
Circumventing the No-Fly list in thirty seconds - folz
http://blog.rodneyfolz.com/circumventing-the-no-fly-list-in-thirty-secon
======
kevinalexbrown
The first time someone pointed this out, the FBI raided his house[1] and
sparked a Senate investigation. This was _four_ years ago. I did this to one
of my Southwest tickets recently, though didn't use the forged copy. Honestly,
it's like they think HTML is unreadable, or, more likely, that it's security
theatre designed to make everyone feel safe. I would be okay with that if it
wasn't taken so seriously.

[1] [http://arstechnica.com/security/news/2008/06/tsa-defiant-
pas...](http://arstechnica.com/security/news/2008/06/tsa-defiant-passengers-
wont-get-to-fly-without-id.ars)

Edit: The Soghoian blog post about the raid:
<http://paranoia.dubfire.net/2006/10/fbi-visit-2.html>

~~~
nirvana
I think there are two purposes to the TSA. One is to make people feel safe, as
you mentioned. The other is to get people into the habit of having their
rights routinely violated by "government agents". It is a form of
conditioning, and its pretty effective.

10 year olds at this point have never known a world that was otherwise.

In another 15 years, almost all adults will be completely used to it, and the
idea that we don't need the TSA will sound as absurd to them, as to most of us
it seems "absurd" that in fact in the past you could fly in the USA while
carrying a rifle or shotgun aboard, with ammo. The flight attendants would
offer to stow it for you in a coat locker, but otherwise wouldn't bat an eye.

Even today you can fly with firearms (in checked baggage) but a lot of people
think that this idea is completely absurd because they've never seen it... and
they've been conditioned to being disarmed and the idea that you can't have a
gun in an airport. (you walk in and check it at the counter, before going thru
security.)

~~~
eternalban
> "10 year olds at this point have never known a world that was otherwise."

It takes 2 generations to completely change the nature of a society. As long
as those born before 2000 are still around all hope is not lost. Do not give
up.

~~~
personlurking
IMO, relevant

One of the best talks I've ever seen <http://youtu.be/5gnpCqsXE8g?t=8m40s>

------
LogicX
I'm a very tall man (6'4") and always have trouble with a lack of legroom on
flights (even JetBlue).

A few years ago I was adventurous, and frustrated -- there were no seats left
on the flight that it would let me reserve online. Yet for this particular
airline, it showed that the exit row seats were available, but clicking on
them lead to an alert that you could not book them online: You had to do so at
the airport.

I decided to look at the code making the seat selection calls, submitted my
seat selection for that seat anyway -- and wallah! I was granted a ticket with
that exit row seat. Had no problem going through security or boarding. Haven't
tried it since - as most airlines now charge extra for those seats, and its
not such an easy hack.

~~~
6ren
At first I thought "wallah!" was a phonetic misspelling of _voilà_
<http://www.thefreedictionary.com/voila> , but now I see it apparently is an
arabic oath meaning "by Allah!" <http://www.google.com.au/search?q=wallah>
(though the wikipedia article suspiciously cites no sources...
<http://en.wikipedia.org/wiki/Wallah_(Arabic)> )

~~~
abdulhaq
wallah does indeed mean 'By God!' in arabic but it's used as an assertion of
veracity. In this context the poster obviously meant to say voila and like you
I've also seen this wallah variation of it creeping in recently.

~~~
6ren
Retro-validation appeals to me, so it could be interpreted as:

 _and - truly, I swear by God I am not making this up - I was granted a ticket
with that exit row seat_

