Researcher Detained Over Airplane Hacking Tweet

The place for all news posts regarding hacking, activism, and security.

Researcher Detained Over Airplane Hacking Tweet

Post by parakkafaith on Sat Jun 06, 2015 8:33 pm
([msg=88370]see Researcher Detained Over Airplane Hacking Tweet[/msg])

Researcher Detained Over Airplane Hacking Tweet

Chris Roberts is a founder and security researcher at One World Labs. While on a flight to New York, Mr. Roberts tweeted a joke about playing around with the engine-indicating and crew-alerting system on the plane, only to find the feds waiting for him on the ground in Syracuse. Another joke that provokes some interesting security related discussion!

What makes this interesting is the response to the whole situation. Mr. Roberts was detained and questioned for hours, had his electronics seized, and only days later found himself unable to board a plane to San Francisco. The article aptly describes the response as "knee-jerk", which seems to sum up a fairly significant amount of the war on cybercrime that's so prevalent in the media these days. It would seem that this "tough" stance is deemed appropriate not only for cyber criminals, but for legitimate security professionals that contribute significant time and resources to help make all of us more secure. A plane hacking joke on Twitter (while on a plane) might not have been the brightest move to make, or even the funniest one, but perhaps there shouldn't be so many situations where a bad joke gets you in this much trouble.

Do you think Chris Roberts was out of line? I say let's all band together and end the war on cybercomedy.
"Any technology distinguishable from magic is insufficiently advanced."
- Probably not Arthur C. Clarke
User avatar
parakkafaith
Poster
Poster
 
Posts: 176
Joined: Fri Jan 07, 2011 10:59 pm
Blog: View Blog (0)


Re: Researcher Detained Over Airplane Hacking Tweet

Post by cyberdrain on Sun Jun 07, 2015 8:07 am
([msg=88385]see Re: Researcher Detained Over Airplane Hacking Tweet[/msg])

I remember reading about this one. I remember thinking, while we're at it, let's detain EOD specialists for their ability to create bombs, students for their ability to learn dangerous things or FBI agents for their ability to arrest innocent, well meaning people. I think it's a sign of a bigger issue, one that requires serious questioning...
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Researcher Detained Over Airplane Hacking Tweet

Post by tremor77 on Sun Jun 07, 2015 9:25 am
([msg=88389]see Re: Researcher Detained Over Airplane Hacking Tweet[/msg])

We should also consider the flip side of this.. first of all, I'm going to assume or hope at least, that if I made a tweet with all my 21 followers, about hacking a plane while I was on a plane, that it more or less would go unnoticed? (Correct me if you think this is wrong). Does our cyber security apparatus have the ability to find these tweets as such, or is it that Chris Roberts has already established a high profile, and deliberately planned for this tweet to be seen as much as a media gag to get noticed as anything else?

Secondly, a threat against a passenger aircraft or airport, bomb or otherwise, is a federal crime. Whether or not the threat is substantial, credible or joking, it does not matter.. the threat is the crime. It causes panic amongst passengers and the loved ones of passengers, it causes airlines and airports to change flights, delay flights, and it mobilizes security personnel to assess the threat irregardless of whether or not they believe it to be substantial, credible or joking.. because if they disregard a threat that becomes something, all holy hell will break loose in asking why they didn't act. All this to the tune of tens of millions of taxpayer dollars and economic interuption - all for a tweet or a phone call or a letter. Even in joking, it is a massive lack of judgement on Roberts' behalf in not understanding the consequences beyond his self-centered and self-important little world. His tweet was a calculated and either career or politically motivated planned action to cause the ensuing debate around it. We should not forget that.

cyberdrain wrote:I remember reading about this one. I remember thinking, while we're at it, let's detain EOD specialists for their ability to create bombs, students for their ability to learn dangerous things or FBI agents for their ability to arrest innocent, well meaning people. I think it's a sign of a bigger issue, one that requires serious questioning...


We would detain an EOD Specialist, et al.. had they made a threat to act in a harmful manner. I have been employed as a security researcher... my job is to do the research and submit my findings to the proper management/administration, so that it may get fixed, not to tweet a potential 0-day or vulnerability for every other hacker in the world to see and then potentially use. So Roberts' was displeased that the airlines response was slow in fixing things he had found, does that make it right to do what he did?
Image
User avatar
tremor77
Addict
Addict
 
Posts: 1097
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Researcher Detained Over Airplane Hacking Tweet

Post by cyberdrain on Sun Jun 07, 2015 5:11 pm
([msg=88395]see Re: Researcher Detained Over Airplane Hacking Tweet[/msg])

tremor77 wrote:Secondly, a threat against a passenger aircraft or airport, bomb or otherwise, is a federal crime.

