Student arrested after sending private joke over snapchat before boarding a plane, message was viewed by security as he was connected to public Wi-Fi

[leadeater]

2 minutes ago, Sauron said:

Do you not see the difference between a bomb threat being directly sent to a school or a bag being left unattended, and someone writing a joke in a text chat they assume to be private? Who's intercepting your snapchat while you board a train?

I see the difference yes, but as I said it makes zero difference to for example airport security.

 

3 minutes ago, Sauron said:

Who's intercepting your snapchat while you board a train?

Airport security and network operations wasn't, 100%. The events of this story were not initiated from wifi interception.

[leadeater]

For all those what want to know Snapchat uses certificate pinning, that means HTTPS Full Inspection is not possible.

 

Quote

Some Android apps go to astounding lengths to ensure that even the owner of a device can never see the content of the app's HTTPS requests.

 

This is problematic for security research, privacy analysis and debugging, and for control over your own device in general. It's not a purely theoretical problem either - protections like this attempt to directly block HTTPS inspection tools like HTTP Toolkit, which allow you to automatically intercept HTTPS from Android devices for inspection, testing & mocking, like so:

This depends on the target application(s) trusting the debugging proxy's certificate for HTTPS traffic. These HTTP interception and mocking techniques are super useful for testing and understanding most apps, but they have issues with the small set of hyper-vigilant apps that add extra protections aiming to lock down their HTTPS traffic and block this kind of inspection

https://httptoolkit.com/blog/frida-certificate-pinning/

 

Airport guest WiFi even with HTTP Full Inspection cannot defeat or bypass certificate pinning. Certificate pinning is for protection against HTTP Inspection.

 

I can say with absolute certainty this person's joke Snapchat message was not intercepted over the Airport WiFi by airport security or network operators.

[Sauron]

6 minutes ago, leadeater said:

Airport security and network operations wasn't, 100%. The events of this story were not initiated from wifi interception.

I agree, I'm saying that somehow I doubt this would have caused anything to happen if he had written "gonna blow up the train lmao" at a train station.

[leadeater]

7 minutes ago, Sauron said:

I agree, I'm saying that somehow I doubt this would have caused anything to happen if he had written "gonna blow up the train lmao" at a train station.

That is only your opinion and I'd tend to disagree. You won't have a fighter jet dispatched but the train will be stopped at the next station and said person would be removed.

 

Quote

US actor and comedian TJ Miller has been charged for intentionally reporting a fake bomb threat while travelling on a train, officials say.

 

Mr Miller, who allegedly called police from the train to report a female passenger with "a bomb in her bag", was arrested in New York on Monday.

 

The incident, which happened on 18 March, led to the Amtrak vehicle being searched without a device being found.

 

Mr Miller faces up to five years in prison if found guilty of the charge.

https://www.bbc.com/news/world-us-canada-43719494

 

If your threat gets noticed, by whatever means, the train will be stopped.

[CarlBar]

6 hours ago, leadeater said:

Don't joke around about blowing up planes, even more so if you are about to board a plane. It was a joke isn't an excuse, not everyone will find it funny or read it as a joke, not those employed to stop threats, you can't just let it go because what if it wasn't a joke.

 

Your harmless fun means people have to put their jobs on the line and lives of others just in case you are in fact just joking?

 

Make the joke, just do it at the right time and place 

 

It's a private chat, no normal person should expect that someone is monitoring that 24/7. Thats why you can make jokes like that in the safety of your own home and cannot be charged over them, yes the police could have randomly bugged your house, (we'll ignore the warrants situation), but it's not very likely.

 

A private chat is absolutely an example of right time and place. I don't necessarily have an issue with someone elsewhere flagging it and them responding just to be safe. But the moment they investigated and determined that yes this was not remotely serious and there's no other evidence of terrorist activity thats it, someone got overcautious in this case no harm no foul.

[Agall]

6 hours ago, LAwLz said:

 

That would be detected by the phone, and chances are (someone please confirm?) the Snapchat app doesn't have a way to even approve the connection manually when it sees the cert used to MITM.