In English, it's an old-fashioned idiom that a Robert Louis Stevenson
character might have used. But English-speakers tend not to swear by God much
these days - indeed, "swearing" usually means profanity.

~~~
Drbble
It is still a common idiom in US English.

------
chimeracoder
This doesn't surprise me in the least. I've been in India for the last month,
and I've been _shocked_ by two new things since my last visit (several years
ago).

First, security here is _everywhere_.

Second, security here is _pointless_.

I have had to walk through security to get to supermarkets, discount stores
(think Walmart), high-end shopping malls, temples, mosques, movie theaters,
national monuments, airports, hotels, you name it. You can't walk into a large
building and not walk through a metal detector. The ACLU would probably go
ballistic if the US had even 1% of the number of pat-downs that I have had to
go through daily here.

Unfortunately, it's entirely pointless. Generally, I don't take my
belt/jewelry/phone off when going through the metal detector, and most of the
time, it doesn't even detect that. Whether or not I set off the detector, the
process is the same: they (occasionally) wave a wand over, and then send me to
a second person who briefly pats me down (<5 seconds in all). Keep in mind,
the _exact same process_ is applied to those who do and do not set off the
metal detector. A few times, I've set it off and they just wave me through
without even checking me further. It's mind-boggling.

I can't say I'm a fan of ubiquitous security, but the only thing that's worse
than ubiquitous _ineffective_ security. Anybody who really wants to cause
trouble can bypass it in their sleep - all you manage to do is disrupt the
lives of everybody else, all the while accomplishing literally nothing.

~~~
lkozma
Similar thing happened to me when visiting a museum in the Vatican. Long
queues, metal detectors, etc. After passing through the whole thing with no
problem, I realized I had my pocket knife in my pocket throughout the day. I
noticed then that the metal detector was beeping all the time, but they were
not paying attention, as they probably didn't want to get people to take off
belts, etc.

~~~
brc
I accidentally took a pocket knife through airport security in LAX.

After that, I realised that the TSA was not only annoying and a waste of time
and money, it was completely pointless as well.

~~~
rdtsc
It is possible to deduce that from their track record as well. In 10 years TSA
has caught exactly 0 terrorists. Not saying there weren't attempts, but those
were caught by FBI, other agencies, and most importantly, regular citizens.

~~~
ryanbrunner
While I agree that the "security theatre" that the TSA provides is largely
useless, I don't think this is really an accurate statement. It's entirely
possible that TSA screening prevented someone getting on a plane with a weapon
of some sort, but that the person in question was never identified as a
terrorist, since they had to abandon whatever plans they had.

~~~
rdtsc
> It's entirely possible that TSA screening prevented someone getting on a
> plane with a weapon of some sort

I disagree with that statement. "It could" is hard to measure. We spend 100s
of billions of $ on something based on this unproven hypothesis.

Keep in mind, TSA was created to catch terrorists red-handed as they are just
about to board a plane. As in "Hey look a bomb in the x-ray machine, arrest
this guy!". That is their purpose. They have not yet done that, once, in 10
years!

Govt. intelligence work and regular citizens have prevented and stopped
attempts. There is some track record there. TSA doesn't have one.

By your metric one could have just as well re-defined TSA's mission as
"Protect the citizens of the United States of America against Evil Pink
Elephants from Neptune". Chances are very high that TSA's track record with
that task would have been exactly what it is with their current mission. AND
you could have still made your argument "See no Pink Elephants from Neptune
have attacked us, so they must be doing their job."

Or think about it another way: How many airliners were blown up in US airspace
before 9/11? Was it a monthly occurrence? Yearly? Now if was a yearly thing,
and then TSA came along and it suddenly stopped, you could have made a
correlation based argument saying, that it is probably because of fear of TSA
that we didn't have any more attacks.

Yet another way to look at it. As a terrorist you are trying to instill terror
and kill as many people as possible. A large gathering of people would
maximize your impact. I wonder what places and events consistently create
large queues of people waiting in line? What about also a place that would
cripple and disrupt the economy and travel? I'll leave that as a rhetorical
question.

~~~
ryanbrunner
I agree with you completely that it's entirely unproven whether or not the TSA
has been effective for catching terrorists. I also agree that it's a wasteful
system that should be seriously reformed into something that is actually
effective.

It's precisely because it's unproven that we cannot say that the TSA has never
caught a terrorist. That's all I was saying. The TSA may or may not have
caught a potential terrorist at some point, it's pretty much impossible to
say. You can't have it both ways. Either the TSA's effectiveness is unknown
(meaning they may or may not have caught terrorists), or it's known to be 100%
useless (meaning 0 terrorists were caught).

In regards to occurrences of terrorists prior to 9/11, you're correct that
there weren't many (any?) incidences of using a plane for a terrorist attack,
but hijackings were certainly not uncommon prior to 9/11. In fact, come to
think of it, incidences of hijackings are almost certainly down since 9/11. I
don't think this can be entirely attributed to increased security, but I
wouldn't be surprised to see it as a contributing factor.

