FBI Accuses Researcher of Hacking Plane, Seizes Equipment 270
chicksdaddy writes: The Feds are listening, and they really can't take a joke. That's the apparent moral of security researcher Chris Roberts' legal odyssey on Wednesday, which saw him escorted off a plane in Syracuse by two FBI agents and questioned for four hours over a humorous tweet Roberts posted about his ability to hack into the cabin control systems of the Boeing 737 he was flying. Roberts (aka @sidragon1) joked that he could "start playing with EICAS messages," a reference to the Engine Indicating and Crew Alerting System.
Roberts was traveling to Syracuse to give a presentation. He said local law enforcement and FBI agents boarded the plane on the tarmac and escorted him off. He was questioned for four hours, with officers alleging they had evidence he had tampered with in-flight systems on an earlier leg of his flight from Colorado to Chicago. Roberts said the agents questioned him about his tweet and whether he tampered with the systems on the United flight -something he denies doing. Roberts had been approached earlier by the Denver office of the FBI which warned him away from further research on airplanes. The FBI was also looking to approach airplane makers Boeing and Airbus and wanted him to rebuild a virtualized environment he built to test airplane vulnerabilities to verify what he was saying.
Roberts refused, and the FBI seized his encrypted laptop and storage devices and has yet to return them, he said. The agents said they wished to do a forensic analysis of his laptop. Roberts said he declined to provide that information and requested a warrant to search his equipment. As of Friday, Roberts said he has not received a warrant.
Roberts was traveling to Syracuse to give a presentation. He said local law enforcement and FBI agents boarded the plane on the tarmac and escorted him off. He was questioned for four hours, with officers alleging they had evidence he had tampered with in-flight systems on an earlier leg of his flight from Colorado to Chicago. Roberts said the agents questioned him about his tweet and whether he tampered with the systems on the United flight -something he denies doing. Roberts had been approached earlier by the Denver office of the FBI which warned him away from further research on airplanes. The FBI was also looking to approach airplane makers Boeing and Airbus and wanted him to rebuild a virtualized environment he built to test airplane vulnerabilities to verify what he was saying.
Roberts refused, and the FBI seized his encrypted laptop and storage devices and has yet to return them, he said. The agents said they wished to do a forensic analysis of his laptop. Roberts said he declined to provide that information and requested a warrant to search his equipment. As of Friday, Roberts said he has not received a warrant.
Must hackers be such dicks about this? (Score:4, Interesting)
To anyone who has a shred of fear of flying, the game of "screwing with the pilots for laughs" is not fucking funny.
FTA, "Roberts said he had met with the Denver office of the FBI two months ago and was asked to back off from his research on avionics – a request he said he agreed to."
So he's scaring people and breaking/threatening-to-break his word, and they're being dicks to him. This may not be statutory justice, but it's poetic.
On the irrelevant issue of his research turning up vulnerabilities and the manufacturer's response being "shhhhhh, maybe no one will notice," I'd be completely on his side if he wanted to go on TV and talk about it with the world. I would contribute to his legal defense fund if he was in this for the good fight.
But if his frustration with Boeing and Airbus is going to drive him to be a fear-mongering troll, then any inconvenience caused him by the FBI seems utterly fair.
Re:Must hackers be such dicks about this? (Score:4, Insightful)
Nope... The "king", at least on parchment, in this country is restrained from this type of behavior.
Yeah, I know, this is the real world and in fact our (United States) law enforcement (executive branch) officers (and these include the FBI) shoot unarmed people with impunity and pretty well do as they damned well please.
sigh
Re: (Score:2, Insightful)
What restraint did the "king" break? They had his twitter post threatening/teasing that he might do something crappy, like drop all the oxygen masks. He was a credible threat because they knew he had the skills. They detained him. They questioned him (actual questions, nothing with a rubber hose), and they let him go.
Holding onto his laptop to see if they can get a judge to give the a warrant is standard procedure. They held onto my stolen sound system for 4 months in an evidence locker because the DA
Re: (Score:3)
As of Friday, Roberts said he has not received a warrant.
It doesn't sound like it should be too hard for them to obtain a warrant, based on his own actions/tweets while on the plane employing said computer equipment.
The real question then is does he comply or take the 5th? Compulsory password divulgence is not yet well-settled case law in the USA.