What you're describing is how these things could be done, but there are quite a few steps outside of what you described that would need to have been done as well. It just seems very unlikely. 

Unless you're looking at certificates to see who its registered to, it might not. The system I described can use proper certificates, and it could install when someone accepts the user conditions at the captive portal. Although its been a while since I've been at an airport or on their Wifi. My experience with such is Sonciwall's DPI-SSL system.

[leadeater]

1 hour ago, CarlBar said:

It's a private chat, no normal person should expect that someone is monitoring that 24/7. Thats why you can make jokes like that in the safety of your own home and cannot be charged over them, yes the police could have randomly bugged your house, (we'll ignore the warrants situation), but it's not very likely.

 

A private chat is absolutely an example of right time and place. I don't necessarily have an issue with someone elsewhere flagging it and them responding just to be safe. But the moment they investigated and determined that yes this was not remotely serious and there's no other evidence of terrorist activity thats it, someone got overcautious in this case no harm no foul.

Yes but you are ignoring that the most likely situation here is someone in the private chat reported the message.

 

It is not the right place nor the right time to joke about blowing up airplanes in a private chat group when those in the chat know you are about to get on one and you have no idea how people will actually take it or if one person just don't like you and you don't know it and will use that to get back at you.

 

At no point is it ever a good idea to joke about that in an airport directly before boarding an aircraft, there is no situation ever where it is a good idea.

 

It was a joke is not a counter argument to "that was a dumb thing to do". It can be a joke and still be idiotic.

[leadeater]

1 hour ago, Agall said:

Unless you're looking at certificates to see who its registered to, it might not. The system I described can use proper certificates, and it could install when someone accepts the user conditions at the captive portal. Although its been a while since I've been at an airport or on their Wifi. My experience with such is Sonciwall's DPI-SSL system.

Captive portal with user acceptance doesn't install certificates, most public WiFi will not install certificates. You can configure your captive portal to go through device enrollment but that will require the user accepts the device enrollment and that the itself will bring up the prompt to authorize it. Still public WiFi device enrollment is very much not common. You can do HTTPS inspection without breaking the chain by only inspecting certificates and unencrypted metadata.

 

This doesn't change that Sonciwall's DPI-SSL cannot be used to inspect Snapchat traffic since Snapchat App uses certificate pinning so the App and Snapchat know the hashes of the certificates it expects and Sonicwall's will not be presenting a matching hash (even though device trusted, assuming enrolled) so Snapchat App will refuse to connect.

 

Applications that advertise E2E encryption etc will more than likely be using certificate pinning and be immune to HTTPS Full Inspection (DPI-SSL or whatever vendor brand name they choose).

[wanderingfool2]

2 hours ago, CarlBar said:

It's a private chat, no normal person should expect that someone is monitoring that 24/7. Thats why you can make jokes like that in the safety of your own home and cannot be charged over them, yes the police could have randomly bugged your house, (we'll ignore the warrants situation), but it's not very likely.

 

A private chat is absolutely an example of right time and place. I don't necessarily have an issue with someone elsewhere flagging it and them responding just to be safe. But the moment they investigated and determined that yes this was not remotely serious and there's no other evidence of terrorist activity thats it, someone got overcautious in this case no harm no foul.

Well I mean clearly one of the people in the group didn't think it was a joke.

 

There are times and places to make "jokes", and if the people you are delivering the joke to don't know you well enough to judge if it was a joke then he deserves what he gets.  So no, a private chat is not the right time and place because if it was his friends wouldn't have ratted on him; and this story wouldn't have existed.

 

There are also lots of cases of people who claimed they were only "joking" but were actually just using it as an excuse to get out of prosecution (normally in regards to S.H.). 

 

To reference as well, jokes made in the "safety" of your own home 100% can get you in trouble if the authorities heard what you said and took it seriously (like if someone reported it, or overheard it).

 

 

Consider, if he "wrote" it in "private" but someone walking by saw the word bomb and Taliban (because he's in a public airport it's more than likely what you do on your phone might be seen by someone walking by).  That person alerts the authorities.  Now I don't think that happened in this case, but like it or not he caused a panic.

