The FBI seized equipment from noted security researcher Chris Roberts on Wednesday, alleging that Roberts may have tampered with the systems aboard a United flight to Chicago. Roberts denies the claim.
Chris Roberts (a.k.a sidragon1), a leading researcher delving into the security of airplanes, was pulled off a plane in Syracuse, New York, on Wednesday by the FBI and questioned, apparently over concerns that he attempted to hack into critical systems aboard a United flight earlier in the day.
His laptop and a variety of external storage devices were confiscated by the FBI, which said it wanted to determine whether Roberts, an authority on security vulnerabilities in modern aircraft, may have accessed sensitive systems on a flight from Colorado to Chicago earlier in the day.
Roberts is the founder and Chief Technology Officer of One World Labs, a security research firm.
In response to mentions of his earlier research on Twitter, Roberts, using the @sidragon1 handle, had tweeted about his ability to hack into in-cabin control systems on the Boeing 737.
“Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? “PASS OXYGEN ON” Anyone ? :)”
(Score: 5, Interesting) by anubi on Sunday April 19 2015, @05:44AM
The more I look at this, the more I think Chris should be working with avionics equipment suppliers to probe vulnerabilities. An in-flight airliner is not a safe place to be running vulnerability scans.
Being I have had the "pleasure" of working around aerospace management types before, I am quite aware of the old adage that it is better to beg for forgiveness rather than beg for permission; as one who spends his days begging for permission gets little done and warrants being laid off for being non productive.
I think I see whats going on here... Chris seems like one of these guys too bright to work in a corporate arena, where he supposed to be under control of some manager whose skills are in controlling people, not systems analysis. So he has to run alone and do his own thing. I have seen a lot of people who "have issues" working for others trained in "leadership" skills.
But the more I think of this, I would not want to be riding on a live flight knowing someone is deliberately trying to test system security, no more than I would like someone monkeying around with the computer controlling the heart-lung machine during an operation being performed on me.
Maybe confiscation of his stuff was the only way to stop him from doing his thing?
I respect drive in someone to get something done, and I hate like the dickens to try to kill it off - we already have plenty of management skills that are really good at doing just that. A live flight is not the place or time for system penetration testing.
But come down hard on him for it? I would much rather have the two working together. In the open. We already have way too much stuff sequestered in various war chests awaiting the day they are needed, and having yet more tricks to cause havoc kept in someone's secret trick warehouse is not what we need. I do not want to shoot the messenger... he's gonna do far more good .. but please penetrate-test where no harm can possibly come from a failed attempt.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2, Insightful) by Anonymous Coward on Sunday April 19 2015, @06:30AM
What about the next guy who is not a famous security researcher? The focus should be the planes, not the guy.
But it's all simple economics. Airlines don't give a shit about security or transporting people or anything else but profit. If flaming planes come down every day, no matter as long as people keep using their services. Capitalism at work.
(Score: 5, Interesting) by frojack on Sunday April 19 2015, @06:56AM
But come down hard on him for it? I would much rather have the two working together.
Hard? He walked away. His gear is getting the once over. Not so much as a wrist slap.
Doesn't sound anything like Hard to me.
What I would be really pissed about is if the authorities DIDN'T seize his gear, and dig into it deeply. Make him explain every line of code. He already tweeted about it, and was apparently on the FBI's radar already. Guy had means and opportunity, and tweeted a motive.
Why is it that everybody here completely believes in Boston Brakes. But let the guy be a self professed "hacker" and suddenly he can do no wrong?
Let him go find someone who will let him play with an airplane on the ground. If he can't sell it to some private fleet company that typically has planes sitting around waiting for customers.
No, you are mistaken. I've always had this sig.
(Score: 1) by anubi on Sunday April 19 2015, @07:20AM
Yeh... looking back at the article and thinking it over more - you have a far saner take on it than I did at first reading.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 1, Insightful) by Anonymous Coward on Sunday April 19 2015, @07:33AM
Yes, how horrible it would be if government thugs didn't seize his gear. The bogeymen might get us!
(Score: 1) by anubi on Sunday April 19 2015, @08:09AM
Like Frojack just said... I am pleased they did interfere.
From what I read, I would think there is no criminal intent. Just curiosity. And a desire to develop saleable knowledge.
The most important elements are already in place: no criminal intent and curiosity. Given permission and opportunity, knowledge quite helpful to "our side" is likely.
Denied permission and opportunity, none of us will benefit from his studies.
Curiosity seems so rare in us these days... seems most us are far more interested in "the game" or what the latest celebrity fad is doing. I know my most useful things came out of someone else's curiosity and research. Nothing I have of any value came from "the game".
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by kaszz on Sunday April 19 2015, @09:44AM
What do you mean by "the game" ..?
(Score: 1) by anubi on Sunday April 19 2015, @10:14AM
Mostly sports. Seems everytime I see someone getting excited about something, its something to do with sports scores. If its not that, its some celebrity.
Very seldom do I see someone's "entertainment" originating from within themselves. It seems like we have been trained to expect others to entertain us.