Re: (Score:2, Insightful)
Warrants are soooo 20th century. We don't need those anymore, all we need to do is call you a 'terrorist' and all that goes away.
Re: (Score:2)
One of the steps of obtaining a warrant is stating what you're going to be looking for. "Something that can hack an airplane" is really vague, which probably explains why law enforcement is talking to the airplane manufacturers, so they can refine their search.
"Where do you want to look and for what?"
We want to look on his computer for evidence of hacking activities against an airplane.
It's just like saying, we want to look in Joe's house for evidence of drug dealing (drugs, cash, lab equipment, weapons, etc).
Re:Must hackers be such dicks about this? (Score:5, Insightful)
The cops get a warrant and go in to Joe's house looking for evidence of drug dealing.
There is a bottle of drain cleaner under Joe's bathroom sink. Near his computers they find a digital scale, a bottle of 99% ISA alcohol, a bottle of acetone, and a few glass bowls.
The drain cleaner is for getting hair out of the shower. The ISA and acetone and the Pyrex bowls are for cleaning and refilling print cartridges.
The lot of it is put into a box and paraded into court as Joe is charged with "intent to manufacture controlled substances".
Re: (Score:2)
The lot of it is put into a box and paraded into court as Joe is charged with "intent to manufacture controlled substances".
Yes, and that gets settled during the trial phase to the standard of "reasonable doubt." It has no bearing on the search phase.
Re:Must hackers be such dicks about this? (Score:4, Insightful)
Meanwhile the home was seized under asset forfieture and the police have sold it for their share of the profits before the trial ended. Too bad, Joe. Better luck next time. Maybe you can bid on your car, since that auction is still pending.
Re:Must hackers be such dicks about this? (Score:4, Funny)
But that part's okay - the house was clearly guilty of containing suspicious items, and declined to plead innocent of criminal intent at trial.
Re:Must hackers be such dicks about this? (Score:4, Insightful)
You really don't understand how the requirement for a warrant works, do you?
Holding onto his laptop to see if they can get a judge to give the a warrant is standard procedure.
False. The police need a warrant *before* they can seize property. Read the 4th Amendment.
They held onto my stolen sound system for 4 months in an evidence locker because the DA was pressing charges against the burglar and they needed the evidence. I REALLY hadn't done anything wrong, but that's how that part of the legal system works, if you don't like it, vote to change it.
They recovered your stolen property from the burglar, and held it as evidence. It was seized and held as evidence pursuant to a warrant issued on the *burglar*.
They would not, for example, have been able to seize *from you* the TV the burglar *didn't* steal and hold it until they got a warrant.
Re:Must hackers be such dicks about this? (Score:5, Informative)
I know that seems logical, but that's not how it works.
For the moment, accept the notion that threatening people with scary behavior (O2 mask dropping) is a crime. Be real, it's a crappy thing to do. Then the laptop is the tool used (threatened to be used) in the commission of that crime. If the O2 masks were triggered on a Morsecode interface, and he had a morse code key, they would take that too. They can hold that evidence until the DA decides to press charges. No, they can't come into his home now and take things, but what other tool would he be using to commit the crime with?
If he was waving a pitchfork around threatening skewer people's luggage, they'd have the pitchfork in evidence. If you slam a cream pie into an official's face, they'll hold onto your pie plate.
He has every right not to reveal his password, and if they try to keep his laptop after the court system is through with case, this is wrongful seizure. But while the legal process is working, the pitchfork, the pie plate and the Macbook are going to get to know each other a little better.
Re:Must hackers be such dicks about this? (Score:5, Insightful)
I don't think they need a warrant at all to seize his laptop. Warrants attest to the "reasonableness" of a search. The 4th amendment protects from "unreasonable search and seizure."
Officers can seize any evidence of a crime that is in plain sight when they are somewhere they are authorized to be.
The officers were fully within their authority to board the plane, and probably did so with the permission and appreciation of the plane's owner and the pilot. There, in plain sight, is the laptop of the person who announced to the world that he was considering tampering with the flight computers. Why would they need a warrant to seize the tool with which he said he might do so?
Replace "tweet" with "stand up and announce" and "laptop" with "metal pipe" and the story becomes "Man stands up in aircraft cabin and announces he 'could disable flight instruments' with metal pipe." Not that he necessarily was going to. Just that he could...and he's got to the tool to do so right here...kinda maybe thinking about it...