 

No one got overly cautious in this case.  They literally have to respond until they know there isn't a threat...that determination wouldn't occur until the plane is on the ground and the person is arrested.  After the fact though, he deserves to be punished because his actions lead to a scramble and triggered a justifiable massive response.

 

8 hours ago, leadeater said:

For all those what want to know Snapchat uses certificate pinning, that means HTTPS Full Inspection is not possible.

hmm, interesting, I wonder if they got tired of people snooping the API and recovering the limited time access photos...since in 2014 they werent utilizing that yet.

 

Yea, with cert pinning; definitely isn't the case that it was broken.  Although, maybe you know more, wasn't there legislation being proposed like 4-5 years ago that would require text based message apps to allow some form of method for authorities to access the data?  I know with some of the more recent stuff, if passed, at least web browsers would be required to  put in CA's of a countries choosing [oversimplifying].  Maybe I'm just miss-remembering, or maybe the bill went no-where.

 

I know in Canada some of the wiretap laws, unless things have changed from years ago when I read it, if the government really pushed for it could already try forcing companies to allow some access.

 

8 hours ago, Sauron said:

I agree, I'm saying that somehow I doubt this would have caused anything to happen if he had written "gonna blow up the train lmao" at a train station.

Trains have been shutdown because of "threats".  Malls have been evacuated out of single anonymous caller bomb threats.  Schools have been put on lockdown because of fake weapons.

 

Schools in America under threat of guns now have security guards and metal detectors (at some schools).

 

If someone were to write "blow up the train" and if the train ride was long enough that the authorities knew before then yes similar responses would occur.  They would scramble crews to the next station, they would prepare for worst case scenarios.

 

If you look at it, look at how swatting has become a thing.  The amount of instances of streamers getting swatted multiple times, and every time there is a full swat team/police response.  It happens to normal people as well, although streamers are a better example because it's one where it happens enough that they might think it's a fake call but they still reach normally to it.

[CarlBar]

1 hour ago, leadeater said:

Yes but you are ignoring that the most likely situation here is someone in the private chat reported the message.

 

It is not the right place nor the right time to joke about blowing up airplanes in a private chat group when those in the chat know you are about to get on one and you have no idea how people will actually take it or if one person just don't like you and you don't know it and will use that to get back at you.

 

At no point is it ever a good idea to joke about that in an airport directly before boarding an aircraft, there is no situation ever where it is a good idea.

 

It was a joke is not a counter argument to "that was a dumb thing to do". It can be a joke and still be idiotic.

 

I didn't say it was smart or in good taste, neither is remotely true.

 

But ask yourself this, lets say instead of talking via snapchat they'd all been sat on a bench talking in a low voice where normally no one could hear them but for whatever reason someone ends up in a position to listen in. They overheard the joke and rush to security. What do you think will happen?

 

Answer; security pulls them in questions them, finds out about the joke history does some checking into them via other messages and lets them go, probably with a caution and a reminder to be more careful about where they make such jokes and a note on the bad taste of it. They are very unlikely to be charged, and if they are at the most it will be with wasting police time. Not with fuckign terrorism offences pardon my french.

 

The issue here isn't that the authorities reacted initially, it's how they've proceeded since then.

 

As for someone in the snapchat reporting it, that makes this even stupider. Based on the info we have to date, (and the authorities do not seem to be refuting the joke claims at all), everyone in the chat should have known it was a joke. Now if someone in the chat reported it to cause trouble because that would make the joke funnier, by all means nail that person to the wall with wasting police time and the other related charges, but at least the last time i remember this happening it still wasn't a terrorism offence.

 

@wanderingfool2 addressed most of it above but for the case of saying something in your own home when the authorities are listening. Unless you know they're listening they still would have a potentially shaky case. They definitely can't charge you with what you said you where going to do if there's no other evidence and i'm not sure if they can charge you with wasting police time and related stuff as you had no expectation or good reason to believe the police would even be aware of the joke. I think they not only have to show that you wasted police time, but that you did so either deliberately or through gross negligence. Which a conversation that would normally be private probably doesn't count as.