~~~
rdtsc
> we cannot say that the TSA has never caught a terrorist.

But why? I am sure any such catch would have been paraded in front of media
for months. Are you saying they caught a terrorist with a bomb red-handed but
hid it and instead shipped the guy secretly to a prison in another country? If
not, that then I think we can say most definitely that they have not caught a
single terrorist. Would you agree?

> but hijackings were certainly not uncommon prior to 9/11

Obviously hijackings were not that bad. That is the reason the first two
planes ended up being used as projectiles, because people thought it was a
regular hijacking. Within hours everyone in the country including passengers
of the plane that went down in PA learned to not think about hijackings
anymore in the same way. So the problems basically "fixed" itself immediately.

You are right the # of hijackings is now lower. TSA presence might have a part
to play, that's plausible. But because of the previous paragraph it also
becomes irrelevant. So the reasons for having the TSA evaporate away again.

------
chao-
Poorly implemented solutions are security theatre at its best. Well, almost.
They're second best to "The wrong solution for the problem" approaches. Take
the school in Texas this week where one kid shot another [1]. The school's
solution is to make everyone use completely transparent backpacks, nevermind
that:

1\. You could fit a gun inside a zippered/covered binder or expanding file
folder and the backpack does nothing.

2\. The school already has metal detectors, so the backpacks aren't actually
adding any detection.

3\. They don't even know if the edge case where their current security failed
even involved backpacks.

[1] [http://www.chron.com/news/houston-texas/article/Teen-shot-
at...](http://www.chron.com/news/houston-texas/article/Teen-shot-at-North-
Forest-High-School-2457718.php)

~~~
rdtsc
The point of security theater is often to placate the public. Public demands
(or is perceived to demand) action. Doesn't matter what. In this case
"something" was done. The school gets to :

1) boast about how they were proactive and did something quick (so it looks
good on their resumes).

2) protect themselves against the expected criticisms that they didn't do
anything.

3) it was an easy policy to implement (they just wrote down a new rule). no
need for new equipment, training or anything so it doesn't affect the budget.

Not saying that it isn't stupid. It is very stupid. But in their position they
seem to act rationally. Now if another incident occurs they will get a
backlash about how transparent backpacks didn't work, to which the response
would be we need to outlaw binders. _But_ if they hadn't done anything and
another incident occurred the backlash would have been a lot worse -- they
would have been blamed and possibly sued because they took no action to
prevent it after a history of past incidents.

------
mhartl
I know a girl who changed her name when she got married and whose ID still has
her maiden name. She buys her plane tickets under her married name, and
carries her marriage license with her when she flies in case the TSA asks
about the discrepancy. _But no one has ever noticed._

~~~
cookiecaper
Out of curiosity, why doesn't she update her ID?

~~~
JonWood
At least in the UK it costs a decent chunk of money to get the name on your
passport changed after marriage. Not a huge amount, but enough that it's
easier to just book tickets under your maiden name.

------
tnuc
This doesn't always work. You might end up arrested. You are better off with a
fake ID.

When you board the plane they check the codes to see if you have been through
special screening, they check the markings to the boarding pass codes.

I've made it to the flight a few times only to be turned around and
accompanied back to security for the full security theater experience. At this
point they will check the list and you will be arrested if they find a problem
in the paperwork.

Your best bet is to change your name slightly William --> Bill etc. and play
around with a middle/first initial. Computers are dumb. TSA agents are
friendly when you are friendly to them and have tendency to not pay attention
to their work. Social engineering is a lot more effective than computer
hacking.

