It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


Website Produces Fake Airline Boarding Passes

page: 1

log in


posted on Oct, 28 2006 @ 02:38 PM
A doctoral student at Indiana University Bloomington has put up a website that lets anyone with a computer and a printer make Northwestern Airlines boarding passes that are nearly indistinguishable from the real McCoy. Christopher Soghoian, 24, created the "The Northwest Airlines Boarding Pass Generator" to illustrate how anyone with the right knowledge and the ill intent could do the same thing. The Transportation Security Administration says the site is illegal and that anyone trying to use a pass made on the site will also be in violation of the law.
Christopher Soghoian, creator of "The Northwest Airlines Boarding Pass Generator," knew he would be opening up a can of worms by writing the program and creating the site, but says it's the only way to show people how deeply flawed airport and airline security are.

"I don't want to help terrorists or help bad guys do bad things on airplanes, but what we have now is what we in the industry call 'security theater.' It's made to make you think you're secure without actually making you secure," Soghoian said. "As a member of the academic research community, I consider this to be a public service."

Soghoian admits that he hasn't actually tried to use one of the boarding passes yet.

"Testing this in reality could land you in Gitmo [Guantanamo Bay, Cuba]," he said, but he added that the point shouldn't be lost that anyone with a little know-how and the will to do it could get past security at almost any airport in the country.

Please visit the link provided for the complete story.

Every now and again someone does something that proves that airline security is not airtight and in the process breaks the law themselves. Most of us who have traveled by air know that we are not 100% terrorist safe and we also know that the odds of our being on a plane with terrorists is ridiculously low. However, the rational ones among us also know that we can't let our guard down completely or we will just be inviting terrorists to take advantage of our complacency.

Has Christopher Soghoian done us all a favor by posting the "The Northwest Airlines Boarding Pass Generator?"

Not in my opinion. He could have sent the code to the TSA with an explanation of just how easy it is to produce fake boarding passes, but then he probably wouldn't have gotten his name in the news, either.

Related News Links:

Related Discussion Threads:
Airline security screening problems

[edit on 2006/10/28 by GradyPhilpott]

posted on Oct, 28 2006 @ 04:18 PM
On the otherhand what're the chance's that the TSA would've fixed it right away? Having a news story on it always makes things get fixed faster. Now although I would've preferred that this guy simply made a video of it and had a friend or someone else that could be trusted go on the plane, he raise's a very good point.

posted on Oct, 28 2006 @ 05:14 PM
More than likely, if he had just sent them the code, it would have been thrown away.

I don't think he was aiming to get into the news, as much he was getting their attention. What better way to show the airports how insecure their methods are than by producing your own boarding passes? Seriously.

posted on Oct, 28 2006 @ 05:35 PM
Most of the time the only way to get bugs and spoofing methods fixed, when large corps are concerned, the only way is to expose and exploit them publicly.

99.99% of the time when you simply notify them of a problem, it gets disregarded.

posted on Oct, 29 2006 @ 11:59 AM
How is this any different then lets say the current system used by Ticket Counterfeiters? Sure the pass will get you past the TSA agents, but can you get onto the aircraft? All tickets/boarding passes are numbered and the agents punch/scan in those numbers when you present them and if they do not match those on the system or come up as being flagged stolen you are in big trouble.

I could however see a very serious problem if the individual who can make the passes had access to NW computers, but I doubt that is the case. All he has proven is that he can duplicate an item that looks like one and we all know counterfeiting has been ongoing for hundreds of years.

posted on Oct, 29 2006 @ 12:55 PM
I had to laugh when I heard this because this guy goes to the same university that I do. They also have congressmen calling for his arrest. Was he doing this for a University project?


posted on Oct, 29 2006 @ 05:49 PM
Be warned...

If you have a text editor like notepad on your computer, you have everything needed to do what this guy did. (The whole thing is about editing the html when you get an online ticket).

I wonder if notepad is now a terrorist tool?

posted on Oct, 29 2006 @ 09:07 PM
According to this article, Christopher Soghoian was visted by the FBI:

A computer security researcher who created a Web page designed to allow anyone to generate and print out a fake boarding pass for Northwest Airlines got a visit from the FBI yesterday, following public calls for his arrest by a prominent Democratic congressman.