So thinking about something and talking about that is a crime? Or is this just another thing that got them scared out of their wits knowing no-one thought about it before and someone actually points out the risks?

tremor77 wrote:We would detain an EOD Specialist, et al.. had they made a threat to act in a harmful manner. I have been employed as a security researcher... my job is to do the research and submit my findings to the proper management/administration, so that it may get fixed, not to tweet a potential 0-day or vulnerability for every other hacker in the world to see and then potentially use. So Roberts' was displeased that the airlines response was slow in fixing things he had found, does that make it right to do what he did?

It's industry standard to disclose bugs who haven't been fixed after a while too. While I don't know how long this particular item was held back or how slow the response was and while the phrasing was off, the intent of joking was obvious to me. Apparently others didn't think so.

tremor77 wrote: Even in joking, it is a massive lack of judgement on Roberts' behalf in not understanding the consequences beyond his self-centered and self-important little world. His tweet was a calculated and either career or politically motivated planned action to cause the ensuing debate around it. We should not forget that.

I don't care to speculate about that (same could be said about the response) or do you have some proof to back that up?

I'm not saying staying idle was the best response. However, at the risk of speculating myself and backed up by previous cases, the way it was handled was clearly to scare others into not doing it. It creates an environment where security-holes remain open and exploitable for criminals as well as the good guys, something that's even worse in my opinion.
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Researcher Detained Over Airplane Hacking Tweet

Post by tremor77 on Sun Jun 07, 2015 9:52 pm
([msg=88401]see Re: Researcher Detained Over Airplane Hacking Tweet[/msg])

@Cyberdrain: good points, read this fantastically in-depth article on the situation from wired. http://www.wired.com/2015/04/twitter-plane-chris-roberts-security-reasearch-cold-war/

Actually I think we're missing the point altoghether - the question shouldn't be if a researcher has the right to go public or even how he did it, which not everyone can see was a joke obviously, there is also the question of whether he was contracted or given permission to do the research... even the policy of HackThisSite, requires permission and proof of ownership for things like a pen-test when someone says hey can you check this out for me? Roberts clearly was not under contract for this activity at the time.. but no.. the real question I keep thinking about now is.. the tweet and the response... he is a fairly high profile personality online, 9k followers and he's butted heads with the feds in the past.

I find it funny and wierdly ironic that we could have a system where our tech is so lacking that someone could hack a plane and yet our tech is so advanced that we can be waiting for them at the airport if they tweet about it. Seems like the priorities are a bit backwards.
Image
User avatar
tremor77
Addict
Addict
 
Posts: 1097
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Researcher Detained Over Airplane Hacking Tweet

Post by pretentious on Sun Jun 07, 2015 10:18 pm
([msg=88403]see Re: Researcher Detained Over Airplane Hacking Tweet[/msg])

tremor77 wrote:I find it funny and wierdly ironic that we could have a system where our tech is so lacking that someone could hack a plane and yet our tech is so advanced that we can be waiting for them at the airport if they tweet about it. Seems like the priorities are a bit backwards.

Going off topic(didn't even read the article) but I find this specific point really interesting.
The tech industry, is seems, in particular, seems to have investments and standards placed counter intuitively. People don't care to invest in software bug research( and thus people think rebooting is the answer to all of lifes problems because 'computers just break sometimes' no their fucking precision machines, it's the developers and industry pressure that sucks) but we have high tech server farms cataloging our every on line action and catalog it.

but I digress. There are weird trends in the way technological progress is prioritized. It suggests to me that the people in charge aren't tech guys at all. We need more software developers with MBA's.. is basically where my cut off wall of text rant was leading lol
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
Can you say brainwashing It's a non stop disco
User avatar
pretentious
Addict
Addict
 
Posts: 1202
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: Researcher Detained Over Airplane Hacking Tweet

Post by parakkafaith on Sat Jun 20, 2015 12:54 pm
([msg=88598]see Re: Researcher Detained Over Airplane Hacking Tweet[/msg])

tremor77 wrote:Seems like the priorities are a bit backwards.


I think this sums it up pretty well. There's no question in my mind that the tweet was poor judgement by Chris Roberts (unless he was in fact aiming for a news story), but the consistent federal knee-jerking clusterfuck that surfaces whenever something like this happens speaks volumes about these backwards priorities.

