Student arrested after sending private joke over snapchat before boarding a plane, message was viewed by security as he was connected to public Wi-Fi

[Velcade]

2 hours ago, Sauron said:

at most I could have seen him be briefly detained on arrival.

That only works if he hasn't blown up the plane.  There's no way of knowing and the airport can't just say "we thought it was for the lawlz" when the threat isn't taken seriously. 

[wanderingfool2]

22 minutes ago, LAwLz said:

Anyway, the moral of the story is that it is a bad idea to joke about how you're a terrorist and planning on blowing planes up

Oh boy, I didn't actually read the message he had sent the group until now...yea that's a bad thing to joke about.  I just assumed it was a bomb, but nope, bomb and being part of Taliban...yea that's going to nail you ever time

 

The fact it was a group of friends as well to me says that it's like 99.99% one of his "friends" who had a valid concern and reported him.   Agree 100% with what you said though; no way this was intercepted just by using public wifi...unless there has been some massive breakdown in the certificate authority [which I mean the EU is starting to push for them being a trusted CA...so maybe in a few years it could be a thing but not now]

[jagdtigger]

I dont think an airport had any legal grounds to run basically a wiretap...... (if it was really them)

[Erioch]

Play stupid games, win stupid prizes.

[Sauron]

1 hour ago, Velcade said:

That only works if he hasn't blown up the plane.

Again not something fighter jets can stop...

1 hour ago, Needfuldoer said:

Airport security isn't going to assume it is "just a teenager making jokes" if there's even the remote chance they could be wrong. There's too much at stake.

 

Don't joke about performing terrorist acts.

As I explained this is just excessive precaution. Terrorist acts can be performed outside of airports and yet in daily life no such precautions are taken. The one thing that makes planes special is that they can be hijacked and used to, say, ram skyscrapers; this is now impossible because the pilot's cabin cannot be opened from the outside on modern planes. Airports already have, by far, the highest security level of any form of transport and the chances of you making it to a plane with explosives is extremely low; it's much easier and equally (or more) effective to stage the attack in the airport itself at that point.

 

So yes, they can just take the risk and they do in virtually every other situation. Terror attacks are often prevented through normal investigative methods, not by randomly intercepting a single snapchat message where a teenager writes "gonna blow up the plane lmao".

3 hours ago, wanderingfool2 said:

The 737 Max 9  shows you can.  All you need is a rapid cabin depressurization and the door by design apparently will open to prevent the pressure differential between the cockpit and cabin (at least early statements appears this was a design in place that Boeing just never informed pilots about).

And that one was a scandal because it's not supposed to do that. A random terrorist wouldn't know that when not even the pilots did.

3 hours ago, wanderingfool2 said:

You also need to factor in that you cannot be sure a pilot might not be involved

If a pilot is involved you don't need an explosive to hijack the plane...

[wanderingfool2]

5 minutes ago, Sauron said:

And that one was a scandal because it's not supposed to do that. A random terrorist wouldn't know that when not even the pilots did.

Except if you dig through all the paperwork you could, it's just Boeing being Boeing didn't bother updating the pilots training.

 

6 minutes ago, Sauron said:

Again not something fighter jets can stop...

No but they do have the authority to shoot down the aircraft if lets say the person with the bomb attempts a hijacking and is successful.

 

7 minutes ago, Sauron said:

If a pilot is involved you don't need an explosive to hijack the plane...

That will ultimately depend on the purpose and nature of said attack.  You could put a bomb on board to make the explosive effect even more-so.

[Sauron]

3 minutes ago, wanderingfool2 said:

Except if you dig through all the paperwork you could, it's just Boeing being Boeing didn't bother updating the pilots training.

 

No but they do have the authority to shoot down the aircraft if lets say the person with the bomb attempts a hijacking and is successful.

 

That will ultimately depend on the purpose and nature of said attack.  You could put a bomb on board to make the explosive effect even more-so.

It's a long chain of unlikely hypotheticals that I don't think the teenager in question can be held responsible for.

 

I must stress that no terror attack has ever been prevented this way.

[Ydfhlx]

7 hours ago, BuckGup said:

Encryption doesn't matter when you hand the keys to the authorities. 

Are you implying someone else from the chat told the gov, or that they were spying on phone of someone from the chat? Because with properly implemented encryption, nobody but the recipient can read the message. The private key, required to decode, never even leaves the receiver's device.

