “investigating” is ways to make it more difficult to make fake boarding passes, and Christopher Soghoian should be praised.
ReplyDeleteMuch love Chris. Just want you to know that I'm thinking of you and hope the best comes of this. Stay strong.
ReplyDelete--Smutt
haha, i was like damn this dude got on slashdot with some insignificant script, i should be doing that shit. but like um no, i'm cool with being in jail.
ReplyDeleteto be honest, i would have tried to contact private parties about seeing that the problem gets fixed, rather than going on slashdot with it.
there is a tension between getting through the airport without being harassed and flying securely. if you know of some harassment-free method to fly securely, you should publish it somewhere.
when airlines relax toward "less harassment", security lowers, and anyone can sit around and find holes in the system, and we all know it's not fully secure -- you'd be a fool to expect that if some terrorist really wanted to fly, he could not.
so i'd say you made a mistake. sure, it's not a mistake "logically" given a particular interpretation of law, but only socially unintelligent person would deem what you did to be "right" in a meaningful way.
i hope it all goes ok for you. best of luck.
Chris,
ReplyDeleteWe're with you.
http://www.gather.com/viewArticle.jsp?articleId=281474976826167
I can only say that our country is so f***** up that we waste our money and resources on things such as this, then claim we can't care for our people in need due to a lack of funds.
ReplyDeleteI wish you the best of luck, and will send good thoughts and donations your way!!
What were you THINKING? Or were you?
ReplyDeleteGiven the current state of paranoia about this stuff, did you expect the FBI to laugh and offer to buy you a beer?
Common sense isn't, obviously.
To the anonymous above:
ReplyDeleteSince you seem to like the idea of alerting people first, take a look at this: http://www.senate.gov/~schumer/SchumerWebsite/pressroom/press_releases/2005/PR4123.aviationsecurity021305.html
Note first that this is the exact same thing as what Chris did. Also note the date on that thing, if nothing else.
And you thought notifying the gov't would help. Welcome to M$.
"Graphic Interchange format" ... do they think that GIFs are what all image files are?
ReplyDeleteAnyway, saw this on SA and good luck dude.
Ok. I guess this shit is like trying to put in jail anyone who mentioned the possibility of anybody crashing an airplane against a skycraper before 9/11.
ReplyDeleteYou would have been better living in Argentina.
As a UK citizen I think you've done a good thing for the world; IMHO you've done a good thing for America. Stay strong.
ReplyDeleteWhy would anyone seize monitors? they can't possibly contain any evidence - that's just plain harassment.
ReplyDeleteSame goes to a degree for any and all stateless hardware. Theoretically, they should seize (or copy) disk drives and documentation.
Wow, I feel sorry for you. Here you are trying to show a security hole (although something more discrete would have been better) and they search your house and take your stuff. It's nuts the way the world is today
ReplyDeleteThere was no reason they had to serve this warrant in the middle of the damn night. There was no indication that the subject of warrant was violent or would have resisted in any way. It's stunts like this that get cops killed.
ReplyDeleteIs a php-script really worth scaring a home owner and risking a gun fight at 2 a.m.?
It's reasons like these why I hate most cops and just about all Federal agents.
I'm still confused as to what law you actually broke... and am wondering about over-zealous federal law enforcement agents... and, yes, gentlemen & ladies, you can come knocking at my door, if you'd like...
ReplyDeleteIn the mean time, do contact the ACLU and EFF...
And keep blogging... remember that transparency is a bedrock for democracy...
Was there any reason to believe you wouldn't cooperate fully with the FBI? Just because you have a valid search warrant isn't an excuse to conduct an overnight break-in raid.
ReplyDeleteWhat a travesty.
What other stuff did they take?
ReplyDeleteI suppose a digital camera/iPod, etc. would classify as a storage device.
Nasty to lose all your electronics though. From what I read, you won't get any of that stuff back too soon.
We're with you Chris... but we don't have the amazing magic powers we need to pull them away fast. Keep getting the word out until you have the help you need.
ReplyDeleteThere are way to leak such information without linking it to your name. I hope this situation gets resolved on a more positive note.
ReplyDeleteIt's real classy that they came in the middle of the night. Way to act like unreasonable thugs.
ReplyDeleteFeeling scared yet?
Wow, the land of the free and stupid!
ReplyDeleteThis just goes to show you how ridiculous the whole situation is.
The congressman wants to be famous by being in the news and seemingly fighting terrorists...(yeah, I know..)
The FBI can say to itself "we are doing something, we are fighting the war on terror" instead of just sitting on our asses all day, eating taxpayers' money.
Terrorists around the world: "Ha-ha, look at those idiots, arresting their own security experts. Us:1, infidels:0."
The rest of the world: "WOW!"
Shame what happened did, If you had only stamped "EXAMPLE" across the middle of the image using the GD library, none of this would have happened and it still would have been brought to their attention.
ReplyDeletethis is ridiculous - the gov. knew about the loophole over 1 and a half years ago, yet they are trying to cover it up by harassing college students instead of fixing it. they are not trying to protect the country, they are protecting their jobs or wasting taxpayers $. i hope you get a lot of $ from a countersuit or something.
ReplyDeletefor what its worth...I sent the following to several media outlets:
ReplyDeleteopen letter to Congressman Ed Markey:
Congressman Ed Markey,
If Christopher Soghoian's website and many, many other media outlets are to be believed, and you need to check your priorities for calling for his arrest. Granted, he published on his website a way to generate fake boarding passes, but he did so in order to point out the gaping hole in TSAs secutiry processes.
Surely, you would encourge the public to point out obvioius holes in policy, laws, or other societal "rules" you and other elected officials are responsible for sheparding. I realize you probably object to the manner in which he points out the flaws in TSAs efficacy, but this very same issue has been pointed out many other times more discretely for years - incluuding by Senator Schuman of New York.
Sometimes when the message is not heard, one needs to stand on a table and shout it, thereby ensuring it is received. Point of proof.....you heard it this time!
Now you want to punish someone for 'shouting'..that's one reasonable definition of the internet, right...a public "soapbox". Shame on you.
Please, please, please....spend your time fixing the underlying problem, not 'shooting the messenger'.
Mike
So do one better. You should create a search warrant generator!
ReplyDeleteAhahahaahahah...
Hey, why fix a broken dam when you can just mop up the water later?
ReplyDeleteIs this America???
ReplyDeleteI will be e-mailing Senator Schumer to at http://www.senate.gov/~schumer/SchumerWebsite/contact/webform.cfm
ReplyDeleteThis just highlights what he said. The FBI should probably sieze his stuff too. He should step up tell the Administration to call off the Homeland Security attack dogs.
it really looks like the fbi (or whoever was behind the search warrant) is really going for a chilling effect.
ReplyDeletespeechless...
ReplyDeleteJust sent you some cash. Seriously, feel free to use it for other stuff outside of the legal fund. Maybe a full page Ad in the NY Times or something if you get a surplus.
The establishment's stupidity has to end. Let's hope you survive being the catalyst..
Check out the flyertalk.com discussion.