Sitting in a noisy stadium for several hours would be pure torture for me. I'd rather take a nice long walk.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by kaszz on Sunday April 19 2015, @10:49AM
I'd rather be in a room filled with computers than one filled with bat crazy "fans" .. ;)
(Score: 0) by Anonymous Coward on Sunday April 19 2015, @11:59PM
It's like that Eminem song 'Rap Game' only it's about the assinine 'security scene' amd manuevering around in it. Alternately it is about 'outsmarting' but that's not a fair interpretation anymore - like bringing nukes to a shootout and your own camera crew. Nice attempt at a cover but I had to say it like it is. Almost everybody now seems to be in it for 'the game', which often also means inventing bigger and worse enemies out of thin air these days.
(Score: 3, Insightful) by bziman on Sunday April 19 2015, @02:31PM
I'm much more afraid of unlimited government power than I am of security researchers.
Airline, network, and most other security remains a joke, and the only reason that it hasn't been exploited on a large scale is that there just isn't a serious threat. You'll get the ocassional crazy, but most of them fail because of their own stupidity and the rest get through... it's not worth destroying our way of life so you can feel safe from this imaginary threat.
(Score: 1) by anubi on Monday April 20 2015, @01:21AM
As far as security goes, nearly everything I have seen is pure and simple theater. Illusion.
Its all sorts of armed guards flashing big guns guarding grass huts. While others have cans of gasoline, matches, and are sneaky.
Of course, I am referring to our computational infrastructure, laced with back doors only one *thinks* he is the only one privy too. Not thinking that the mere existence of universal back doors on a monogenomic computational infrastructure is about the most non-resilient architecture imaginable. Its just waiting for a prankster to set it on fire, just for the fun of watching it burn.
I write of this meme often here. I have my reasons. They are time and date stamped entries. And I intend to refer to them when it happens. Others who see this monster growing in the nursery will probably refer to them as well.
People holding high places and entrusted with making law will need to explain why they did it.
I hate to sacrifice a free nation just to keep people from trying to copy a song.
Trying to "own" knowledge is like trying to claim ownership of a gust of wind.... you can't make it public and expect to retain it. Only people I know of that got away with this is the early priests, who held "sacred knowledge" to themselves. Gutenberg did away with that meme with the invention and use of the printing press. I am sure there were a lot of priests that would have like to have seen Gutenberg crucified for what he did, but are the rest of us any better or worse for Gutenberg's works?
The internet is just the next level from the printed word, and just as instrumental in the development of humanity.
I just hope soon we realize that the only thing we have that's worth a damn is our collection of knowledge and wisdom. Knowledge and wisdom is in infinite supply, and all we do by throttling back the feedback loops is just slowing our own development. If we fail, we either relegate ourselves back to a sub-existence or perish like yeast in a petri dish.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 0) by Anonymous Coward on Sunday April 19 2015, @04:50PM
Except that the way they're handling this is terrible, as they're treating him like an enemy.
(Score: 3, Interesting) by LoRdTAW on Monday April 20 2015, @08:19AM
If he was making a threat to sell his "proprietary" information back to the manufacturer then he is an idiot. That is black mail. But that isn't the case here (or doesn't appear to me as such). He has every right to call it proprietary and request a warrant because the FBI can and did confiscate the information without a warrant. Boeing is a defense contractor, the second largest in the world. You think they don't work directly with three letter agencies? When it comes to national security they can and will steal your property to cover up and save face.
They took his gear and have yet to return it. So you should still be pissed because they aren't making him explain anything. How much you want to bet he will get his equipment back with the drives wiped or missing? The copied data safe in a secure Boeing lab. Sounds tin foil hat-ish but I can't help but picture this scenario.
Using words like opportunity and motive make him sound like a criminal. From the article he is trying to HELP by exposing crap security that airlines and manufactures lie about. Sure he was cocky about it and wasn't very professional (And a bit stupid). But why does that make him a bad guy? Why are you upset about someone who is actively concerned about peoples well being?
If the authorities were truly interested in our security, then they should be interested in his tools. But why confiscate them and not have him demonstrate them? Instead they just took his equipment and left. If the FBI was actually interested in vulnerabilities then they would hopefully say something along the lines of "okay son, we want to know how exactly someone can hack into an aircraft's avionics. Please show us so we can do something to fix this" Then the FBI should turn around and have the manufacture explain why their planes are a threat to national security. Then maybe throw the kid a reward. In an ideal world of course. Instead we criminalize the whistle blowers and make examples of them.
Why are you accusing everyone here of being a conspiracy theorist? Why is exposing a potentially deadly security hole in aircraft wrong?
You make it sound so easy.
"Doh! Sorry folks. Looks like some guy named frojack discovered that our multimillion dollar aircraft built by multibillion dollar aerospace/defense contractors are vulnerable to terrorist attack via their in flight entertainment and wifi. We are sorry for any inconvenience caused by deployment of oxygen masks, rapid decompression or crash. We will fix those problems right away. Honest! Thanks for flying with us!"
How many times do we have to hear stories about a concerned person demonstrating how shitty security really is only to be arrested and charged with computer crimes? Meanwhile the people who are in charge of said security get to shake the hands of the stooges who silenced a rabble rouser so their stock prices don't take a dive. It's all about money. Money is a higher priority of national security than human life.
(Score: 2) by Yog-Yogguth on Tuesday April 21 2015, @05:34AM
For anyone who has never heard the term “Boston Brakes” before here's a page [veteranstoday.com] about it (rather than CSI TV stuff).
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))