[IkeaGnome]

48 minutes ago, Ydfhlx said:

Because with properly implemented encryption

There is no claim on encryption on SC's text messaging side. Only the picture side.

Is Snapchat Encrypted And Safe? Let's Find Out - Dataconomy

Quote

It’s crucial to highlight a limitation in Snapchat’s encryption strategy. While snaps benefit from end-to-end encryption, other forms of communication within the platform, such as text messages and chat interactions, do not enjoy the same level of encryption. These types of communications are subject to encryption during transit but may be stored in an accessible format on Snapchat’s servers.

The only claim of encryption are by people who don't understand how the messaging app work. 

[wanderingfool2]

28 minutes ago, IkeaGnome said:

There is no claim on encryption on SC's text messaging side. Only the picture side.

Is Snapchat Encrypted And Safe? Let's Find Out - Dataconomy

Quote

It’s crucial to highlight a limitation in Snapchat’s encryption strategy. While snaps benefit from end-to-end encryption, other forms of communication within the platform, such as text messages and chat interactions, do not enjoy the same level of encryption. These types of communications are subject to encryption during transit but may be stored in an accessible format on Snapchat’s servers.

The only claim of encryption are by people who don't understand how the messaging app work. 

Oh the irony of the statement.

 

Let me redirect your attention to the next sentence you didn't highlight 

Quote

These types of communications are subject to encryption during transit but may be stored in an accessible format on Snapchat’s servers.

i.e. Snapchat uses encryption, just not end to end encryption.  Specifically they use https to encrypt, so the only way the airport authorities could access text messages going through their network would be to have the private keys that Snapchat uses to encrypt [or performing a MITM attack with a different cert...but that also requires them to essentially have a trust CA which they don't or registering it as a trusted CA on the device].

 

On top of that, E2EE also still requires some level of trust...from what I could see glancing over I haven't seen mentions of safety numbers etc...so Snapchat could very well be still potentially intercept messages on their server (if they were malicious enough to do so)...at least from what I have seen; I don't want to look to far into specific E2EE schemes they used...but when you have a single controlling party like Snapchat then they still have the ability to do a MITM attack.

 

Like I've always said, E2EE is typically a marketing fluff term; it does have benefits but realistically it doesn't protect you as much as you might think in terms of everyday uses of it.

 

1 hour ago, Ydfhlx said:

Are you implying someone else from the chat told the gov, or that they were spying on phone of someone from the chat? Because with properly implemented encryption, nobody but the recipient can read the message. The private key, required to decode, never even leaves the receiver's device.

Implies that Snapchat shared the private key with authorities so they can decrypt traffic.

[IkeaGnome]

39 minutes ago, wanderingfool2 said:

Let me redirect your attention to the next sentence you didn't highlight 

That was in my original quote. Encrypted during transit, but not stored encrypted. 

They have a way to expedite the process in emergency situations, like the one the Verma found himself starting.

[Agall]

9 hours ago, duncannah said:

I still wonder about the technical specifics of this "detection" by the public Wi-Fi. Even though Snapchat is not E2E, it should still be using HTTPS. 

Instead of negotiating HTTPS with the website, you're negotiating it with the AP/router who then acts like a man in the middle so it can read HTTPS traffic, the AP/router then has the HTTPS traffic to the website. It involves a certificate the AP/router negotiates with the device, so it can then use the site's certificate to re-encrypt that traffic.

[Catzzye]

10 hours ago, duncannah said:

I still wonder about the technical specifics of this "detection" by the public Wi-Fi. Even though Snapchat is not E2E, it should still be using HTTPS. 

Yeah I dunno.... Sound suspicious... Out of all the "images" that would go through a network so huge as that one, it would be challenging to single out one image like that. Unless they have some kind of flagging system in place?

[Donut417]

9 hours ago, Sauron said:

but they just couldn't wrap their minds around him just being a teenager..?

They probably had no way of knowing that before they apprehended him. Also now days any kind of threat like this is taken seriously.

 

5 hours ago, jagdtigger said:

I dont think an airport had any legal grounds to run basically a wiretap...... (if it was really them)

The Airport likely isnt the reason. The traffic was likely intercepted by an intelligence agency (MI5, MI6, NSA, etc). OR the person who received the message and or snap chat decided to report the sender.