ReplyDeletehttp://www.flyertalk.com/forum/showthread.php?p=6606980#post6606980
Boarding pass and ID checks do not provide flight security. The government can't even focus on keeping "guns and bombs" off the plane properly. Instead they obsess over checking papers and identification documents while waging a war on liquids at airports and banning dangerous water and tubes of toothpaste. The lunatics are running the asylum.
Chris, I love the idea of getting the code out... or perhaps someone was smart enough catch it before it went bye-bye...
ReplyDeleteThere's a little voice in my head saying, "If the feds had only left well enough alone, this whole thing would'a blown over... Now they've made sure everyone in the world knows about it." Hell, I'm even willing to bet that you'll be on Wait Wait on the next show.
In the mean time, I've been blogging about you over at my Tidewater Musings.
Chris, I know you're online; keep posting & keep the faith. Transparency in action, baby; transparency in action.
And to the federal agents who are reading this, you can refer my insolence to my friends over at the Norfolk Joint Terrorism Task Force; they've been to my house before, so I'm pretty sure they can find me again. ;-)
It still is confusing - what exactly are you being charged with
ReplyDeletethe boarding pass generator - had a very obvious warning on the Website
It sort of reminds one of the arrests of those college students for buying huge amounts of cell phones
Dude,
ReplyDeleteGood luck. No jury on the planet would ever convict you, hopefully you won't be charged with anything. You're a whistle blower. But the Oval Office and Congress don't like to be exposed as what they are... corrupt & incompetent. So they send their dogs to scare you, as a message to the rest of us "Citizens", "Shut your fucking mouth, don't critisize your Goverment or we will fuck your life up!" And if you have any doubt about whether this was a blatant scare tactic and a complete abuse of Federal Goverment Power, here's a simply question, "Why do this in the middle of the fucking night to a Phd Student? An Academic!"
In "America" Citizenship no longer entitles you to a trial by a jury of your peers(hey that citizen is an enemy combatant) or limits you being held without a charge. And now, The president can declare martial law ,nullifying some of the most important protections in the constitution againts using the fucking Army against Americans!
Why?
Because the Republicans are pussies that are scared of terrorists ... and are willing to give up the whole point of America, freedom. The purpose of starting America was NOT to be safe it was to be fucking "FREE".
The Republicans failed at protecting the borders (incredibly simple) and failed in airport security.. (all the luggage isn't scanned) .. and they want to punish anyone who points that failure out.. like you. You're making the President and Congress look really stupid and incompetent, that's why the FBI is storming into your house in the middle of the night.
When the Democrats have the Oval office and Congress .. hopefully we'll return to some semblance of Freedom again.
Next time you hear some PUSSY on TV say that its necessary to sacrifice a little freedom for safety, remember this my friends... http://libertyonline.hypermall.com/henry-liberty.html
To the anonymous clown that posted "You're a traitor; a modern day Benedict Arnold. In my opinion, you deserve to nothing less than execution." ,
ReplyDeleteI say get your ass out on the front line like the Marines I served with. I was there the first time when a bush couldn't get the job done. I got out because I did not believe the corrupt govt of the US was interested in her people, but only the financial interests of the chosen few. I guess you believe Iraq had WMD's too. Chris only showed how stupid these so-called protective measures are. You need to get your lazy ass back to IM'ing Mark Foley. The supposed security measures are just like gun registration and locks, only serve to keep honest people honest.
Doh!
ReplyDeleteI can't see how pointing out a securty flaw is breaking the law. However there was a mindless idiot political guy that did call for your arrest. So I look at this matter as purly political. The good news that the guy who called for your arrest is going to be out of a job on the 7th of November.
ReplyDeleteGood Luck! You will be needing it.
Do you have a copy of the FBi agent's affidavit in support of the search warrant? I'd sure like to see it. You should have it.
ReplyDeleteI can't believe there's people blaming Chris for this. He made a "generator" that is about as difficult as sending an email for most Computer Programmers. The security issue is the fact that airport security actually accepts (EXTREMELY EASILY MODIFIABLE) computer printouts as boarding passes!
ReplyDeleteBut its worth noting - Bush did not create the concept of lawfully executed Search Warrants.
"Damn that's scary. I can't believe it's gone, this far, I would've though anyone with half a brain would realize you did this with good intentions, but that's America under Bush for you. "
ReplyDeleteThat's why the guy that originally called for his arrest was a democrat? ;-)
Wow... the terrorists in the FBI are at it again... trying to kill Democracy by silencing all conversations that don't agree with the party line.
ReplyDeleteThis is sure proof the terrorists have won... and the country is doomed.
--Mike--
Email I just sent to Congressman Markey: Do you really think going after grad students for pointing out the government's shortcomings in homeland security is going to help prevent terrorism? The webpage posted by Chris to create boarding passes while probably the wrong way to go about proving his point is being met with a completely idiotic response iniated by you and carried out by the FBI that shows the government really has no idea or no desire to protect us from real threats instead go after easy targets to make it seem like something is being done. Please do what you can to make things right and stop punishing Chris. Also if you have any response to this please do not have it be a form letter because that would be almost as insulting as your complete lack of compentence at identifying real security threats.
ReplyDeleteI am so sorry you are going through this. It is stunning to me that this could happen, and frightening. Good luck.
ReplyDeleteHere is a quote from your original release of the generator:
ReplyDelete>>>>>>>>>>>>>>>>>>>
Wednesday, October 25, 2006
Airport (in)security for the masses
I realized today that editing HTML, while easy enough for a geek, is still far too difficult for population at large.
And thus, I now present: Chris's Northwest Airlines Boarding Pass Generator
Using this, you can:
1. Meet your elderly grandparents at the gate
2. 'Upgrade' yourself once on the airplane - by printing another boarding pass for a ticket you're already purchased, only this time, in Business Class.
3. Demonstrate that the TSA Boarding Pass/ID check is useless.
Have fun!
>>>>>
I think there is a big difference between demonstrating a hole in our nation's security, and giving others who might not have the technical knowledge that you do(including potential terrorists) the ability to exploit that hole.
What you did was wrong, but what you meant was right. I know your intentions were good, but this will probably end up being a lesson to others that intent does not always equal the result.
I know others here have claimed without your generator that this hole would have never been fixed, but I completely disagree.
There are so many other ways this could have been done with better results for you and our government. You could have gotten the same amount of coverage if you had alerted the press and would be having less sleepless nights.
I could have seen myself doing something this stupid when I was younger and I hope you make it through this fine.
I would suggest that your first course of action would be to admit that you were wrong, but state your intentions to a judge. My guess is that your inevitable sentence will be lighter, and that you will be able to finish grad school on time.
Intent will mean a lot to a judge if you admit that you are wrong. (which you are)
Overall, I think you're a good person, just a bit naive as we all have been at one time or another in our lives.
Listen, I understand you did this with good intentions, but would you teach your kid that a gun was dangerous by leaving a loaded weapon on the kitchen table? You publishing this script is nothing short of idiotic and in this day and age you deserve anything you have coming to you. Seriously, for a grad student, you're pretty freaking stupid. This will be fun to watch.
ReplyDeleteTo those talking about anonymizing networks... this idiot had his whole bio posted on the web.