How would it be "unreasonable" to seize the man's metal pipe on the spot? No warrant required.
Re:Must hackers be such dicks about this? (Score:4, Insightful)
Common sense at this level is why we need a score of 6 - Application of Common Sense. Point is spot on. When you are arrested, everything on your person, etc... is fair game. No need for a warrant to seize the laptop and such. Now, get the password is likely a court order.
Re:Must hackers be such dicks about this? (Score:4, Informative)
Here is the tweet [twitter.com].
Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)
To me that is not a comment about airplane security but a threat to tamper with airplane operations. Making a comment is legal making a threat is not.
Re:Must hackers be such dicks about this? (Score:4, Insightful)
Where's the specific articulated threat? "Should we start playing" is not a threat. Especially not in context with the tone of the rest of his tweets. Making a joke is not a threat or a crime.
Re: (Score:3)
Only because it's socially unacceptable to even joke about that / most people don't find that very funny / some people may not recognize it as a joke, and it can cause panic since the joke is too "believable", so even jokingly it's a terrorist threat.
On the other hand..... "Dropping O2 masks"; isn't the same.
Even if it's not a joke: how exactly is that life-threatening?
Dropping O2 masks falsely would be property damage for the airline, since now they would incur additional expenses after the flight
Re: (Score:2)
Well, I do have a tool that can be used for rape, and I'd be able to rape someone if I wanted. By your logic, they should cut off and seize my tool.
Re: (Score:2)
Sounds like a Terroristic threat [uslegal.com] to me.
No, you may not excuse threats against passenger aircraft, whether by bomb or by hack, with a smiley emoticon. When you make such threats, your bomb or hacking tool may be seized by law enforcement.
Re: (Score:2)
So naturally, they allowed the flight to continue to it's destination to give him the maximum possible time to do the bad thing (which never happened) because they truly believed he would do it, right?
The fact that nothing at all actually happened is purely immaterial, I suppose?
Now, turn in your Jr.g-man badge.
Re: (Score:2)
If you are ABLE to be a hooker, detain you? (Score:4, Funny)
> HE claimed he was able to hack the plane. That would be a potentially very serious public safety issue. It is only right that they question him and search his equipment to see if that is true.
I hereby claim that I have hands, therefore I am able to stab someone. Should I be detained and my property seized because I am ABLE to commit a crime? 50/50 chance you have the skills and equipment to be a hooker. Therefore you should be treated as a hooker?
Re: (Score:2)
50/50 chance you have the skills and equipment to be a hooker. Therefore you should be treated as a hooker?
I'd say that the chance is just about 100% -- not all prostitutes are female.
Re: (Score:2)
Situational.
The government does NOT do jokes about fucking with airplanes.
I guarantee you that if you were walking around an airport with a knife talking about how you COULD stab then you'd be detained. And they'd probably keep your knife.
Re:If you are ABLE to be a hooker, detain you? (Score:5, Insightful)
You need more than hands to stab someone. You also need a knife.
If you stood up in the aircraft cabin and announced that you had a knife and "could stab flight crew," yes, your knife would be confiscated.
Similarly, if you announce that you "could start messing with flight controls and indicators" in a cabin of an airplane, with your laptop, yes, your laptop should be confiscated.
Re: (Score:3)
This knife comparison is fucking stupid.
There are hundreds of people walking around with laptops, and the laptops all passed through security with no reason not to pass them though.
There are how many people in the terminal with a knife? Few to none. How many people were allowed to bring one? None.
There isn't a very good analogy here. Shoe + threatening to kick people in the nuts? Water+towel and waterboarding threats?
The real point, IMO, is that, AFAICT, he was not threatening to do it. He was saying it was
Re: (Score:3)
But it's the exact kind of tool with which one would carry out the threat he made. And TFS said they seized his "storage devices" also. I would not be shocked if they took his phone, and for the same reasons. Actually I'd be shocked if they didn't.
Your analogy is even more torturous. You said "acquaintance." But he didn't say this quietly to someone who knows him. He broadcast it on twitter. To anyone who happened to be reading.
And if someone on my plane did start talking about making weapons and stabbing p
Re: (Score:2)
I hereby claim that I have hands, therefore I am able to stab someone. Should I be detained and my property seized because I am ABLE to commit a crime?