[TetraSky]

This is up there on the stupidity scale, right above watching adult content at your job on the company wifi.

[Spotty]

I'm also sceptical of the claims that the airport was monitoring the snapchat messages that were sent over their wifi network. Seems more likely that either a recipient in the snapchat group chat reported the message or it was automatically flagged within Snapchat. Somebody within Snapchats Trust & Safety team could have reviewed the message and noted the location data aligned with an airport which makes the threat much more credible. Snapchat tags photos with GPS location data and along with the IP address showing as Gatwick airport's public wifi that would definitely raise alarms. Another possibility is that his phone itself flagged it, though I think that is less likely.

 

A flight from Gatwick England to Spain is around 4-6 hours. He apparently took the photo and posted the message while at check-in. I'm extremely surprised that within a few hours they were able to identify a risk, alert authorities, identify the person, identify what flight they were on, communicate with Spanish authorities, and launch fighter jets to intercept before the plane even made it to its destination. When you think about all the things that have to happen in that chain of events and all the people it would have to go through that is a fast response time and honestly impressive. 

 

Edit: Correction, flight time between Gatwick, England to Minorca, Spain seem to be 4-6 hours, not 2-4 hours.

Edited January 25 by Spotty
Corrected flight time

[Spotty]

11 hours ago, Sauron said:

but they just couldn't wrap their minds around him just being a teenager..? Apparently he's a somewhat known chess player too, so a 1 minute internet search would have pretty much ruled out the possibility of him being serious. Not to mention you can't board a plane without going through multiple security scans. What are those for if not to identify actual potential threats?

He was 18 years old at the time. That makes him a military aged male; a high risk group for terrorism related offences.

Just because somebody plays chess does not mean they can't be a terrorist.

Regardless of age or risk profile, authorities should take such threats seriously - especially when such threats are made when the person has the opportunity to carry out such a threat imminently.

 

10 hours ago, Sauron said:

Also I'm curious what fighter jets are supposed to do about a passenger trying to blow up the plane. If anything they're more likely to cause someone with a bomb to panic and decide to just do it.

There's more that an intercepting fighter jet can do than just shoot it down. The role of the fighter jets in cases such as these are likely to intercept, observe, communicate, and report.

The fighter jets can intercept the jet and then observe the jet for any signs of distress or damage. They can provide updates to the response team on the ground on the situation, especially in situations where the pilots of the plane may be unable to do so themselves such as if the plane has been hijacked or if they're unable to use radio communications. They can communicate through hand or other signals to the pilots if radio communication is not possible. The intercepting pilots could make contact with the pilots to communicate the situation and gather any additional information from the pilots on board. The fighter pilots could provide direct instructions to the pilots, such as heading or altitude changes.

In the event that a bomb is detonated and the plane goes down, the fighter jets could mark the location and report it to ground crews to launch a recovery mission.

 

10 hours ago, Sauron said:

You can't even enter pilot cabins from the outside anymore so something like the WTC attack is just not possible; at worst you have a hostage situation, which again is not helped by jet fighters.

 

6 hours ago, Sauron said:

The one thing that makes planes special is that they can be hijacked and used to, say, ram skyscrapers; this is now impossible because the pilot's cabin cannot be opened from the outside on modern planes. Airports already have, by far, the highest security level of any form of transport and the chances of you making it to a plane with explosives is extremely low; it's much easier and equally (or more) effective to stage the attack in the airport itself at that point.

Even if that is true, that still does not mean you do not respond to the threat. A locked door is nothing but an obstacle. You also can't rule out things like crew error or crew involvement that could grant somebody unauthorised access to the cockpit. The security procedures since 9/11 do make such hijackings more difficult, but not impossible. Detonating a bomb over a populated area causing the plane to crash could potentially be just as devastating as a hijack.

 

6 hours ago, wanderingfool2 said:

You could put a bomb on board to make the explosive effect even more-so.

A 70,000kg plane travelling at speeds of 800km/h with 20,000 litres of aviation fuel on board... I'm pretty sure a bomb that can be concealed on your person or in carry on luggage is going to make no difference in the event of impact. That's like strapping a hand grenade to a nuke to do extra damage.