Christopher Soghoian, a 24-year-old Ph.D. student at Indiana University's School of Informatics, published an interactive page on his Web site that produced a bogus boarding pass that could be used to gain access to an airport's boarding gate. The pass would not actually permit someone to board a plane. Soghoian said the fake pass would "allow you to sneak under the radar of the [Transportation Security Administration's] no-fly list, and while it is more complex, it will allow you to go through the TSA checkpoint without raising any red flags."

A screenshot taken from Soghoian's Web site before his boarding pass feature was taken down late Friday.Soghoian said he was publishing the tool to call attention to anti-terrorist procedures at airports that he said were designed to make passengers feel safer but did little to stop determined bad guys from circumventing the checks. He explained how a fake boarding pass might help a known terrorist evade the TSA's no-fly list:

[edit on 2006/10/29 by GradyPhilpott]

posted on Oct, 29 2006 @ 09:11 PM

Originally posted by GradyPhilpott

Originally posted by XphilesPhan
They also have congressmen calling for his arrest.

Do you have any local links?

yep I sure do

posted on Oct, 29 2006 @ 09:17 PM
hes done an excellent service. He could have sent it to the NSA, Homeland Security, TSA, CIA, FBI, AA, UA, and any other acronym that one could think of... however it would have been dealt with like anything of this manor. Hushed up, swept under the carpet and never see public eyes. Don't want to scare customers and drop stocks now do we, bad for business.

This man is an American Hero if his goal was to expose the not exactly gaping hole but complete lack of actual security, he exposed it as a sham. Iv had toe clippers taken away from me, asked if I wanted to spend $15 to ship it back.. which is like 500% more then what they cost and the skipped over a pair of scissors.. now me being obviously not a terrorist and would never even think of harming anyone it was no big deal, though I was very pissed off they stole something so obscure and ridiculous.. any plane that is taken over by toe clippers deserves to go down in a fiery ball if you ask me.. I personally don't even see how it's possible..

Anyways, had he actually SOLD one.. then he committed a crime and should serve a sentence.. it is one thing to make a statement and it is another to act on the statement by selling to a person you do not know what is going to do with your product.

Just my opinion.

EDIT: Just adding, anyone know what race this guy is? .. Hope he is not Arab that sure would be messy.. poor guy wouldn't stand a chance, never met an Arab named Christopher though.

[edit on 10/29/2006 by Rockpuck]


posted on Oct, 29 2006 @ 11:55 PM
Some updates.

Security expert Bruce Schneier wrote about this security hole in 2003.
Slate covered this security hole on feb 7 2005
Senator Schumer published directions on how to do this back in April of this year.

Rep. Edward Markey changed his mind about calling for his arrest.

On Friday I urged the Bush Administration to ‘apprehend’ and shut down whoever had created a new website that enabled persons without a plane ticket to easily fake a boarding pass and use it to clear security, gain access to the boarding area and potentially to the cabin of a passenger plane. Subsequently I learned that the person responsible was a student at Indiana University, Christopher Soghoian, who intended no harm but, rather, intended to provide a public service by warning that this long-standing loophole could be easily exploited. The website has now apparently been shut down.

Under the circumstances, any legal consequences for this student must take into account his intent to perform a public service, to publicize a problem as a way of getting it fixed. He picked a lousy way of doing it, but he should not go to jail for his bad judgment. Better yet, the Department of Homeland Security should put him to work showing public officials how easily our security can be compromised.

It remains a fact that fake boarding passes can be easily created and the integration of terrorist watch lists with boarding security is still woefully inadequate. The best outcome of Mr. Soghoian’s ill-considered demonstration would be for the Department of Homeland Security to close these loopholes immediately.

Source: Christopher Soghoian's blog

IMHO three cheers for Christopher Soghoian!!!

[edit on 10/30/2006 by Cug]

[edit on 10/30/2006 by Cug]

top topics


log in