If you threaten to stab someone, that's called "assault" and it is, indeed, a crime for which you can be detained and a large knife in your possession at the time will be confiscated.
Re: (Score:2)
The sovereign. In this case it's an abstraction, but sort of exists in law. You can sue for constitutional violations because the country has waived sovereign immunity in a statute (law).
Re: (Score:2)
To anyone who has a shred of fear of flying
should never go on a plane EVER because they are liable to "lose their shit". if you cannot maintain your composure over an irrational fear, STAY HOME.
So he's scaring people and breaking/threatening-to-break his word,
seriously? the only people that should be afraid here are the people that would be embarrassed because they can't even secure their own planes and the government that approved the planes in spite of it. the real crime is possibly embarrassing the government.
But if his frustration with Boeing and Airbus is going to drive him to be a fear-mongering troll,
fear-mongering, really? what do you have to fear, exposing the truth that systems are insecure?
Re: (Score:2)
... to be fair, you're sitting in a thin metal tube in the fucking sky, hurtling along at speeds men were never designed to go. You're also cramped in, uncomfortable and it's loud.
I don't know about you, but if my fucking plane popped a bunch of oxygen masks out, i'd freak out. If i was in the air, i'd be like, holy shit, something went really fucking wrong. If we were already on the ground, it'd really make me question the maintenance on all the planes in the fleet. So yeah, scared.
The people on his fl
YES the must be dicks (Score:2, Insightful)
He did *NOT* screw with the pilots. He jokes about hacking the aircraft system to his followers who are smart enough to know a joke.
If being nice means not investigating security holes, then yes, he needs to be a dick, at least in some peoples eyes. Imagine if the QA in a software company didn't dig too hard for bugs because it upset the programmers?
It's not illegal to be a dick and often quite necessary. He should not have to watch his words for fear some moron FBI agent might be reading.
Re:YES the must be dicks (Score:5, Insightful)
Re: (Score:2)
He said "should I..." not "I am...", or even "I will..."
QED: There is no criminal negligence, since he's not done anything or even threatened to (save for sufficiently large and fear-fueled values of "should")
Re:Must hackers be such dicks about this? (Score:5, Insightful)
For FIVE years he has be stating, as well as others, that there are serious issues with this. For FIVE years. F that. The jokers are the FBI. We don't care about peoples lives, we care about the perception that there is terrorism and that we are receiving the necessary funds to enrich ourselves with. It's funny! Very Funny to me. We spend great sums of money to arrest people who do our work for us, who pose no threat but we do NOT fix the threat. We do not spend any money fixing the threat.
A real terrorist would not post to twitter until after the plane was down. When are we gong to wake up? When there is another 9/11?
After they finished with him the FBI should have gone over to Boeing and Airbus and detained the executives and seized their equipment to verify if the allegations were true. If they are true then they should ground all Boeing and Airbus vulnerable airplanes.
This in not about securing America, this is about terrorizing America so more funds can be spent on protecting Americans. When a plane goes down they can say see we need more funds.
Re:Must hackers be such dicks about this? (Score:4, Insightful)
It's like how a real terrorist would not joke about a bomb at an airport. But someone who does is detained or arrested, and time is spent by TSA that could be better spent looking for real terrorists.
Re: (Score:3)
People make jokes in stressful situations. Bombing a plane is a stressful situation. Which makes it entirely plausible that a bomber would joke about bombing.
Of course, it's *stupid* for him to joke about bombing and call attention to himself, but criminals get caught by doing stupid things all the time.
More dicks please (Score:5, Insightful)
Roberts has been demonstrating vulnerabilities in the avionics systems used on modern airplanes for the past five years, warning that modern planes have converged critical systems and non-critical systems such as in-flight entertainment and wi-fi in ways that create serious security and safety risks.
He isn’t alone. Ruben Santamarta a Principal Security Consultant for the firm IOActive demonstrated at the 2014 Black Hat Briefings how satellite based communications devices (SatCom) used to provide Internet access to planes in flight could be used to gain access to cockpit based avionics equipment. Brad “RenderMan” Haines has also demonstrated methods for moving from in-flight entertainment systems to critical control systems aboard planes.
If plane manufacturers are putting in-flight entertainment systems on the same network that a planes control systems are on, then Roberts are doing the public a great service by exposing this horrible security debacle.