[Godlygamer23]

9 hours ago, Needfuldoer said:

Airport security isn't going to assume it is "just a teenager making jokes" if there's even the remote chance they could be wrong. There's too much at stake.

 

Don't joke about performing terrorist acts.

It reminds me of a camp many years ago where there was a murderer in the area who had broken into the main cabin, and left a note within a pizza box saying if they didn't leave, they would murder the little girls in the cabin nearby(part of the same camp). The staff didn't take the note seriously, and the little girls ended up being murdered.

 

Point is...even if there's a CHANCE that it's a joke, you're better off assuming it's not because the cost is so fuckin' high. Worst case, you wasted your time on a joke. Best case, you just saved some fuckin lives!

[wanderingfool2]

4 hours ago, Spotty said:

A 70,000kg plane travelling at speeds of 800km/h with 20,000 litres of aviation fuel on board... I'm pretty sure a bomb that can be concealed on your person or in carry on luggage is going to make no difference in the event of impact. That's like strapping a hand grenade to a nuke to do extra damage.

Depends...because if the bomb was a chemical/bio bomb it could greatly impact the effect it has.

[leadeater]

Don't joke around about blowing up planes, even more so if you are about to board a plane. It was a joke isn't an excuse, not everyone will find it funny or read it as a joke, not those employed to stop threats, you can't just let it go because what if it wasn't a joke.

 

Your harmless fun means people have to put their jobs on the line and lives of others just in case you are in fact just joking?

 

Make the joke, just do it at the right time and place 

[Sauron]

4 hours ago, Spotty said:

Even if that is true, that still does not mean you do not respond to the threat. A locked door is nothing but an obstacle. You also can't rule out things like crew error or crew involvement that could grant somebody unauthorised access to the cockpit. The security procedures since 9/11 do make such hijackings more difficult, but not impossible. Detonating a bomb over a populated area causing the plane to crash could potentially be just as devastating as a hijack.

Or you could carry a bomb into a crowded train station and do the same if not more damage. There's no security to intercept you at any point there. I wonder why we're ok with that risk but even a single intercepted text message is enough to scramble everyone and their dog when a plane is involved.

 

Regardless, I don't think it's at all reasonable to expect this guy would know his message could cause this reaction, so even if it is deemed necessary then it's just the cost of doing business this way.

[leadeater]

11 hours ago, Sauron said:

Terrorist acts can be performed outside of airports and yet in daily life no such precautions are taken.

They most certainly are. Multiple times schools have been locked down and evacuated over bomb threats that were, even to the police, not realistically legitimate but even so explain that to parents of dead children when you decided not to take it seriously.

 

You honestly think any parent or just people in general are going to accept reasonings along the lines of "we didn't think is was legitimate" after it actually happens? Not a single time ever.

 

Shopping malls, train stations, airports etc are locked down (or at least partially) over unattended bags.

 

Quote

"Police remain confident that the emails being received are from the same source, and are not targeted at any particular community or group."

 

Yesterday, police said there was no danger from the threats which targeted 15 organisations, including schools and hospitals.

https://www.1news.co.nz/2023/11/24/bomb-threat-closes-schools-as-more-concerning-emails-received/

 

Quote

More than 30 schools have closed or evacuated today across Auckland after bomb threats were sent over email.

 

Police are confident that the emails are from the same source, and do not believe there is any actual threat to the schools.

https://www.nzherald.co.nz/nz/school-threats-list-of-closures-across-auckland/YTZ3YXD6P5BHREUNKDDLJ5IMDM/

[LAwLz]

8 hours ago, IkeaGnome said:

That was in my original quote. Encrypted during transit, but not stored encrypted. 

They have a way to expedite the process in emergency situations, like the one the Verma found himself starting.

They might still be stored in an encrypted format, and my guess is that they are stored that way. It's just that Snapchat can decrypt it since they have the keys to do so.

In any case, assuming this is what happened then it still wasn't because he used the airports public WiFi.

 

 

8 hours ago, Agall said:

Instead of negotiating HTTPS with the website, you're negotiating it with the AP/router who then acts like a man in the middle so it can read HTTPS traffic, the AP/router then has the HTTPS traffic to the website. It involves a certificate the AP/router negotiates with the device, so it can then use the site's certificate to re-encrypt that traffic.

