NEWS

Senator Warns of Boarding Pass Sleight of Hand

By Matthew Harwood

A confluence of loopholes involving online ticketing and security screening has Sen. Chuck Schumer (D-NY) worried that terrorists could exploit these long-known-about weaknesses to strike commercial aircraft even if their names appeared on the federal no-fly list.

Schumer outlined broadly how watchlisted terrorists could make it past security and still board an airline during a press conference on Sunday at his offices in New York City, reports the Epoch Times. While the con involves a sleight of hand, it's a rather unsophisticated ruse.

If a terrorist obtains someone else’s credit card, they could then follow instructions to doctor a boarding pass, which are easily accessible on the Internet. He could then show the fake boarding pass with his own name instead of the cardholder’s, along with his own ID to pass through security, where the boarding pass is not scanned into the system. Then at the gate, where he is not asked to show his ID again, he can simply hand in the real boarding pass with the cardholder’s name and be let onto the plane. This technique was posted on a Web site and proven achievable by an Indiana University student in 2006 and noted in a 2007 report by Transportation Security Administration (TSA).

Over three years ago, security blogger Bruce Schneier explained this vulnerability more straightforwardly.

You can also use a fake boarding pass to fly on someone else's ticket. The trick is to have two boarding passes: one legitimate, in the name the reservation is under, and another phony one that matches the name on your photo ID. Use the fake boarding pass in your name to get through airport security, and the real ticket in someone else's name to board the plane.

This means that a terrorist on the no-fly list can get on a plane: He buys a ticket in someone else's name, perhaps using a stolen credit card, and uses his own photo ID and a fake ticket to get through airport security. Since the ticket is in an innocent's name, it won't raise a flag on the no-fly list.

To quickly plug this security hole, Schumer wants security procedures to go back to how they were immediately following 9-11. After the terrorist attacks, passengers had to show  their boarding pass and ID at their departing gate to ensure the names on each document matched. After two years, however, those security procedures were allowed to lapse.

Schumer also called on the TSA to encrypt the barcodes on boarding passes so they cannot be forged.

Finally, Schumer said he will introduce legislation making it a felony to alter or tamper with a boarding pass. The crime, according to WPIX.com, will be tantamount to manufacturing a fake ID.

“It’s unbelievable that after years of recalibrating aviation and airport security so that we can keep a close eye on suspicious individuals, this enormous hole remains in the system,"Schumer said. "It has rendered the terrorist watch list nearly useless.”


♦ Photo of e-ticket by Thom Watson/Flickr

Comments

View Recent News (by day)

 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.