~~~
fr0sty
> "they check the codes"

And what codes are these? the pen-squiggle? the highlighter-check-mark?

Is it your hobby to try to sneak past TSA checkpoints? Are you successful
often enough that you have been turned away at the gate for not having the
proper 'codes'?

~~~
tnuc
>And what codes are these? the pen-squiggle?

There are codes that indicate the level of screening you should get along with
codes that have "Special screening" indicated on them. And then the TSA is
supposed to squiggle in response. Buying a one way ticket usually means you
get special screening, I hope the terrorists don't figure this one out.

>Is it your hobby to try to sneak past TSA checkpoints?

In a way yes. It is my hobby to get through these things as quickly as
possible. Sometimes I go through the staff/express line, you get a long way by
being friendly to TSA agents.

>Are you successful often enough that you have been turned away at the gate
for not having the proper 'codes'?

Yes. TSA agents make mistakes and don't always check the passes properly. I
swear with half the agents I could give them an ID for someone completely
different, all they do is check that it "looks" real.

One time I almost missed a flight. One of the gate agents was nice enough to
run back to security with me and hurry them along. Someone else watched my bag
rather than wait and get it searched properly. Security theater at its finest.

~~~
loopdoend
The SSSS mark is also handed out when you purchase your ticket shortly before
the flight or when you pay in cash, or at the discretion of the airline. I've
endured it more times than I care to recall because I frequently change my
travel plans.

[http://en.wikipedia.org/wiki/Secondary_Security_Screening_Se...](http://en.wikipedia.org/wiki/Secondary_Security_Screening_Selection)

~~~
stevecooperorg
Looking at those criteria, it wouldn't flag terrorists who were well-funded,
forward-planning, and punctual. Which sounds like prerequisites for a
successful attack.

Hey ho.

------
narkee
I don't know about the US, but this definitely doesn't work in Canada.

The the gate agents definitely always check ID with the boarding pass.

~~~
tonywebster
That's not the point... John Doe buys a plane ticket and gets an electronic
boarding pass — John uses Chrome Developer Tools or Firebug to change John Doe
to Jane Terrorist. John Doe's name is checked against terrorism watch lists,
but Jane Terrorist's name isn't. Jane Terrorist then presents a boarding pass
with her actual name and she has an ID showing her name is Jane Terrorist. The
TSA agents don't check terrorism watch lists at the checkpoint.

tl;dr: You can alter a boarding pass and circumvent the entire watch list
process.

~~~
quinndupont
You can alter the ticket, but they check it to see that it matches your ID.
So, using this method you would ALSO have to edit your ID

~~~
rubiety
You're missing the point - the TSA watch list is checked with the name you
bought the flight under. You can then change that name to the name that
matches your ID. The TSA does not check your name against the watch list when
you go up to their booth; they only verify that the two documents match (where
one of the documents is essentially fabricated).

~~~
BCM43
Yes, but the point is you have to buy a ticket with your real name. You can't
board the plane unless the ticket is in your name. If it is in your name, you
get stopped at check-in.

~~~
cstejerean
You can buy the ticket under whatever name you like. Identity is verified at
security, and you can edit the boarding pass to match your real name.

~~~
jewbacca
I can't believe the point isn't getting through. I'll take my shot at it.

\--------

A is on the no-fly list. He is trying to fly.

B is not. The airline Computer expects B.

-

A brings the following things with him to the airport: ID A, Ticket A, Ticket
B

Security: Ticket A vs ID A

Boarding (America): Ticket B vs Computer (B)

Boarding (Canada): Ticket B vs Computer (B)... vs ID A

------
smhinsey
FWIW, I have been on two flights today and on neither of them did the gate
agent check my ID. This tactic would've worked fine.

~~~
cpeterso
This is my experience, too. I fly multiple times a year (within the US) and
I've never seen a gate agent check anyone's ID.

~~~
karmajunkie
its rare, but it does happen, especially around the holidays. I was recently
on a flight that was being gate-checked.

------
hohead
This is easy to fix. Only terrorists use DOM editors, so we simply need to
check all laptops when going through security.