Re: (Score:3, Informative)
a) The plane manufactures aren't creating a vulnerability; yup, commercial internet equipment is vulnerable. Big surprise. However, the assertion that it creates a vulnerability in another system is just bullshit. However, I know a hell of a lot more about avionics design than the average slashtard, so the retardedness spewed here is understandable. Small example; there is no dynamic memory allocation on flight safety critical systems.
b) To the FBI's level of understanding, the guy demonstrated a) intent, b
Re: (Score:3)
Roberts are doing the public a great service by exposing this horrible security debacle.
But joking about possibly taking down a flight (which by all accounts he could possibly do) is no joke.
This guy needs to maintain some professionalism.
This is the same reason you can't scream "fire" in a movie theatre
Re:Must hackers be such dicks about this? (Score:5, Insightful)
"Don't look behind the curtain" is not security, however much it gives you the warm and fuzzies.
So he's scaring people and breaking/threatening-to-break his word, and they're being dicks to him. This may not be statutory justice, but it's poetic.
Unless he "agreed" to it in the context of a consent decree, that conversation has no more legal binding than agreeing to "keep your nose clean and stay out of trouble". Sorry if that scares you, but we all have the right - and in this case, I would dare say a moral obligation, to expose security flaws in commercial air travel.
If this really bothers you, try venting your ire at Boeing, not at the messenger.
Re: (Score:2)
... Unless he "agreed" to it in the context of a consent decree, that conversation has no more legal binding than agreeing to "keep your nose clean and stay out of trouble". ...
Might be more rules with the police, but at least with private parties in Colorado a verbal agreement is a legally binding contract.
Re: Must hackers be such dicks about this? (Score:2)
Roberts has presented on this topic at multiple conferences, has spoken to the media about this, recently, and was on his way to present to the FBI (again) about airplane vulnerabilities. He has done responsible disclosure. He is a trusted source of information on this topic for the Feds. This is a right hand not knowing what the left hand is doing situation.
I know Chris. He is a good person who cares about the right things being done to make everyone safer. One tweet laughing in the face of the absurd resi
Re: (Score:2)
So he went on record months before to approach the airline. Next, he tweets blatantly scary "what if" kinda things FROM A PLANE. Snoops snag the message, then snag him, snag his encrypted laptop, ask for keys, to which he says "warrant, or GTFO".
Maybe getting captured was part of his plan? Maybe he's gunning to get legal precedent set on the issue of crypto, passwords, the legal process, and self-incrimination. Bonus points for possibly exposing just how people are monitored online and if the feds can p
Re: (Score:2)
No, none of that. He tweeted. That's it, just a tweet. A spit in the ocean if you will. He didn't mess with the pilots or frighten the other passengers. As far as we know, he didn't belch obnoxiously or fart during the flight either.
If the feds ACTUALLY believed he was hacking the plane, why did they wait until it landed to do anything? Shouldn't they have ordered the plane to make an immediate emergency landing before something happened?
Re: (Score:3)
To anyone who has a shred of fear of flying, the game of "screwing with the pilots for laughs" is not fucking funny.
Your fears are your problem and do not constitute an excuse for irrational response.
Twitter comments were not known to anyone on the flight. Those who would have normally followed his comments would be his hax0r buddies who understand context and are familiar with issues.
So he's scaring people and breaking/threatening-to-break his word, and they're being dicks to him. This may not be statutory justice, but it's poetic.
Being a dick to LEA who is threatening you to back off when they are in the wrong... Sorry I don't see the issue.
All they are doing is discouraging research and attention making the industry less safe and more likely to allow Manufacturers
Re: (Score:2)
Re: (Score:2)
Re: (Score:2, Insightful)
Granted, they are guilty of some of the worst fear-mongering ever...
That said: :)"
"Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ?
That's really uncool. If he carried out that threat on a flight where my Mom came to visit, I would have to spend my entire Thanksgiving talking her out of an anxiety attack.
Would it still be funny if someone on the plane died of a heart attack? Screwing with people for who have a fear of flying is t
Re: (Score:3)
"The FBI doesn't have a sense of humor that we are aware of, mam."