 

You'd still have a bunch of legal ohh ahh and need to have a long sit down with the police, but it's not likely to end up as a court case.

[wanderingfool2]

33 minutes ago, CarlBar said:

But ask yourself this, lets say instead of talking via snapchat they'd all been sat on a bench talking in a low voice where normally no one could hear them but for whatever reason someone ends up in a position to listen in. They overheard the joke and rush to security. What do you think will happen?

 

Answer; security pulls them in questions them, finds out about the joke history does some checking into them via other messages and lets them go, probably with a caution and a reminder to be more careful about where they make such jokes and a note on the bad taste of it. They are very unlikely to be charged, and if they are at the most it will be with wasting police time. Not with fuckign terrorism offences pardon my french.

 

The issue here isn't that the authorities reacted initially, it's how they've proceeded since then.

If they were joking about lets say poisoning the water supply, and the authorities had to go looking for them (i.e. reacting while they identified including things like stopping the water from leaving), then yes they would be charged (not with terrorism threats)

 

The important thing is, is there a perceived threat at a time that elicits a reaction where they should know that if taken seriously could cause an issue.

 

Notice how he's not being charged with terrorism?  Why, because they determined it wasn't.  The fact is though his statements caused a scramble, and a full scale investigation to be done

 

33 minutes ago, CarlBar said:

As for someone in the snapchat reporting it, that makes this even stupider. Based on the info we have to date, (and the authorities do not seem to be refuting the joke claims at all), everyone in the chat should have known it was a joke.

What is stupid is making a joke about a bomb and being part of the Taliban to people who don't know you well enough.

 

There are cases where people have posted on social media to their friends that are warning signs, that at the time people probably thought the person was joking...only to have it turn out they had those beliefs.

 

How many times have you heard of people who just "snapped" or who to their neighbours were the ideal person only to find out they had a darker side.

 

As an example, "it's only a story" was something said by a murderer who wrote a novel about a killing...the thing is the stories killing matched the details of a cold case (some of which information wasn't shared).  To all the guys friends, I'm sure it presented as him just imagining and writing a good psycho killer book; not something to send a red flag about.

 

There's lots of stories of tragedies that could have been prevented if the people hearing what a person hadn't thought "he's just joking", "he wouldn't actually do it", "he's just using it as a hyperbole".  So it's not unreasonable for someone to see a statement and genuinely believe there might be a threat.

[CarlBar]

39 minutes ago, wanderingfool2 said:

If they were joking about lets say poisoning the water supply, and the authorities had to go looking for them (i.e. reacting while they identified including things like stopping the water from leaving), then yes they would be charged (not with terrorism threats)

 

The important thing is, is there a perceived threat at a time that elicits a reaction where they should know that if taken seriously could cause an issue.

 

Notice how he's not being charged with terrorism?  Why, because they determined it wasn't.  The fact is though his statements caused a scramble, and a full scale investigation to be done

 

I misread a few comments earlier in the thread and thought they were throwing terrorism charges at him, thats what really raised the red flags. oops/ Sorry.

 

That said even the scenario you gave, i'm not 100% on the law but again i think they have to prove intent , (or gross negligence), to cause a panic. 

 

42 minutes ago, wanderingfool2 said:

What is stupid is making a joke about a bomb and being part of the Taliban to people who don't know you well enough.

 

There are cases where people have posted on social media to their friends that are warning signs, that at the time people probably thought the person was joking...only to have it turn out they had those beliefs.

 

How many times have you heard of people who just "snapped" or who to their neighbours were the ideal person only to find out they had a darker side.

 

As an example, "it's only a story" was something said by a murderer who wrote a novel about a killing...the thing is the stories killing matched the details of a cold case (some of which information wasn't shared).  To all the guys friends, I'm sure it presented as him just imagining and writing a good psycho killer book; not something to send a red flag about.

 

There's lots of stories of tragedies that could have been prevented if the people hearing what a person hadn't thought "he's just joking", "he wouldn't actually do it", "he's just using it as a hyperbole".  So it's not unreasonable for someone to see a statement and genuinely believe there might be a threat.