Get a refund from your university dude, you need to work on your street smarts first.
Also I find it very interesting all of the comments are supportive of you. Then again, you censor them so that will be the case.
ReplyDeleteWhy is it that some are intentionally stupid? Seriously, why? If you have a PHd, why the stupidity?
ReplyDeleteYou're posting stuff that can get people killed, similar to handing them bombs ready to go off, only in this case, you're handing them the boarding pass rather than the bomb. They need both, you're handing them one of the items needed to kill people.
That's DUMB.
You might be smart in a few select areas, but you're DUMB otherwise in not being able to see wrong from right and act accordingly.
The FBI's doing their job, I applaud their efforts and hope you'll grow up mentally and get some broader intelligence so you can see why what you've done is wrong.
Your peers cheering you on... dumb.
Grow up guy, you better hurry too, it's all gonna collapse around you if you don't.
I'm really sorry for you, it is clear that the one "land of freedom" America is not the land of dictatorship.
ReplyDeleteUnfortunately this is what happens when you let a serial killer, religious zealot, war criminal, become president.
Your country is now straight on the path that will bring it to where Germany was in 1930/1940, your freedom is vanishing so fast that when you will realize how far this all went it will be too late to do anything about it.
Keep in mind the wise words of Franklin: "who gives up essential liberties for temporary security does not deserve liberty nor security".
Please do realize, now that _maybe_ you are still in time (even though i doubt it already), that whoever uses the fear against you, whoever uses the fear to gain special powers, whoever uses the excuse of terrorism/pedophiles/whatever to control you and to remove your freedom is NOT someone to be trusted, it is just a smart common criminal who wants to make your "land of freedom" into a "land of slavery"... it is just the enemy number one of democracy and of freedom and so should be judged and sent to jail for the rest of his life.
I wish you all the possible luck in this case and i hope you will get out of this with the less possible damage.
The terrorists have already won, your president gave them his full support in this.
Have a good day.
I'm very sorry for you and the USA, you just did something RIGHT in order to enhace security and the dictatorship is going to make an example of you.
ReplyDeleteI hope american people will soon realize that you are in a dictatorship, and that democrats are the same as republicans, so you the people could take the power back to the people. But i think that it won't happen.
Anyway, keep trying, it can be difficult but it has been done before.
As for costs to fight this, unless it escalates don't worry. They are only investigating and they haven't filed an indictment. You don't have to answer any of their questions, which is probably best. And once they do, you'll still be given time to find a lawyer, and hopefully one that will do it for the press coverage. Good luck.
ReplyDeleteDear FBI, Senator & TSA:
ReplyDeleteI think that the person who gave the order to search Chris's home has made a terrible mistake.
I know that there are some people who are embarrassed to admit that there are serious flaws with airline security policies and that those people may be afraid of censure or losing their jobs if those flaws become more widely known.
When we are embarrassed it is very easy to feel angry with someone who talks about the reason why we are embarrassed and it is also easy to think of them as an enemy.
However, don't you think that it would perhaps have been better to work with Chris (or the many other people who have pointed it out) on fixing this problem rather than creating a situation where you are now being seen as caring more about shooting the messenger than using the message to do your jobs better ?
- hummingbird
Why the need to come in the middle of the night when you had already cooperated with them at a prior visit ?
ReplyDeleteThat, sorry, does sound a bit like jackboot territory.
"College students are often sheltered from the realities of the world. More so in liberal colleges."
ReplyDeleteAmericans are often sheltered from the realities of the world. This is a clear case of only worrying about a major problem when it threatens the reputation of important people. I find it typical of government and big business everywhere, but even more so in the USA at the moment.
Don't be fooled. There are probably thousands of people capable of doing what Chris did. The ones who didn't do this fall into four categories:
(1) quietly informed the authorites and were ignored.
(2) kept quiet because they wanted to make use of it for illicit purposes.
(3) don't care enough to do anything.
(4) kept quiet because they have even better ways of striking at your country.
You should be glad Chris isn't any of the above. If you don't understand why, well, try reading this again in 10 years time when your country becomes a police state, or is reduced to rubble by some terrorist weapon.
I would also blame NWA on this. They probably complained originally to the gov't saying "How can you let someone get away with this" instead of just fixing the problem.
ReplyDeleteThis is unbelievable. I figured this loophole out the first time I printed a boarding pass online. And I certainly am not the only one. Of course I never exploited it myself or created a script to automate it, but it would be trivial for any terrorist to do it.
ReplyDeleteConsidering that terrorist organizations use the Internet as one of their primary ways of communicating with the public, it would be daft to suggest that they hadn't figured this out by now.
You have a huge body of support behind you, but most importantly you have Truth. Use it well. It is a sad state of affairs in the US at the moment, Americans should be grateful someone is on their side helping progress. Security through obscurity never works, many eyes make all security holes shallow (to paraphrase Linus Torvalds). Best of luck to you, keep us updated, we'll keep you on Slashdot and other news sites. Use the media as much as possible, and to everyone else let's make sure this issue is kept in the spotlight until it is resolved.
ReplyDeleteIt's sad to see a once-free country implode like this. I'm glad I don't live in the US - in fact I won't even consider going there until it undergoes a regime change. At least there are a few brave people left, here's hoping Chris (and others!) won't be crushed by the Orwellian system put in place by the fearful masses.
ReplyDeleteIt's getting very unsettling living in the United States these days.
ReplyDeleteWhen one starts censoring themselves for fear of a visit by armed thugs, things have changed for the worse.
You've exposed a hole in TSA procedure, so now they'll harass you in order to have the site taken down. But they don't know that the net has mirrors all over the place.
We have the illusion of security with the reality of Keystone Cops. I hope you survive this battle of wits.
Absolutely shocking. The world is becoming more dangerous by the day - thanks America!
ReplyDeleteAll the best on this Chris - here in the UK we don't even have a constitution to protect us, but I'm pretty certain that abusing citizens like this would NOT go without widespread condemnation.
Hey, haters. You're not half as wise as you think you are. It's long known that in information science, "security through obscurity" is never working. It's a slow and unreliable way to deal with security. Thank you for trying to sound smart. The guy who runs this blog did a Good Thing.
ReplyDelete"But I know that the people who think this way won't listen to reason, and will continue to blame people Chris for America's gaping problems. "
ReplyDeleteI didn't say he caused America's problems. I said he was dumb if he didn't know this would happen to him for doing it the way he did.
It amazes me that so many people here miss the point.
ReplyDeleteThere is no doubt that the flaws in the TSA system need to be corrected. This has been known for a few years now.
What everyone seems to be missing is that it's possible to point out the flaws in the system without breaking the law.
What Chris did was illegal on several levels.
1) The content he took from the NWA website was copyrighted. That's people's exhibit the first. The modifications he made do not constitute a separate work.
2) He misappropriated the NWA trademark. That's people's exhibit the second. When the FBI is done with him, NWA might have a bone to pick.
3) By creating the page, and explaining the ways to use it--even implicitly urging its use--he becomes liable for conspiracy to commit and aiding and abetting a felony. (Does anyone remember that it's against Federal regulations for non-ticketed passengers to be on the gate side of the TSA checkpoint?) It even says so in the search warrant. These facts are people's exhibit the third.