Interesting.... (Score:2, Interesting)
Humerous?` (Score:5, Insightful)
Looks like he threatened to turn on the Passenger Oxygen Light (as someone with the skill and tools to do it that's not an idle threat), Nothing that would cause a mass panic on a plane or anything like that. I mean you post a public comment like that I would far more surprised if the FBI didn't forcibly remove you from the plane. The article itself seems very biased as well.
Re: (Score:2)
Re:Humerous?` (Score:5, Insightful)
Re: (Score:2, Insightful)
A better analogy would be a professional chemist openly musing about hwo he could readily make low-order explosives from the in-flight alcohol selection.
Re: (Score:2)
Ammonia & iodine together make a low-order explosive. And color you purple. Fun trick to play on your friends.
Re: (Score:2)
I was at a friend's house. Put it on front & back porches. Called another friend to come over. End result - high heart rate for friend and purple shorts.
Re: (Score:2, Informative)
What's the difference? A bomb has the potential to destroy the plane and kill everyone on it. A spurious warning message on a cockpit display has the potential to divert the plane to an alternate airport (although my guess is they would just look into the cabin, see that the oxygen masks hadn't deployed, and continue as scheduled).
Re: Humerous?` (Score:5, Insightful)
You wouldn't find what he did the least bit threatening? Somebody on the plane you're on musing aloud about how he could disable parts of the flight systems?
I wonder if the FBI agents "mused" about how they could just "shoot him in the head." Just musing, of course. Not like they're actually going to do it. Just, ya, know, they could...
And I bet if they had, you'd be right here talking about how RIDICULOUS and TERRIBLE and UNPROFESSIONAL it would be for them to have done so! That's life and death stuff right there! And how would he know if they really would or not?
But they were just kidding, so it'd be fine, right?
Re: (Score:2)
In the case of this guy, saying something like this shouldn't be a crime. No one panicked. No one was hurt. Nothing was destroyed. Nothing happened. Had he gone through with it, that constitutes a crime.
When something can't be said out loud, we can no longer have a reasonable discussion
Re: (Score:2)
Is it true the public facing entertainment network is connected to the aircraft's avionics? That seems fucking insane!
They aren't. This is an idiot trying to make a joke after the report from the FAA came out the other day.
Re: (Score:2)
No, that's kind of the point of his joke.
Well, that and the level of stupidity it takes to believe something like that.
Well (Score:2)
Since when.... (Score:4, Insightful)
do we call assholes "researchers"? This guy is nothing but a grandstanding asshole. You dont make comments like that and you dont do the FUD slinging that he does after getting denied.
Researchers do real work and publish their findings for peer review, not act like a street cred seeking HAx0r trolling for Lulz.
Re: (Score:2)
Sorry Lumpy, asshole has nothing to do with job title and it is common in just about every field. He was also unprofessional but since he founded the research firm he works at I doubt he will be fired.
Re: (Score:2)
Re:Since when.... (Score:5, Insightful)
Re: (Score:2)
It is still wrong to seize his equipment without a warrant, or am I missing something here?
A couple of things. If they have probable cause to believe the computer has evidence of a crime, for example, they can certainly take it (although not necessarily search it) without a warrant, at least if they're legally wherever it is. There's also a diminished expectation of privacy at the airport.
If all he said was "I could do X," he might have reasonably good grounds to sue, although as the general consensus even on *slashdot* seems to be the guy was acting like a jerk, I don't know that it's a good t
Re: (Score:2)
They clearly have nothing. Note that they didn't think it was important enough to have the plane land early (like they surely would if they actually thought he was going to do something harmful). If they had anything more than the tweet, they should have had no problem getting a warrant by now.
Re: (Score:3)
Standard procedure. Every time. If something MIGHT be involved in a crime, the first thing law enforcement is going to do is put that thing someplace where they can prove provenance. It can be annoying and law enforcement over reaches at time, but I have a hard time getting mad at the FBI for this one. Especially the field guys - they aren't doing the detailed forensics or anything, they are just their to make sure that the scene is safe and secure.
Pit Bull (Score:3)
Re: (Score:2)
Except my pit bull just gently looks a dogs while other dogs in the park try to show of their manly hood with the other dog owner asking me if my dog is gentile. LOL well let your unfriendly god get a bit more closet and we'll find out. Oh did I mention those dogs are off leash?
Re: (Score:2)
let your unfriendly god get a bit more closet
Funniest typo all day.