 

But thats the point, the people he made it to did know him well enough and the authorities are not disputing that. Also according to the BBC article it was UK security services, probably MI5 or MI6. Sounds more like GCHQ at work than someone reporting it.

[Biohazard777]

1 hour ago, wanderingfool2 said:

What is stupid is making a joke about a bomb and being part of the Taliban to people who don't know you well enough.

That assumes two things:
1) One or more of his friends reported him
Maybe, maybe not.

2) His friends didn't know him well enough
https://www.dailymail.co.uk/news/article-13006135/Brit-chess-prodigy-20-joked-friends-Im-Taliban-triggering-fighter-jet-escort-easyJet-flight-CLEARED-wrong-doing-Spanish-judge.html

Quote

'It was a joke in a private group sent to friends I'd known for eight, nine, ten years mostly and I was messing around with on the day.'

Sure, a certain number of years =/= someone knowing you well enough...
But still, it would explain why he thought his friends would perceive it as a joke and nothing more.

 

49 minutes ago, CarlBar said:

That said even the scenario you gave, i'm not 100% on the law but again i think they have to prove intent , (or gross negligence), to cause a panic. 

https://www.mirror.co.uk/news/uk-news/brit-chess-prodigy-who-made-31967006

Quote

A British former child chess prodigy who told his friends: “On my way to blow up the plane, I’m a member of the Taliban” as he boarded a flight to Spain has been cleared of any wrongdoing.
 

...judge Jose Manuel Fernandez-Prieto said today his actions hadn’t constituted a crime under Spanish law after returning his verdict just three days after the end of the trial at the centralised Audiencia Nacional court. He said of the actions of the British youngster, who has represented England at several international chess tournaments and once met legendary player Gary Kasparov: “No intention to provoke the mobilisation of a military plane, or any police or other emergency service is apparent.”

He added: “It cannot be ignored that the message and photograph with it were not sent to any official organisation, nor were they publicised in any way that would inevitably lead to the corresponding mobilization of the pertinent police, assistance or rescue services. On the contrary they were shared in a strictly private environment, between the accused and the friends he was flying with to which only they had access. The accused could not even remotely assume (as he expressly stated at the trial), that the joke he played on his friends could be intercepted or detected by the British services, or by third parties outside of his friends who received the message.”

Good ruling, IMO.

[leadeater]

4 hours ago, wanderingfool2 said:

hmm, interesting, I wonder if they got tired of people snooping the API and recovering the limited time access photos...since in 2014 they werent utilizing that yet.

 

Yea, with cert pinning; definitely isn't the case that it was broken.  Although, maybe you know more, wasn't there legislation being proposed like 4-5 years ago that would require text based message apps to allow some form of method for authorities to access the data?  I know with some of the more recent stuff, if passed, at least web browsers would be required to  put in CA's of a countries choosing [oversimplifying].  Maybe I'm just miss-remembering, or maybe the bill went no-where.

 

I know in Canada some of the wiretap laws, unless things have changed from years ago when I read it, if the government really pushed for it could already try forcing companies to allow some access.

I think that was covered earlier in this topic by someone else.

 

The only other possible situation, and I don't think so, is that Snapchat App is client side message scanning for at risk words and phrases and flags them automatically.

 

So there are only two likely scenarios here:

1. Someone in the private chat "snitched"
2. Snapchat analyzes all content client side by the App and reports concerning content

I doubt number 2 is what is happening since Snapchat wouldn't want the blowback for doing it. No point advertising you have E2E encryption of any form when it's 100% violated all the time always.

 

The third outside possibility is data at rest, group chat, is analyzed and key word/phrase searched. Truly the fault is with the student and anyone else that believes that "shit you say on the internet" cannot be seen by those you don't want to or think shouldn't see it. We have no good idea how online services actually operate and they are not going to tell us.

 

Sending "white powder" in the Royal Mail to some else is still and offence even as a joke and that letter with your "white powder" could be detected and investigated at any point since mail is x-rayed for biological material.