Sometimes it seems like things only blow up like this when somebody can put a terrorist spin on things, which is horribly easy to do these days with anything relating to cyber "threats". Even though the joke was made at the wrong time and place, it was still a very obvious joke. While I understand the need to respond to these things regardless of perceived intentions, I can't help but wonder if we'd all be a little more secure should the powers that be ever decide to focus more on quashing the stigma that comes with responsibly disclosing security vulnerabilities, whether or not there was ever any permission.
"Any technology distinguishable from magic is insufficiently advanced."
- Probably not Arthur C. Clarke
User avatar
parakkafaith
Poster
Poster
 
Posts: 176
Joined: Fri Jan 07, 2011 10:59 pm
Blog: View Blog (0)


Re: Researcher Detained Over Airplane Hacking Tweet

Post by molanDankil on Sun Jun 21, 2015 10:56 pm
([msg=88604]see Re: Researcher Detained Over Airplane Hacking Tweet[/msg])

It's certainly a bit overkill to detain this guy for hours... what they should have been concerned with was learning how or if the plane was actually compromised and patched the problem. Society is too swift to condemn individual acts of (really like that term:) cybercomedy. While not quite a safe thing to do, he could have been smarter about it, but still they didn't have to jump down his throat.

They should have talked to Chris in a peer-to-peer setting, get some kind of report on what it took to hack the plane systems. They could learn how to keep this from happening, or redirect a potential malicious attacker to an in-flight honeypot or something.

He probably should have gotten in touch with the airline and disclosed the vulnerability quietly though... a website is one thing, a chunk of metal hurling through the air, a little different...
pretentious wrote:
tremor77 wrote:<br>I find it funny and wierdly ironic that we could have a system where our tech is so lacking that someone could hack a plane and yet our tech is so advanced that we can be waiting for them at the airport if they tweet about it. Seems like the priorities are a bit backwards.
<br>Going off topic(didn't even read the article) but I find this specific point really interesting.<br>The tech industry, is seems, in particular, seems to have investments and standards placed counter intuitively. People don't care to invest in software bug research( and thus people think rebooting is the answer to all of lifes problems because 'computers just break sometimes' no their fucking precision machines, it's the developers and industry pressure that sucks) but we have high tech server farms cataloging our every on line action and catalog it.<br><br>but I digress. There are weird trends in the way technological progress is prioritized. It suggests to me that the people in charge aren't tech guys at all. We need more software developers with MBA's.. is basically where my cut off wall of text rant was leading lol

^^^highly agree with pretentious, in which we need more software developers in this world that are educated. Perhaps even focused solely on hardening programs and making them more robust instead of pumping out new, pretty-looking shit that is full of vulnerabilities...

I still remember when Vista came out... Microsoft's commercials were focused on, "oh wow, it looks great!" Not once did I hear a commercial say, "it's robust, solid, and very few bugs! This sucker will stand up to attacks for days!" Nope... appearance is all that matters apparently...

Education is what this world needs, and a learning mentality instead of persecution mentality.
"Intelligence is the ability to adapt to change..." --Professor Stephen Hawking
User avatar
molanDankil
New User
New User
 
Posts: 9
Joined: Wed May 13, 2015 12:49 am
Location: WA
Blog: View Blog (0)


Re: Researcher Detained Over Airplane Hacking Tweet

Post by poetics5 on Mon Jul 27, 2015 1:20 pm
([msg=89117]see Re: Researcher Detained Over Airplane Hacking Tweet[/msg])

On one hand you have someone who is established and capable making a joke, that to the powers that be, appears well within his ability. On the other hand yes, their is a bit of overreaction. However if he actually was in their system, without permission, he's generally screwed.
poetics5
New User
New User
 
Posts: 4
Joined: Mon Jul 27, 2015 1:11 pm
Blog: View Blog (0)


Re: Researcher Detained Over Airplane Hacking Tweet

Post by ghostheadx2 on Wed Mar 30, 2016 3:33 pm
([msg=92046]see Re: Researcher Detained Over Airplane Hacking Tweet[/msg])

We don't even know that he tried to do whatever joke he posted in twitter. It may have just been his theory, whether it works or not. People should be allowed to find and report vulnerabilities IMO.
ghostheadx2
Contributor
Contributor
 
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Next

Return to Activism and Security News

Who is online

Users browsing this forum: No registered users and 0 guests

cron