Re: (Score:2)
The previous typo was pretty sweet too:
asking me if my dog is gentile.
Re: (Score:3)
Re: (Score:2)
Re:Warrant after probable cause established? (Score:4, Insightful)
This guy is showing ignorance of the law. He gave them a reason to believe he did something wrong, and then wants a warrant? First, the warrant will be rubberstamped based upon his comments, but second, they don't need a warrant once that is established.
They need a warrant to search the contents of the computer. They do not need a warrant to confiscate and hold the equipment while they decide what to do.
Re: (Score:2)
Nope. When they landed in Syracuse, they were in the 100 mile "Border Zone" where the government has declared they can seize any electronic equipment, for any reason.
Re: (Score:2)
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures...
A security researcher who studies airplane security saying that he plans on hacking the airplane security while he's physically on said airplane.
How is taking his electronic devices "unreasonable" in this instance, particularly when you're waiting for a warrant to be issued?
Re: (Score:2)
They need a warrant to perform any search or seizure—the warrant is the authorization to perform the search or seizure; you can't have one without the other. It isn't "either the search is 'reasonable' or you have a warrant", applying for a warrant is how you document that the search was reasonable in the first place, by providing probable cause supported by oath or affirmation. A blanket authorization for so-called 'reasonable' searches and/or seizures is just another way of issuing an unconstitution
Re: (Score:2)
But they don't need a warrant to seize the laptop. It's in plain sight of officers in a place they're authorized to be (the airplane). If he had been musing about smashing the plane up with a crowbar, they wouldn't need a warrant to seize the crowbar when he's still carrying it on the plane, either. Now, if they hadn't got him on the plane, and he had instead gone home, and they wanted to search his home for the laptop then, yes, they'd need a warrant.
Warrants are not required for searches. All that's requi
Re: (Score:2)
No, actually he didn't give them a reason. He made a joke they didn't find funny. Had they actually believed he was going to cause a problem, why did they wait until the plane landed (after an uneventful flight) to harass him?
Schoolboy error (Score:5, Funny)
“Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? “PASS OXYGEN ON” Anyone ? :)”
His mistake is obvious. He used a smiley face instead of a winky face.
Just another example (Score:2)
of what Bruce Schneier would call "security theater".
It's about the PR, not the Hacking (Score:5, Insightful)
This guy who fancies himself a "aviation hacking expert" goes around the country giving lectures on all sorts of things he sees as "risks" in all sorts of things just got himself in trouble by saying stupid things at the wrong time. It's like a security expert who gave talks about preventing Hijacking was talking about his presentation as he goes though the TSA checkpoint or with the flight attendant. Somebody took exception to the topic being discussed because of the context (he was actually ON an airplane at the time) and in the abundance of caution he was detained and questioned. I'll bet he never attempted any hacking, much less validated any of his perceived risks, most likely he made some inane statement like "I could hack into this plane and cause .... to happen" which got the attention of the flight crew who called the FBI who stops him as he gets off the plane.
But NOW this guy has a PR angle to play. And why not? Here is some self proclaimed "expert hacker" who has even been questioned by the FBI about possible hacking attempts and had his electronic devices taken in the process while he was on his way to give a talk on the very subject. Play that up, get more speaking gigs by playing up your qualifications.
This guy has nearly zero credibility with me. He's never really tested any of his theories on real equipment, doesn't work for anybody who would have access to the actual design specifications. Never worked for Boeing, Airbus or any avionics manufacturer. Has never demonstrated any successful attack and to my knowledge hasn't even attempted to hack anything. About all he has are a series of power point presentations that outline a lot of perceived risks he's come up with, but never verified, yet now he's the subject of international news? I sure hope he wasn't stupid enough to actually have tried his theories out on an actual commercial flight because the FBI is going to make an example of him if he did.
This guy's angle is all about milking the PR now. He's hit the short term jackpot and will be the featured speaker at "aviation security" conferences and I hope he makes some money. He's going to need it to pay the lawyers. However, IMHO, he's a nut job with power point skills and very little actual knowledge. He's just some lucky nut with a big mouth who fancies himself an expert on some issue that happens to be the news story of the day.
Re: (Score:3)
He's never really tested any of his theories on real equipment
That you know of. Looks like they don't want him testing anything in the real world or not..
Never worked for Boeing, Airbus or any avionics manufacturer.
