To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39163725,00.htm

Fake airline boarding pass website shut down
Student creator gets visit from the Feds...

By Joris Evers

Published: Tuesday 31 October 2006

A website that let anyone with an internet connection and a printer create fake airline boarding passes has been shut down after FBI agents visited the creator.

Federal agents raided student Christopher Soghoian's home over the weekend, seizing computers and other equipment, Soghoian wrote on his blog. They first visited him on Friday afternoon with a request to take the site down but when he got online he found it had already been removed, he wrote.

Soghoian declined to comment for this story, citing advice from his lawyers to lie low.

A spokeswoman for the FBI's Indianapolis office confirmed agents had searched Soghoian's home as part of a joint investigation with the US Transportation Security Administration. "We will conduct a thorough and complete investigation," she said. "We are certainly concerned with any potential breach in security, particularly at the airports."

Soghoian, a computer security student at Indiana University Bloomington, built the website to underscore an airport security weakness, he wrote. The site was spotlighted late last week after ABC News and Wired News reported on it.

The FBI will present the findings of its investigation to the US Attorney's Office for the Southern District of Indiana, which will determine whether Soghoian violated any federal laws, the spokeswoman said. At this point, the student has not been charged and he has not been arrested, she added.

Got two seconds?

Make your voice heard - take our latest poll.

Soghoian's "Northwest Airlines Boarding Pass Generator" enables people to create boarding passes that appeared virtually identical to the ones printed from the Northwest Airlines website. They could be used to get past airport security but not to get on an airplane, because the airline would have no record of the reservation, Soghoian said.

He wrote on Friday: "I have not flown, or even attempted to enter the airport with one of these fake boarding passes. I haven't even printed one out. All I have done is create PHP script, which highlights a security hole made public by others before me."

The website went online last Wednesday and immediately attracted attention. Bruce Schneier, a noted security expert, linked to it from his blog on Thursday. Schneier highlighted the same issue with the print-at-home boarding passes on his mailing list more than three years ago.

Joris Evers writes for CNET News.com