4) Both the blog and the now-missing page contain instructions on how to steal service from the airlines, to wit, "upgrading" one's boarding document to First or Business class. It would never have worked, which only demonstrates that Chris didn't really know what he was talking about. This, again, is conspiracy to commit, and accessory before the fact. These facts are people's exhibit the fourth.
What exactly did he think would happen? It isn't about intentions--although the intentions were clear enough in the page, and in the blog: "Go meet your grandparents at the gate." Translated: violate Federal regulations for your own personal convenience.
Good intentions or otherwise, if you put a gun in the hands of a child and the child shoots someone, you are as liable--if not more--for the shooting than the child. (The question of legal liability is without doubt.) If someone has used the output of the BP generator to get past the TSA checkpoint, then Chris is automatically an accessory to the crime. Had someone used a false boarding document to get past the checkpoint and commit some sort of mayhem, injuring people and damaging airport property, would anyone be discussing intentions? (You can't excuse it by saying, "Well, nothing happened." Absence of incident is not absence of probability or possibility. There could still be altered documents floating around out there since the page allowed one to create documents for future dates.)
Regardless of whether you're a conservative or a liberal (and I see a lot of liberals here), the concept of breaking the law is independent of political leanings. We are first a nation of laws, not of persons.
I don't know if I agree with the current regulations or not--I have no problem complaining that the TSA procedures are inadequate--but I'm old enough and wise enough to know that one must deal with the world as it is, not how one wishes it to be. The laws and regs can be changed, and maybe must be changed, but right now Chris has to deal with the fallout of what was, frankly, a stupid mistake. He did the right thing in a very wrong way.
I don't know if anyone remembers, but on September 11th, 2001, Arab terrorists misused the airlines to crash two planes into the World Trade Centers, and one plane into the Pentagon. A fourth plane ended up in a field in Pennsylvania, where my brother-in-law was one of the first responders to the scene. (He doesn't talk about what he saw that day. Care to imagine for a minute what it must have been like?) On Wednesday, October 25th, 2006, for a couple of days following, Chris S. made it much more easy for a similar set of circumstances to occur again.
Pardon me if I don't contribute to his legal defense fund.
dan walker said...
ReplyDelete"Here in the UK we don't even have a constitution to protect us..."
In the US, neither do we...anymore.
Bravo to the Anonymous poster at 5:40 AM. I couldn't have said it better myself.
ReplyDeleteIt's unfortunate that Chris had to learn this lesson the hard way. It's equally unfortunate that so many people here goad him on (I think they *really* see this as an opportunity to make Chris a martyr for more partisan bashing).
Chris -- was that your intention? To become a martyr? Or are you just stupid?
What I dont understand about the warrant is that theres a set time during the day to execute said warrant and what? The guys just crossed out the times and said hey we invaded at 2 am yay us?
ReplyDeleteUnless Im missing something it doesnt make much sense to me.
To Anonymous (Coward!!) @ 5:40a: "I'm old enough and wise enough to know that one must deal with the world as it is, not how one wishes it to be."
ReplyDeleteMaybe you're too old and you've given up. How about changing that to:
We all have to work to make the world the way we want it to be.
Isn't that the idea of a democracy? We all get together and try to figure out a way to run things. And if things aren't running well, someone needs to stand up and draw attention to it.
This guy's got balls. Hopefully this little adventure doesn't make them go away.
I would like to point out that the FBI executed the raid at a time and under abnormal business conditions against a citizen who had known locations, known patterns of behavior and no known reason to do anything other than present the warrant in normal hours under normal conditions.
ReplyDeleteThis was a terrorist act by the FBI! It clearly was intended and structured to deny the party involved even the ability to seek legal redress. It was completely done in a fashion to send a message of terror.
The American People need to wake up. The Bush Administration is 100% out of control. They will not serve a warrant on an Illegal Alien. They will not serve warrants on drug pushers even with demands of the citizens. I called the FBI myself to report a Crack and Meth operation next door. I offered my house as a base for clandestine operations. They would not do anything.
You are a real patriot for trying to do your effort to get security up and working. The Bush guys are threatened by such efforts because it is obvious. Any effort that is made to secure this country in reality is blocked by the Bush team. They are opposed to securing the country because if they did the trillions of US Dollars they are stealing would not be able to be shaken out of the hands of taxpayers. It is a super mafia shakedown racket that is going on. I am just sad you ran into it.
For those out there who cannot figure this out. People rarely speak strongly against that which they support. Conversely People rarely strongly oppose that which they support.
I find it amusing how so many posters here seem to blame Bush and/or Republicans for what happened when it was a DEMOCRAT who called for his arrest.
ReplyDeleteWhen is Congressman Markey going to call for the arrest of Charles Schumer. He pointed out the same flaw more than a year ago.
ReplyDeletehttp://www.senate.gov/~schumer/SchumerWebsite/pressroom/press_releases/2005/PR4123.aviationsecurity021305.html
Re: The argument that Chris was wrong to break the law to make a point.
ReplyDeleteThe counter argument is:
. Law do not exist in a vacuum.
. Laws have to be measured relative to the goal of the legal system.
. The goal of the legal system is ?
. That's right. The goal of the legal system is to create a better society than the one that exists when we do not have a system of law in place.
. Now, if an action was taken with the intent of highlighting a danger to society. (And said action certainly succeeded) my question is...
"If the legal system and this action both have the goal of creating a better society - does the fault lie with:
a) The legal system
b) The action
c) The lack of any accountability whatsoever on the part of the agency that set up the insecure system in the first place ?"
The actions of chaps like Gandhi are admirable _precisely_ because they challenge the actions of folk who are harming society and using the legal system as a shield for the hurt they do and the damage they cause.
I am a white South African who grew up during the apartheid years and it was a damn common sight to see grown men cowering and copping out of their responsibility to stand up to bullies with the words:
"I did not challenge the bully because I have learnt to deal with the world as it is, and not how I wish it to be"
The only thing that creates the oh-so-fashionable environment of modern moral relativity is cowardice.
When you start justifying your own cowardice the only person you have fooled is yourself.
Chris is fighting for your freedom and he is doing it without drawing a gun, without intimidating anyone with a show of paramilitary force and - most of all - with the voice of reason instead of the voice of fear.
Bush and his entire administration needs to be ousted and executed publicly. I'd definitely be there cheering and having a good time. America is rapidly approaching something straight out of the book 1984. It's frightening.
ReplyDeleteFirst time in a long time I have written members of the Senate and Congress, but I wrote both of them today after I read the story... Sometimes I can't believe this kind of thing happens in our country, it's a shame that our rights and liberties are being removed a little piece at a time. So slowly, most people don't see it.. And all in the name of (War on Terror). Bahh pftt..
ReplyDeleteFind yourself a lawyer, and explore the options that should exist under the Whistleblower Protection Act, http://thomas.loc.gov/cgi-bin/query/z?c101:S.20.ENR:
ReplyDeletehttp://en.wikipedia.org/wiki/Whistleblower
Sure, it might be a stretch, but in this case, having a blog might protect you under "media and journalism"...again, I know it is a stretch...