Edited January 25 by leadeater

[leadeater]

1 hour ago, CarlBar said:

But thats the point, the people he made it to did know him well enough and the authorities are not disputing that. Also according to the BBC article it was UK security services, probably MI5 or MI6. Sounds more like GCHQ at work than someone reporting it.

Reported online terror threats still go to them and they deal with it, just because they were involved doesn't mean they themselves were the ones that found the message and acted on it first.

 

That's like saying because the police turned up the police were the ones that "found something" first and acted on it.

 

Quote

The Security Service, also known as MI5 (Military Intelligence, Section 5),[2] is the United Kingdom's domestic counter-intelligence and security agency and is part of its intelligence machinery alongside the Secret Intelligence Service (MI6), Government Communications Headquarters (GCHQ), and Defence Intelligence (DI). MI5 is directed by the Joint Intelligence Committee (JIC), and the service is bound by the Security Service Act 1989. The service is directed to protect British parliamentary democracy and economic interests and to counter terrorism and espionage within the United Kingdom (UK).

 

[wanderingfool2]

53 minutes ago, Biohazard777 said:

That assumes two things:
1) One or more of his friends reported him
Maybe, maybe not.

2) His friends didn't know him well enough
https://www.dailymail.co.uk/news/article-13006135/Brit-chess-prodigy-20-joked-friends-Im-Taliban-triggering-fighter-jet-escort-easyJet-flight-CLEARED-wrong-doing-Spanish-judge.html

Quote

'It was a joke in a private group sent to friends I'd known for eight, nine, ten years mostly and I was messing around with on the day.'

Sure, a certain number of years =/= someone knowing you well enough...
But still, it would explain why he thought his friends would perceive it as a joke and nothing more.

As Leadeater has stated, the method they alleged of "public WiFi" is woefully implausible.

 

That leads to his friends actions being the one that lead it to the authorities...which means yea he didn't know them well enough.  It doesn't matter if you have known someone for 10 years, you can still say things that might offend/worry a friend without realizing.

 

57 minutes ago, Biohazard777 said:

Good ruling, IMO.

I really don't think we should be rewarding the level of stupid you need to joke about a bomb while going onto a plane.

 

Where I live, we don't charge people who need rescuing who went into avalanche territory and out of bounds without being prepped...doesn't make it less stupid and doesn't mean people shouldn't get in trouble.

 

1 minute ago, leadeater said:

I think that was covered earlier in this topic by someone else.

 

The only other possible situation, and I don't think so, is that Snapchat App is client side message scanning for at risk words and phrases and flags them automatically.

 

So there are only two likely scenarios here:

1. Someone in the private chat "snitched"
2. Snapchat analyzes all content  client side by the App and reports concerning content

I doubt number 2 is what is happening since Snapchat wouldn't want the blowback for doing it. Not point advertising you have E2E encryption of any form when it's 100% violated all the time always.

Could be in theory Snapchat's backend servers doing the scanning (easier to do "undetected" by the user).  *Although I don't think so*

 

You advertise E2EE, even if you do violate it, which I don't think they do, because it's a nice marketing buzz word that makes people think they have more security than there actually is.  An example of this would be eufy, where they advertised E2EE as a feature...except that the feeds weren't actually E2EE and on the backend they could just assign themselves as a valid user and access the cameras anyways.

 

I do agree that it's likely option 1 though; it was the same concept I had earlier that either Snapchat analyzed or the extremely likely scenario of a friend blabbing.

 

I think I said it before back in the Eufy thread from years ago, E2EE in most forms of communication offers surprisingly little extra security when the company that controls distributing the users public keys also is the ones that handles the traffic...in that case it really only really prevents when a hacker accesses a server in that they have to compromise the server doing the public key stuff (As I don't really see in Snapchat a way to view a safety number...although haven't looked too hard).

 

1 hour ago, CarlBar said:

But thats the point, the people he made it to did know him well enough and the authorities are not disputing that. Also according to the BBC article it was UK security services, probably MI5 or MI6. Sounds more like GCHQ at work than someone reporting it.