~~~
zalew
or pass a Stop DOM Editing Act.

~~~
Maxious
They could call it the SODOM Act!

~~~
pyre
That would never work. Imagine the sound bites during re-election.

"My opponent supported the _SODOM Act_! Need I say more?"

------
FaceKicker
In my experience, the TSA agent you have to show ID and boarding pass to at
the security checkpoint also scribbles something with a marker or highlighter
on your boarding pass.

But even aside from the fact that this is obviously and trivially forgeable, I
don't think the person who scans your boarding pass at the gate even looks for
the scribble, as I've used a different boarding pass to get on the plane than
I did at the security checkpoint before (because I had printed one out at home
and also printed another copy at the self-service check-in machine, and just
happened to use different copies each time I needed to show it).

~~~
rubiety
They definitely don't look. Several itineraries have multiple legs, and the
TSA only ever looks at - much less scribbles on - your first leg. Even that
aside, you can easily get a boarding pass from an agent _inside_ the terminal,
without it ever having been checked by the TSA.

I've actually gone through TSA with one boarding pass on one flight, and
boarded a completely different _flight_ before (not just a separate piece of
paper) - back when I could book flights for free on JetBlue and had already
booked another flight that night. I merely decided once I was in the terminal
that I'd hop on a different flight I had also checked in to.

I do a lot of flying and have long though about this. It's total theatre. They
could fix it by implementing some cryptographic code that's scanned at TSA
entry points, verifying the actual _document_ (boarding passes are a far cry
from a verifyable document).

~~~
estevez
> _They could fix it by implementing some cryptographic code that's scanned at
> TSA entry points, verifying the actual document (boarding passes are a far
> cry from a verifyable document)._

Yeah, I tend to believe that they really aren't serious about it. It seems
trivial to include a data matrix barcode that encodes the traveller's name and
flight data.

~~~
anghyflawn
Wait, what? Are you saying barcodes aren't used in the US? Here in Norway at
least all major handling agents issue boarding passes with barcodes, so you
can board a (domestic or intra-Scandinavian) flight without interacting with
anybody human except the security agents just by scanning the barcode at the
gate. No idea if it's also used for security purposes, though.

~~~
mahyarm
The ticket has a barcode, but it's usually scanned by the airline before you
board the plane. The TSA checker just looks at your ticket and your id, no
computers involved.

~~~
FaceKicker
And presumably the passenger's name is encoded in the barcode, which I guess
is why the OP suggests printing the original ticket with the name of the
friend that bought it instead of just using the "forged" ticket at the gate.
Though I'd also guess that the airline employees who scan the ticket at the
gate almost never check that the name on the ticket matches the one displayed
on their screen when they scan the barcode, so you'd probably be fine using
the forged one.

~~~
mahyarm
This wouldn't work for international flights, since they often check your
passport before boarding.

------
cpeterso
If terrorists still want to "get us", why don't they detonate some truck bombs
in major urban areas? If the bridges or subway tunnels in the SF Bay Area or
NYC had big holes punched in them, the economic impact would be huge.

~~~
biot
A suitcase bomb in a large TSA security screening lineup would have a similar
effect and would be a tragic way of pointing out how ridiculous the so-called
security is.

~~~
gdw2
Then we'd have to go through security to get to security. :-P

------
jessriedel
Not only is my ID almost never checked at the gate, the agent hardly even
compares the name on the paper to their flight information. So really, you
could just print out the forged copy with your name on it and use it the whole
way through.

------
samwillis
Possible easy way to fix this:

Include a QR code on the printed boarding pass that holds the details of the
passenger and flight along with a hash of the data, the hash being salted with
a secret known only to TSA. The TSA agent then scans the QR code, computer
verifies the hash and displays the data on screen for the agent to check
against the printed boarding pass and ID. No database look up is needed, just
a PC and webcam.