That would be detected by the phone, and chances are (someone please confirm?) the Snapchat app doesn't have a way to even approve the connection manually when it sees the cert used to MITM.

What you're describing is how these things could be done, but there are quite a few steps outside of what you described that would need to have been done as well. It just seems very unlikely. 

 

 

 

32 minutes ago, leadeater said:

They most certainly are. Multiple times schools have been locked down and evacuated over bomb threats that were, even to the police, not realistically legitimate but even so explain that to parents of dead children when you decided not to take it seriously.

 

You honestly think any parent or just people in general are going to accept reasonings along the lines of "we didn't think is was legitimate" after it actually happens? Not a single time ever.

 

Shopping malls, train stations, airports etc are locked down (or at least partially) over unattended bags.

I think the logic is (and I agree with it) that it's better to be safe than sorry. I mean, imagine if we started relying on individuals to gauge if a bomb threat was a joke or not and acted according to that assessment.

 

Imagine if they ever got it wrong.

"Yeah, I am sorry that over 100 people died, but I thought the bomb threat I was looking at was just a joke. Yes, I understand that the message says they were part of a terrorist group and yes they did in fact say they would blow the plane up, but how was I supposed to know they actually meant what they said?".

 

It seems the better thing to do is just teach people not to make bomb threats or pretend to be part of terrorist groups, even as jokes. Especially not when at places like airports.

[leadeater]

17 minutes ago, LAwLz said:

That would be detected by the phone, and chances are (someone please confirm?) the Snapchat app doesn't have a way to even approve the connection manually when it sees the cert used to MITM.

What you're describing is how these things could be done, but there are quite a few steps outside of what you described that would need to have been done as well. It just seems very unlikely. 

HTTPS Full Inspection can only be done on managed devices with the required certificates installed on the device, as part of a management configuration policy. No firewall/security vendor has certificates or can be issued certificates that can present the identity of literally any website or certificate secured service because such certificates would be the end of all security of the internet forever, not even theoretically but actually and immediately.

 

This is why a lot of security minded organizations require device enrollment when joining their wireless network or at least one with greater permissions than internet access only. If you have to enroll your private device then odds are HTTPS Inspection is happening so think twice before continuing, even if not you are handing control of your device over.

 

P.S. No Snapchat will not work if there is a cert chain error on connection attempt.

https://github.com/httptoolkit/frida-interception-and-unpinning/issues/44

[Sauron]

30 minutes ago, leadeater said:

They most certainly are. Multiple times schools have been locked down and evacuated over bomb threats that were, even to the police, not realistically legitimate but even so explain that to parents of dead children when you decided not to take it seriously.

 

You honestly think any parent or just people in general are going to accept reasonings along the lines of "we didn't think is was legitimate" after it actually happens? Not a single time ever.

 

Shopping malls, train stations, airports etc are locked down (or at least partially) over unattended bags.

Do you not see the difference between a bomb threat being directly sent to a school or a bag being left unattended, and someone writing a joke in a text chat they assume to be private? Who's intercepting your snapchat while you board a train?

32 minutes ago, leadeater said:

You honestly think any parent or just people in general are going to accept reasonings along the lines of "we didn't think is was legitimate" after it actually happens? Not a single time ever.

At the very least, if you're going to prosecute people for causing false alarms you need to let them know what the triggers are. Personally I think intercepting everyone's private conversations, without any evidence at all of them being dangerous, is a privacy violation and is bound to cause expensive false alarms, on top of not once (at least to my knowledge) actually preventing an attack.

3 minutes ago, LAwLz said:

I think the logic is (and I agree with it) that it's better to be safe than sorry. I mean, imagine if we started relying on individuals to gauge if a bomb threat was a joke or not and acted according to that assessment.

 

Imagine if they ever got it wrong.

This is literally a case where they got it wrong, 100k was spent for no reason and some guy is currently under trial for shitposting on a private messaging group. The fighter jet pilots had to subjectively judge the situation and decided there was no real threat; imagine if the pilot had made a mistake and the fighters mistook it for an attempt at dive bombing something, then shot down the passenger plane?

 

The idea that there's no subjective judgment at play here is ridiculous. Do we send a paramedics team out every time some teenager goes "haha I can't I'm literally gonna kms dude lmao" in their group chat? Some followup is certainly warranted in this case but immediately assuming it's a fully serious bomb threat is not.