The authorities just aren't naming sources, all we really know is that their friends are denying it was them who told/shared and the authorities are staying silent

 

Lots of agencies like MI6, secret serveice etc won't be specific on their sources if it essentially means admitting to their abilities/sources.

They wouldn't want to state "we don't have access to SnapChat" or "we do have access to Snapchat"

[LAwLz]

7 hours ago, Agall said:

Unless you're looking at certificates to see who its registered to, it might not.

No, it would still trigger a certificate error.

Even if we ignore the part about Snapchat using certificate pinning, it still would trigger an invalid certificate. You don't have to look at the certificate yourself to figure out your session is being proxied. The HTTPS handshake does that for you.

 

 

7 hours ago, Agall said:

The system I described can use proper certificates, and it could install when someone accepts the user conditions at the captive portal.

You'd have to get a wildcard cert onto the device itself in order for this to work. You can't just use any valid cert. It has to be able to match SnapChat's certificate.

You can't install certificates through a captive portal. That would be a massive security vulnerability. You could ask the user to manually install the certificate if you wanted, but that would raise several red flags and also prompt several warnings during the process. It's not something that can be done automatically or even manually without triggering multiple warnings. It's not something that can happen by just clicking agree on some captive portal.

 

 

I think the idea that the airport sniffed his chat traffic and caught him that way is extremely unlikely. The more likely scenarios are:

1) Someone in the chat reported him.

2) SnapChat themselves inspected the chat and reported it.

3) Something other than the Snap message was the reason why he was suspected, and the message might have been discovered later once they searched his phone or whatever happened.

[Agall]

10 minutes ago, LAwLz said:

No, it would still trigger a certificate error.

Even if we ignore the part about Snapchat using certificate pinning, it still would trigger an invalid certificate. You don't have to look at the certificate yourself to figure out your session is being proxied. The HTTPS handshake does that for you.

 

 

You'd have to get a wildcard cert onto the device itself in order for this to work. You can't just use any valid cert. It has to be able to match SnapChat's certificate.

You can't install certificates through a captive portal. That would be a massive security vulnerability. You could ask the user to manually install the certificate if you wanted, but that would raise several red flags and also prompt several warnings during the process. It's not something that can be done automatically or even manually without triggering multiple warnings. It's not something that can happen by just clicking agree on some captive portal.

 

 

I think the idea that the airport sniffed his chat traffic and caught him that way is extremely unlikely. The more likely scenarios are:

1) Someone in the chat reported him.

2) SnapChat themselves inspected the chat and reported it.

3) Something other than the Snap message was the reason why he was suspected, and the message might have been discovered later once they searched his phone or whatever happened.

Cameras that can read text on people's phones even?

[wanderingfool2]

3 minutes ago, Agall said:

Cameras that can read text on people's phones even?

Camera's wouldn't have the needed resolution to do that.

 

15 minutes ago, LAwLz said:

1) Someone in the chat reported him.

It's almost certainly this; although while a bit of a stretch it could also have been someone in the airport saw him typing the message and reported it (although unless it was a delayed reaction of going to security, given he managed to get airborne, it would not likely be an option)

[Agall]

29 minutes ago, wanderingfool2 said:

Camera's wouldn't have the needed resolution to do that.

 

It's almost certainly this; although while a bit of a stretch it could also have been someone in the airport saw him typing the message and reported it (although unless it was a delayed reaction of going to security, given he managed to get airborne, it would not likely be an option)

Depends on the placement and cameras, I can almost read text on cellphones with the cameras at work. A place like an airport might have substantially newer cameras that aren't +10 years old and have software necessary to read the text on people's phones.

[wanderingfool2]

50 minutes ago, Agall said:

Depends on the placement and cameras, I can almost read text on cellphones with the cameras at work. A place like an airport might have substantially newer cameras that aren't +10 years old and have software necessary to read the text on people's phones.

It would have to be very convenient placing.

 

Even if we went a bit extreme and assumed an airport used an 8k camera; I can tell you now that 8k in an area that needs to cover passengers will not really show texts (and wouldn't be anywhere near enough for software to read it).  Are cameras good enough to zoom in and see what's on a display, sure, but keep in mind that each camera has to cover a whole swath of area.