But this law should apply when you consider that we have been told how safe we are and all the new security measures taken...that aren't secure. This is a waste of federal tax dollars, at the minimum, and a gross negligence, at the maximum.
get the code out:
ReplyDeleteSee Bruce Schneier's blog for php source.
I've created exploits like this before. It's no big deal, and people do it all the time, because if no one creates an exploit, it is never fixed!
ReplyDeleteYou've simply found yourself on the wrong side of one of our national dictators.
The only reason the Freedom-hating Bureaucrats of Ignorance have gone after Chris for this exploit is because he made the Touching and Stripping Administration look bad.
Lesson learned: America is neither safe nor free, and the U.S. government almost always kills the messenger.
If you know what's good for you, then emigrate.
I'm sad this has happened to you, if I where a Lawyer I'd be flying out to defend you, alas I'm not. I hope you find someone to help you. I hope the code for your generator gets out into the wild, rest assured it will end up on every single off shore server in existence.
ReplyDeleteMuch respect,
John Edgar
I would like to preface this comment with the fact that I'm no Bush supporter. I agree that you have every right to point out the security loophole, but it was wrong to create the automated boarding pass generator.
ReplyDeleteSomething that people with a lot of education usually fail to realize is that most people do not have nearly enough intelligence to figure out things like this for themselves.
You said it yourself - the basic html was beyond the grasp of most people, so you made it easier by creating a script to generate the pass.
You could use similar reasoning to distribute any state secret. "After all, we figured out [bio-weapons, nuclear weapons, etc.], so anyone could, right???"
I don't think you should go to jail, but you should be sentenced to getting a clue.
I might also suggest that you bring a civil suit against NWA and/or TSA to show that the security loophole is their problem. Making it more expensive for them to not fix the loophole is the only way it will ever be fixed.
Can you post photos of the state they left your house in ?
ReplyDeleteTo the anonymous commenter who gives 4-step legal analysis above: please stop pretending to be a lawyer. I happen to be one, and you have no idea what you're talking about.
ReplyDelete1) Copyright violation creates a civil action, not a criminal one. You cannot go to jail for copyright infringement.
2) Misappropriation of trademark is also not a criminal action.
3) Explaining how to do something is not "conspiracy" to commit that act. By your thinking, we should toss in jail every chemistry professor who dares explain or demonstrate explosives.
4)Tricking a flight attendant into giving you a first-class seat by showing her a boarding pass with that seat: this is a) entirely plausible, and b) not a crime.
Thanks for offering your expert analysis; we are all appreciably dumber for having read it.
For Chris's sake, let's hope the government is brighter than this guy.
Instead of trying to scare you, they should have offered you a job. I don't think you should have posted the script online, but I respect your decision to do so. It seems like you only had good intentions. I'm sure if the FBI or DHS called you and asked you to remove the site, you would have.
ReplyDeleteWe really need to start going after terrorists who are trying to kill us and closing the security gaps in our country. Perhaps you should have called the Govt and informed them of just how easy this was.
I have always been a supporter of President Bush, but this is scary. Best of luck!
TO ALL: I've contacted my Sentator and shortly I'll be contacting my congressman. Thankfully it is not Schumer. I strongly recommend firing off emails to your representatives expressing your displeasure. Remember be polite or the jackbooted thugs will trash your house next. For any persons living in NY I strongly recommend contacting Charles E. Schumer direct as he IS one of your representatives and he is the guy who called for Chris's arrest!
ReplyDeleteWOW! WOW WOW WOW!
ReplyDeleteDoesn't ANYBODY realize what Chris has done? HE COMMITTED TWO FELONIES!!!!!!!
1: Posting information/generator that will allow a false boarding pass to be created.
2: Posting information on a way to illicitly change/upgrade a boarding pass.
YOU ARE GOING TO JAIL AND YOU PhD idiotic antics should have known that. Whether you did it for good intentions, you made it public! That was the most retarded idea yet.
Another thing... lawyers won't help you in this case... You will go to jail for the cause of at least one felony.
Good luck, but you of all people should have known that.
PhD my a$$...
Once you win (and there is no way they can charge you with making said information public) sue the bastards for wrongful harassment (and yes... they have been harassing you) - I'm sure you can get at least $10 million for this.
ReplyDeleteTweak government's nose often enough and you might cross over from what is merely offensive to something that is illegal. Sorry about what happened to you but what you did was illegal.
ReplyDeleteAnonymous said...
ReplyDeleteBush and his entire administration needs to be ousted and executed publicly. I'd definitely be there cheering and having a good time. America is rapidly approaching something straight out of the book 1984. It's frightening.
7:44 AM
Have the Secret Service men shown up at your humble abode yet? You might enjoy the Q/A session with those guys.
Don't worry dude. They're just trying to set an example for everyone else as usual, by reprimanding you etc.
ReplyDeleteAll you americans do is hype each other up and wallow in your own sorrow (i.e. that whole 9/11 fiasco) - it'll pass, and you'll be fine once all the media has made a big scene of it etc.
I mean, really.
PS: hope the paper you're working on wasn't on the pc's the stole :P
Damn pigs...cannot stand when somebody punches a hole in their B.S. systems they say keeps air travel safe. Everybody appreciates your efforts and hopes it will work out just fine for you.
ReplyDeleteI have to agree that Chris is clearly and dangerously in the wrong.
ReplyDeleteChris imagines the "full disclosure" ethos that is so often valid and effective for computer and network security is appropriate for evaluating the security of critical public infrastructure. This assumption is incorrect and irresponsible.
"The only way for these kind of problems to get fixed, are through through public full disclosure. TSA/DHS cannot be expected to fix anything unless they are publicly shamed into doing so." - Chris
First , it should be noted that "full disclosure" is not what Chris did. "Full disclosure" is what Schumer and Slate.com did in a completely public forum many months ago. They posted details on specific security problems with TSA's check in and boarding protocols. Chris did something different - he posted a proof of concept exploit along with specific suggestions about how this exploit might should be used :
" meet your parents at the gate " -Chris
Now , in the IT security community a proof of concept exploit often accompanies a 3rd party vulnerability disclosure, but before a responsible security expert releases a proof of concept exploit, the vendor of the vulnerable system is contacted and warned and then given the opportunity to address the security hole before vulnerability and exploit are made public.
In the best case scenario the threat of Full Disclosure works, the fear of "public shaming" and customer dissatisfaction motivates the vendor to fix the security hole.
In the next best case, when a vendor is unresponsive and does not address the vulnerability, the security expert discloses the vulnerability and the vendor fixes the problem.
In the worst case, when the vendor does not fix the problem even when the vulnerability is public, the security expert might release the proof of concept exploit to "shame" and force the vendor to address it.
This is what Chris attempted. He posted a php script to generate a fake boarding pass. It is a step beyond full disclosure, a tool was provided to exploit a security vulnerability in TWA's procedures. Proof of concept exploits are arguably appropriate for addressing worst case scenarios in IT security contexts - they are completely irresponsible and dangerous for addressing airport security issues.
Why?