They appear to not want anyone looking for vulnerabilities in their systems either.
Has never demonstrated any successful attack
I'm guessing the first person who does will not do so in a friendly way. And everyone will pretend to be surprised.
Re: (Score:2)
If you want to construct a conspiracy theory about this guy and the government trying to hush all this up, what can I say but "you are nuts!"
He doesn't know anything, he just has a good story, a big mouth and some power point slides.
IF he actually DID try something, I have visions of him running the IIS hack scripts from 10 years ago or port scanning whole network segments while sitting back in a 23B trying to keep the guy in 23A from watching the screen...
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
He has no experience with aircraft systems, only theories about them based on his network security experience over the last 5 years? Now if he was an actual avionics engineer with experience on any kind of avionics system, or had actually performed tests of his theories on actual hardware in the lab, I'd be a bit less condescending towards him and his theories. However, as this stands, he's no more qualified than the GAO when they made their claims about the FAA sacrificing flight safety for similar reason
Re: (Score:2)
This guy's angle is all about milking the PR now. He's hit the short term jackpot and will be the featured speaker at "aviation security" conferences and I hope he makes some money.
I understand the publicity angle, but it will be difficult for him to be the featured speaker at many conferences if he ever gets on the no-fly list.
I can hack the planet Mars (Score:2)
I also plan on hacking the Atlantic Ocean and renaming it to the Great Eastern Ocean. This hack is so powerful that even paper maps will spontaneously change to reflect the update.
"Security experts" can sometimes be idiots (Score:5, Insightful)
Up front, let me say this guy does have a point. Avionics systems were never designed to be secure, since the technology for unauthorized users to access them didn't exist when they were developed. If you're an Airbus designer building the A320's core messaging bus back in the late 80s, do you assume people are going to have wireless network access and phones with the power of laptops in their pockets? Of course, you do now...but not back in the 80s. And once an aircraft system gets certified, changing it is an extremely drawn out process, hence the inertia. If you want another example, look at magstripe credit cards -- another system where, when it was invented, magnetic readers/encoders were "magical devices" that only huge companies could afford, so therefore there was no encryption.
Now, that said, there are way better methods for getting the word out on stuff like this. I'm assuming he already went to the vendors on this, but if he acted anything like what he displayed here, they may have just ignored him as a crackpot. If the guy doesn't have a lot of emotional intelligence, it can significantly impact his credibility in the eyes of the "normal" population. That seems to be a problem with a lot of the security types -- they're obviously very intelligent and spend vast amounts of time digging around in the internals of the systems they're hacking. When it comes time to communicate this knowledge to others, they can do so in ways that might get them lumped into the "nerd living in Mom's basement" camp, deserved or not. Threatening to demonstrate your latest find in a live environment would certainly not be my first choice. Imagine if he had turned on the passenger oxygen warning -- air crews don't go back and check whether a warning like that is legit or not. Pilots follow checklists, and I would imagine the first thing they do is descend very quickly to a safe altitude just in case the cabin actually did depressurize!!
Within 100 miles of the border. He's got no rights (Score:3)
Syracuse is, as the crow flies, within 100 miles of the Canadian border. His equipment belongs to the US government now.
Dude! Only the Blackstone Group and Carlyle Group (Score:2)
Simple Fix (Score:2)
Disallow in flight Wi-Fi. Problem solved.
We've flown for years without it, never had an issue. Try reading or something. . . . it works. . lol
You know the companies aren't going to disclose any security vulnerabilities since it would cost them to ground the planes. Many times you'll get ignored when trying to bring an important issue to light. This is because Profit > Safety. Only when Fines / Lawsuits > Profit do recalls happen and problems get fixed.
If you can't get the owners of the Airlines
Re:This story too vague (Score:5, Insightful)
If they have proof he hacked into the avionics via the inflight WiFi, the aircraft equipment companies should be in HUGE trouble.
Re: (Score:2)
If they had actual evidence as they claimed, he'd be in jail right now and facing arraignment.
Dear reader: let that one sink in for a moment...
The 1970s called... (Score:2)
Maybe they should be hiring him to help consult on how to secure the systems instead of trying to intimidate him and silence the truth?
The 1970s called, they want their common sense back.
Re: (Score:2)
The terrorists hate us for our freedom
So the solution is to take them away until the stop attack then right?