 

Let's assume though an 8k camera [and for this purpose a square 7680x7680 which isn't realistic] covering a 5m by 5m distance [unrealistically small coverage].  A smartphone screen will be 0.2mx0.2m at best [unrealistically large]

The question becomes, how many pixels does the phone comprise of?  You could fit 25 phones by 25 phones.  That means at best you are talking about a resolution of 307 x 307 pixels...which might be just enough to get software to read (assuming the focus is correct).

 

So really the quality of the cameras are no where near good enough for that to be any realistic approach.  Actually, the Billy Bishop Toronto City Airport [ranked one of the smallest airports in Canada] is ~2,500m² for the terminal size.  If you do a 5m x 5m coverage, you would need 100 cameras for that terminal.

 

Camera's capturing it would be very unlikely, unless someone monitoring the cameras happened to see him as he was typing at the exact right spot.

 

 

 

Also related to this topic, realistically the sequence of events doesn't match it being detected from anyone within the airport.  If it was caught on the wifi, I bet they would have grounded all the planes until they could determine which passenger sent it...and it wouldn't take them too long to figure it out most likely...since if they were snooping on the traffic they would know which access point he was connected to...and actually be able to track which current access point he was on.  From there they could easily look at the cameras to see who had their phone out during that time; and as bad as it is to say they would be using racial profiling to narrow down the candidates...it probably wouldn't take them more than 15 minutes to ID who sent it [IF they actually did have the technology, which they don't, to snoop on the encrypted traffic]

[leadeater]

18 minutes ago, wanderingfool2 said:

Even if we went a bit extreme and assumed an airport used an 8k camera; I can tell you now that 8k in an area that needs to cover passengers will not really show texts (and wouldn't be anywhere near enough for software to read it).  Are cameras good enough to zoom in and see what's on a display, sure, but keep in mind that each camera has to cover a whole swath of area.

Only cameras that can realistically/reliably do that sort of thing would be PTZ with optical zoom (The Z heh).

 

Here is an unrealistically close camera position curtesy of Axis marketing material, can you read the computer screen or the credit card/ID Card/Store Card?

 

[djksm]

bro imagine being the kids parents

[wanderingfool2]

3 hours ago, leadeater said:

Only cameras that can realistically/reliably do that sort of thing would be PTZ with optical zoom (The Z heh).

Oh haha yea, my bad...when I said zoom in I should have specified optical zoom.  I just internalized the word optical.

 

Although I did actually use a 4k camera to identify what a manager did on their computer, after monitoring system flagged inappropriate  use of a computer...but that was also because the monitor was the one that was above the cash box (so it was uniquely focused as well to detect issues with improper counting of the money).

 

Honestly, aside from the resolution issue though the focus issue/lighting issues are what makes it also not feasible.

[CarlBar]

8 hours ago, leadeater said:

Reported online terror threats still go to them and they deal with it, just because they were involved doesn't mean they themselves were the ones that found the message and acted on it first.

 

That's like saying because the police turned up the police were the ones that "found something" first and acted on it.

 

My experiance is that a random report usually gets mentioned in the press as having come into the police regardless of who handles it. Though since it was passed to a foreign nation maybe it would get reported differently.

 

7 hours ago, wanderingfool2 said:

The authorities just aren't naming sources, all we really know is that their friends are denying it was them who told/shared and the authorities are staying silent

 

Lots of agencies like MI6, secret serveice etc won't be specific on their sources if it essentially means admitting to their abilities/sources.

They wouldn't want to state "we don't have access to SnapChat" or "we do have access to Snapchat"

 

Whilst thats true, if it was one of the friends, given the context i'd expect the spanish authorities to at least be considering charges against them. Since their not i suspect they probably don't. MI5/MI6 may not share info publicly, but i imagine they and the spanish authorities have communicated. And the judges comments seem to indicate he believes the claim.

 

@Biohazard777 cheers on the update, judges comments are basically my thoughts much better communicated and with the confirmation on the legal side.