1. TSA is not Microsoft, not a software vendor, TSA is a huge, a 45,000 employee bureaucracy subordinate to DHS and under the regulatory control of the U.S. congress. TSA cannot be expected to respond quickly to public shaming in the form of proof of concept exploit.
2. People's lives are at stake. If someone runs a proof of concept exploit and attack s some vulnerability in windows 2000 servers, maybe some customers are denied service, maybe someone's credit card info is stolen. If a terrorist uses Chris's generator and boards a plane, people die.
My overriding question is really: Who does Chris think he is? Where does he think he is? This is the U.S. post 9/11 and I, for one, am glad that not all of the energy of DHS and the FBI is going into racially profiling middle easterners. The egregiously irresponsible deserve to be prosecuted when they endanger the rest of us even when they are white and privileged.
I wish Chris the best, hopefully he will emerge from this a little wiser.
Obviously, the generator is the crux of the problem. The government isn't trying to silence those who point out flaws in airline security; they left Chris's posts explaining how to exploit the loophole. What they did was target the generator, which would make it easier for people to produce fabricated boarding passes. The crime here is not whistleblowing. The crime is aiding the subversion of our nation's security.
ReplyDeleteGranted, that's a pretty dramatic way of saying it. How much can a kiddy script do? Taking that into account, the FBI's response was nothing short of paranoic, and conducting the search at 2 A.M. seems quite unreasonable. But you never know... Somebody else already pointed this out, but I think too many of us have this crazy fantasy of being just and righteous heroes oppressed by a dictatorial leadership. That's not the way it is. The government is there to help us. Is it so surprising that it, too, is afraid?
Chris:
ReplyDeleteI'm sure the IP and comments of any and all posters to this particular forum are now being logged by the FBI, NSA, and others; therefore, the term "anonymous" really has no meaning as far as we're all concerned.
Know that there are others in your country who share your concerns; know that we do not trust our so-called "government" to keep us safe, and know that, unlike many other "anonymous" posters, I only want to see good things happen for you.
Yet Another "Anonymous" Poster.
What is happening to you is absolutely ridiculous.
ReplyDeleteNo, you play with fire often enough and you'll get burnt.
US govt is the most fucked up govt in the world.
Please point me in the direction of a better government. North Korea perhaps? Or is the the statement missing the following "except for all of the others?"
They punish innocent and scare bright students like you.
Yes US prisons hold tens of thousands of the best and brightest students the US has ever had.
I hope they understand that breaking your windows and ransacking your house and trying to scare you is not going to make AMERICA more SAFE. bastards....
No, what they attempted to do was to stop terminal stupidity. A college educated person might be incredibly intelligent but have zero common sense. That combination has proved fatal on occasion more than once in the past.
Oh, and I view most of the security measures as being little less than Potemkin security measures.
ReplyDelete-A frequent flier >2x/wk
Look. I feel sorry for you, but what you did was stupid. Look up Randal Schwartz to see a similar example where someone was trying to point out security flaws by violating security, and is now a convicted felon.
ReplyDeleteMaybe you didn't actually violate security, or even break a law. But if not, you came damned close, and you should have consulted a lawyer before you put it up in the first place.
I agree with almost everything you've said about airline security. But it was still stupid to do what you did.
As to the guy who said you're a "Benedict Arnold," yes, that's dumb, but so are the people who are comparing the U.S. to Hitler's Germany. As usual, the truth is in between. Far in between.
Also, note people, that the Congressman who called for the arrest is a Democrat, a huge Bush critic on the war on terror, homeland security, the Patriot Act, and just about everything else. For those of us familiar with Ed Markey, we know very well that this is not a Republican-Democrat thing, this is not about Bush's New World Order. This is about a legitimate concern that this boarding pass generator was going to compromise airline security, and belief that it was a violation of federal law.
There have been many ridiculous violations of law in investigating computer programmers. Chip Salzenberg's rights have been entirely trampled, and he is not alone. But I am not convinced at all that you're in the legal right here -- or that you should be -- even if you were right in your statements and intentions.
Maybe your lawyer, who (unlike the rest of us) knows the law well, will find differently.
Good luck to you.
Taking down Chris Soghoian's website does nothing for security. Any non-idiot, terrorist or otherwise, can still manufacture a boarding pass easily enough just by using the site the federal government did not take down. That site being www.nwa.com .
ReplyDeleteThe lunatics running the security asylum need to realize that ID and boarding pass checks at airports don't provide meaningful security and are a waste of resources. (Checking passengers, their belongings, and cargo provides flight security. Checking ID and boarding passes doesn't.)
Amazingly the TSA officials finally got it right for once. The TSA says this is not a threat since everyone going through the airport security checkpoint -- fake boarding pass or not -- is checked. And, ladies and gentlemen, they are right. Let's scrap the ID checks and leave the boarding pass checks to the airlines, and we'll be no worse off than already.
It's truly tiring and saddening to read the commentary in this thread.
ReplyDeleteIt's time to evolve, people. Many of us are largely capable of reacting to facts and critical thought and discussion, instead of thinking with our emotions and assumptions.
The act of searching and siezing this man's posessions in the manner they did is unecessary. It wouldn't take much to investigate him and his motives and come to the conclusion that he didn't have bad intentions. Quite the contrary, and he should be treated as such.
Those who would repeat the tired assertion that we are at war, and therefore the government is always in the right, need to step back and realize that such extremism is, on a level, no better than that which fuels suicide bombers. Not to mention, that it is a very arguable fact that we started this war. The attacks of September the 11th, 2001 were merely the other side upping the ante. You might say, going all in.
Note this, and note it well: there are no valid extremes in this world except the fact that there are no valid extremes. Nothing is black and white, figuratievly speaking. So, stop declaring enemies vs. friends, terrorists vs. freedom fighters, good vs. evil.. take situations as they come, and seek out the balance of harmony, or as close as you can get to it.
This is the best history has implied that we can hope for. And many, like myself, are capable of showing that this is wholly sufficient in many ways. We don't need to answer everything, we don't need to prove anything, so much as we need to be able to live at peace with ourselves and our neighbors.
I am not religious, I am not a hippy, or anything like that. I am just a man speaking the voice of reason.
I am also a man with the courage to identify himself with his statements. Shame on the horde of cowards that have responded thus far.
p.s. Chris, I applaud your actions and hope to see this turn out well for both you and our government.
There was no reason for them to break into his home at 2 in the morning. Would a visit during the day not have been sufficient? This guy is obviously well intentioned, though a bit naive in action, and there is no reason for this level of attack on him.
ReplyDeleteThis whole "war on terror" campaign is the biggest hoax EVER perpetuated on the American people (a lot like the ‘war on drugs’, actually). When the facts some day come out about the ISI-CIA connection to 9/11, Cheney’s Energy Task Force documents, Peak Oil, etc, etc, and enough people have become familiar with THE FACTS instead of watching Fox News maybe, just maybe, people will open their eyes a bit.