Danger is someone works out or leaks the hash secret.

~~~
fr0sty
The real danger is someone figures out how to spoof a legitimate request to
the TSA-QR service and have them create authentic codes with bogus data.

Never mind that the solution itself is far from 'easy'. Somehow linking every
ticket printer to a central TSA-QR service in a reliable and secure way sounds
like, uh, fun...

~~~
Drbble
Like how credit card processing works?

~~~
fr0sty
Yes, but only if:

1\. All existing hardware and software magically vanishes

2\. The government is put in charge of implementing its replacement.

3\. The whole system is a dead-weight loss which exists to serve the whims of
government oversight rather than facilitate commerce.

------
chollida1
Does this work?

> Give the ticket with your friend’s name to the gate agent who lets you
> board. It will match the flight information and you’ll be allowed to board.

I fly 4 times a month and each time I have to present a piece of photo ID at
the gate to the flight attendant that has to match the name on the ticket,
ticketing computer and ofcourse me.

The above advice would seem to fail this test.

------
jzd131
The boarding pass should never be shown at the gate, instead you should show
your ID. The agent would then check it to make sure its real and then scan it
to see if your in the database to fly that day. It is a simple solution,
Someone needs to build a device that can read 90% of IDs.

~~~
philwelch
There are already federal standards for "enhanced" state drivers licenses.

------
snowmaker
Could you use the same trick to use your friend's ticket in general?

I've often had the situation of having an "extra" flight ticket for some
reason. I've always thought that there is no way I can give the ticket away to
a friend, but it seems like this could be a way to do it.

~~~
nchuhoai
That's an interesting proposal. I wonder whether it is against the law, or
just against terms of service to do so.

------
Shenglong
For every flight I've been on, the gate agent checks your ID against your
ticket.

~~~
simcop2387
I've not run into that in any of my recent flights. I've seen it happen for
international travellers but not for any of the domestic ones. It may also
have to do with the fact that my flights were completely full and took nearly
an hour to finish boarding.

~~~
Shenglong
Maybe it's a Canadian thing, and an international thing. To be fair, I suppose
I haven't flown any purely domestic flights in the US.

------
Mordor
Security isn't there for the terrorists, just a scam to keep people flying.

------
seanp2k2
Glad we all give up our civil liberties for this awesome "security". I'm sure
zero terrorists know of this method.

Those who sacrifice liberty for security deserve neither.

------
lambersley
It would suck to be someone whose name appears on a no-fly list. It would
REALLY suck to be that same person who forges a ticket and gets caught. #oops

------
51Cards
They not check your ID at the gate? They always take my ticket and my
passport, look at both, and say "Good morning Mr. B, have a nice flight".

------
jvdh
This only helps you in national flights. For international flights they very
often do check the match between ID and ticket.

------
samwillis
I may be missing something but wouldn't your name be flagged as on the no fly
list when you pass your ID to the TSA agent?

~~~
corywatilo
It would if they checked your name against a database. But all TSA does is
verify your ID is valid and matches the name on the boarding pass, nothing
more.

~~~
samwillis
Ok, thanks. Not being an American I wasn't sure how the system worked. So when
do they actually check the no fly list?

~~~
LogicX
When your flight is booked, the airlines are required to check it against the
copy of the no fly list they're given. So typically you do this online, well
before you visit the airport.

(Former employee of ITA Software - does airline flight stuff - not sure how
much more I can say, so I'll stop there)

------
wavephorm
DHS is a giant convoluted bureaucracy and it was designed to be such from the
beginning. They don't actually have to, or really desire to make anybody safer
at all. That's not the point of DHS at all. It's all just a series of
checklists, and forms, and initiatives... and reports... all the way down. All
anybody needs to do is go down the new checklist that somebody higher up gave
them to fill out.

~~~
djKianoosh
FYI, this is the structure of DHS and its Components:

<http://www.dhs.gov/xabout/structure/editorial_0644.shtm>

------
gcb
Thanks for the article. Now tsa will install another check point on each gate
where you will have to show id, remove shoes, do the chicken dance ...for
security