ReplyDeleteThe fact is AMERICA is THE BIGGEST terrorist state: WE are the ones who funded Bin Laden and the Mujahideen; WE funded Saddam AND gave him WMD (and tried to conceal this from international inspectors by bombing them in place in Gulf War I, which should be considered a war crime because of the downwind effects on our troops and the Iraqis); WE killed 1.5 million Iraqis with sanctions; WE killed thousands in Afghanistan (who did nothing to us); WE killed an estimated 655,000 Iraqis to steal their oil via debt based PSAs (see alternet.org); WE are the only country to have used the atomic bomb in an act of aggression; WE funded hundreds of covert operations around the world to destabilize regimes (often democratic) because they were not in our "national interest"; WE spend more on “defense” (read offense) currently than the rest of the world combined; WE used WMD on Afghanistan and Iraq in the form of Depleted Uranium and White Phosphorus (see http://www.brusselstribunal.org/DU-Azzawi.htm and watch “Falluja The Hidden Massacre”), and these are just to name a few of our genocidal exploits.
People, try to understand this, the TSA is not trying to protect anyone. It is a political agency created for damage control and spin in the “war on terror” we created, we fund, we are making ever worse. Of course they don’t care if you can get past the gate or even onto a plane, if someone did and blew himself up it would just give us an excuse to attack Iran, and believe me the Neo Cons really want to.
Fuck America, when the dollar hegemony ends this country will die in its own pile of debt, our children will be paying off only the interest on our foreign debt with their taxes.
Chris, the only crime you committed is letting other Americans know the truth about the TSA: they don’t give a shit about you or me (their job is spin and fear-mongering).
That’s just the big picture; the small picture is, get a lawyer.
what's that scibldy shit at the bottom of the attachment? is that supposed to be a signature?
ReplyDeletei've never looked at a search warrant before, but it appears punitive. i would be pissed if someone took my digital camera. BAD. give me that. you'll get it back when i say you get it back.
Tom makes a best case that can be made against the posting of this script. However he makes some fundamentally wrong assumptions in his analogy to computer security disclosure practices.
ReplyDelete1. TSA is not Microsoft, not a software vendor, TSA is a huge, a 45,000 employee bureaucracy subordinate to DHS and under the regulatory control of the U.S.
congress. TSA cannot be expected to respond quickly to public shaming in the form of proof of concept exploit.
This was apparently exposed first in Slate on February 2005!. We can quibble over the meaning of "respond quickly", but to me 20 months on a matter that is apparently of such concern to national security (so much so that a citizen has had his apartment broken into and searched by his government) is not "quick" by any stretch of the imagination.
Microsoft are very slow to respond to security reports and fix them. They're notorious. That's why the internet is full of botnets, DDoS, spam and other crap.
Microsoft employs about 61,000 people in over 100 different regions and they're still faster than the TSA in fixing problems. Sometimes when they've got really bad press they can do it in a month or two.
2. People's lives are at stake. If someone runs a proof of concept exploit and attack s some vulnerability in windows 2000 servers, maybe some customers are denied service, maybe someone's credit card info is stolen. If a terrorist uses Chris's generator and boards a plane, people die.
People's lives are at stake in all sorts of situations due to computer security. As a trivial example patients could receive the wrong drugs or care regimens if databases were corrupted. It is for reasons like this that OSHA and other federal agencies have mandatory minimum security practices for software and data.
Responsible disclosure effects everybody in all sorts of ways in out interconnected world.
Kennard P. Foster is a moron. Allowing the feds to do a "bust in at 2am gestapo" search for a grad student who exploited a long known vuln is simply horrible. A SENATOR commented on this vuln a few years ago. What stops me from taking a VALID E-TICKET and not printing the SSSS. Patching the security hole by raiding the home of the person who made a php script to exploit it is a tactic deserving of Saddam Hussein or Kim Jong-il
ReplyDeleteFor those that keep asking for the source code... remember, it's easy to render this if you have a sample boarding pass to work with.
ReplyDeleteIt'd probably be just as easy to create it yourself & post the code for everyone. How many people do you think they'd arrest / raid before they realized that ANYONE can do this and it's NOT HARD?
Let's say someone posts some new source code they created to do the exact same thing. Now, let's say 50 others published the script on their site and let people generate the passes. Do you think the FBI would raid 50 houses? I seriously doubt it. They're just trying to make an example of this. They've been bit and they're angry at looking like fools - they want revenge and they want to hurt the person that made them look like idiots.
you got what you deserved
ReplyDeleteI don't think you need to go to jail. And I'm almost sure that you will not go to jail or even serve any time. But you will feel the heat. It was dumb to post it on the net. But not dumb to expose it.
ReplyDeleteGood work.
Good luck at school.
You need to work for
Homeland Security.
Ok guys hire this one.
He seems smarter then a few that you have handing out Ideas at this time.
Alright I’ve heard enough. It seems like the only people here are tree hugging liberals and neo cons. Let the voice of reason speak. First off there is a huge security hole, thank you for pointing that out, I had not heard about it yet. However you are an idiot for the way you did it. To all the tree huggers defending his actions: Where will you be when the hole gets patched by requiring biometrics to board planes? That’s right bitching about big brother, so you are digging your own grave.
ReplyDeleteAs for the FBI what did you expect them to do? Lets say some nut job used to get past security and ended up hurting someone. That would have been on their conscious and yours but apparently you don’t have one. They don’t know you from Adam your just another nut job to them until they prove otherwise(Normal people don’t do this) They had to do their job plus if you tree huggers had read the search warrant it actually says to the agent “You are here by commanded to search” and its signed by a judge. You know that whole checks and balances thing, maybe you had a class on it in elementary school.
Well I haven’t picked on the neo cons enough yet. You all are as dumb and stubborn as the tree huggers. Bush’s war on terror has only produced more terrorists, we will be and are worse off because of it. Twenty years from now I have no doubt that he will be judged as the worst president even beating LBJ.
Chris you weren’t malicious in your intention just mind numbingly stupid. If I were you I try some remorse and stop poking the bear especially one with such long claws. Its sounds like they are being easy on you if you aren’t already in a jail cell.
Stand by what you have done and why you did it.
ReplyDeleteYou will be dragged through the muck for it. You will (and already have been) slandered, cursed, accused of crimes. You will be documented, files will be opened, your name will be added to lists. People you have never met will publicly question your love of country, family and God. You posessions have been taken, your freedom from fear destroyed, your persuit of happiness compromised. They have money, power, media access, the abilitly to turn your life into a nightmare.
But you have something they don't have. You have TRUTH. You didn't do anything wrong. They did. And they will bluster and posture and do anything they can to hide their incompetence and pin their mistakes on you.
You hold firm to your beliefs and stand by what you did and why you did it and there is nothing they can do except back down - and pay you lots of money in compensation for you mental pain and anguish.
Residing in Sweden; safe and secure... for now.
ReplyDeleteDon't let them screw you! The net be with you. :)
Man, they don't care to fix the problem, they just care to silence the ones who know the problem...
ReplyDeleteI hope, for the sake of americans and world, that you guys put some good president next...
Has anyone noticed that - as maltrich so eloquently put it - all the trolls in the last few posts are "anonymous detractors?"
ReplyDeleteAt the very least, he could throw up some kind of pseudonym.
Let me suggest, "Ostrich" - since he's sticking his head in the sand, relying on blind faith.
/I'm generally for Bush.
//But I'm more for common sense, logic, and real truth and justice.
///This kind of crap is taking us toward a police state.
////Slashies!
@meronkun
ReplyDelete"cute anonymouses.
well this is certainly the most interesting and frightening thing that could happen to me.
i think though that anonymizing tools in general are getting to be significantly useful and incredible, so that people will continue to speak their mind without these repercussions.
so no worries yet, except for this MAN himself and his new personal problems. but this just goes to show how important it is that we keep working on anonymizing networks and bring the tools to the mainstream."
I like the idea of anonymizing networks.. but just because they tic k the "anonymous" button, doesn't mean they really are, from a network point of view - they may be directly connecting.
On the other hand, someone can use a psuedonym - thus allowing their comments to be aggregated, and putting some sense of identity behind the person - while still connecting through an anonymizing service, thus having some degree of anonymity from a network point of view.
(This pseudonym is a case-in-point.)
Anonymous said...
" So you post a fake boarding pass generator on the Internet... to point out security holes, supposedly... and get are surprised that you are visited by the FBI.
Guess what, one security hole closed, moron!
5:49 PM "
Umm, no. One security hole which remains wide open, anonymous moron.
I bet that all of these "anonymous detractor" posts are actually all from the same person. I still say he could be called "Ostrich..." =:oD
Concerned Citizen said...
ReplyDelete"Stand by what you have done and why you did it.
You will be dragged through the muck for it. You will (and already have been) slandered, cursed, accused of crimes. You will be documented, files will be opened, your name will be added to lists. People you have never met will publicly question your love of country, family and God. You posessions have been taken, your freedom from fear destroyed, your persuit of happiness compromised. They have money, power, media access, the abilitly to turn your life into a nightmare..."
(snip)
I can think of a few other people throughout history who have undergone the same.. some that come to mind include:
*Galileo
*Darwin (to an extent)
*Ghandi
You don't call attention to something by exploiting it independently like this. You should have known this was going to happen, and had a legal response at the ready, and the financial capital for your legal bills. I'm no fan of Bush, but I do not think allowing people (and no, not terrorists. they're not going to use your passes) including those with bad intentions, not just kids playing a game, the ability to print out fake boarding passes was a smart idea in the first place. You should have brought this to a newspaper or something, saying you were able to board a plane with a pass you made. Don't mass produce them. That's just inviting a S&S.
ReplyDeleteSo. Wait. If you WERE a terrorist, wouldn't it surprise them that you left all your terrorist equipment lying around, like the exploding iPod, and other munitions, like your PGP key?
ReplyDeleteNo. This is why it's an over reach, and this is why it's scary. No sense of proportion can be seen or heard anywhere in this event.
What did they expect to accomplish by breaking in in the middle of the night aside from...
Oh yeah. Terror.
Nice.
The amazing thing is, is that everyone wants to blame the FBI, TSA, the Federal Government, etc etc etc.
ReplyDeletePlease keep this in mind when you're bashing federal agencies; every action and/or tool that an agency takes or has at its disposal is either approved or forced by congressional law makers.
I've read comments about how they see a police state in the future, and the federal government is one the one helping terrorist by not focusing on the real problems and just wasting tax payers money. Well guess what, if federal agencies had the tools and authority it wanted, things may actually be less evasive.
Take for instance, security screening at airports. Several posters here have said it is a joke and is a waste of time and money. That their procedures are ridiculous. Well the reason is because the tools that the government could use are not allowed because of your wonderful ACLU. Items such as backscatter technology that could take full body imagery with needing to take off your shoes, jacket, etc. But oh no its too revealing, so instead guess what now you have to walk through a metal detector and take off your outer garments. This is just one example, I could go on and on with examples. So if you want to bitch about things bitch to your congress and protest the ACLU for forcing the federal government to use obtrusive and ridiculous tactics.
As for this issue, I agree exposing security flaws is the responsibility of all americans citizens who actually care about our survival. But there is a difference between exposing a security flaw and providing the means and tools for a would-be terrorists or other criminal to actually exploit that vulnerability.
Here is an example: Imagine you are at a major art museum and you discover that one of the windows is not equipped with security sensors, therefore impossible for tampering to be detected when the museum is closed. What do you do? Do you tell museum security or do place create a web site that points out this vulnerability and then also post the alarm code. Kind of a big difference. It is the difference between being a good samaritan with great intentions and a enabler for criminals.
Why do these assholes from the FBI and all other police-like outfits have to destroy a person's home when they are acting on a search warrant. I mean they secure the location, they have the guns, they have the power, so WHY the fuck can't they simply respect their fellow citizens and search a place with destroying it? What is it with these psychopaths we pay to "protect" us? The entity known as the "government" is truly the worst kind of terrorist there is. Why? Because it can and does destroy lives at whim in so many ways that a religious fanatic could only dream about.
ReplyDeleteIn a way I'm glad you did this to show the system is not working as it should.
ReplyDeleteHowever, you should have realized (and should have from the beginning) that you could face criminal charges, since it is common sense that doing what you did is a criminal offense.
Someone states basically that anyone smart enough would realize you did this with good intentions. He's an idiot. We don't know you; the truth, you could be a terrorist--a not-too-smart one, if that were the case.
Let's see what happens.
THIS IS FAKE, here is the link to the thing to do it... check it out. http://www.dehp.net/fakewarrant/
ReplyDeleteI live in the same house as someone who was arrested. the police attained a search warrant for probable cause for this person, and went through her room and my room. are they allowed to charge me with the things they found in my room?
ReplyDeleteIt is more likely that your computers would just mysteriously "Stop working" one day because your hard drives were replaced with fake ones while you were gone. So the FBI could investigate you covertly and have the evidence already in hand when they decided to indict you. Then, you find the arrest warrent when you answer the door.
ReplyDeleteTo bad they can't just shoot you and save some tax dollars.
ReplyDeleteAs long as you're innocent you have my every sympathy. Let me tell you about my experience I had with the police recently. I’m 29 years old and a single parent to my 8 year old daughter. I work part time for a charitable organisation, study British Sign Language part time and go to church most Sundays. This is of no interest to the police as I found out on 20th July 2007 at 7am when they broke my front door down! A search warrant was issued on 29th June 2007 and signed by Justice of the Peace! I’d love to know who has informed the police that I allegedly have counterfeit money on my property. And yes, I have made a complaint to the senior management at West Midlands Police because firstly they were given information/evidence from unreliable sources and secondly the whole thing scared the hell out of me and my child! I'm glad we'd had the chance to get out of bed 10 minutes earlier and wake up a little bit before the whole scene unravelled before our eyes. Luckily my dad retired from the police force a few years ago after 30 years service, so he’s helping me with police jargon. I had to take 1 + 1/2 days compassionate leave from work just to get my front door repaired (it’s still completely knackered!). Shall I tell you what I was doing on 29th June 2007? I was preparing for a tap dance exam for the following afternoon. Which part of my life story makes me sound like I’ve been breaking the law? Hmmm. Welcome to Birmingham, UK! Let’s hope the police force can get their facts right the other 364 days - whichever country they are in!
ReplyDelete