22-11-2010, 05:30 PM
Moxie Marlinspike. Hacker. Stopped.
The well known, and respected computer security researcher was detained on Wednesday for several hours as his laptop and cellphones were searched by border agents.
The researcher, who goes by the hacker handle Moxie Marlinspike, as he prefers not to divulge his legal name, was met by two U.S. Customs and Border Protection agents at the door of his plane when he arrived at JFK airport on a flight from the Dominican Republic. The agents escorted him to a detention room where they held him for 4 1/2 hours, he says. During that time, a forensic investigator arrived and seized his laptop and two cellphones - he also asked for his passwords to access his devices to which Marlinspike refused.
Moxie Marlinspike is the creator of tools such as SSL strip, a SSL stripping CLI tool wrote in Python. A thread on how to use it and more information can be found here: http://mcompute.co.uk/showthread.php?tid=255
Marlinspike gained attention last year at the Black Hat security conference in Las Vegas when he revealed a serious vulnerability in how internet browsers verify digital security certificates. The flaw would let a hacker create a fake website for Bank of America or some other legitimate business, obtain a fake digital certificate and trick a browser into thinking the fake site was the legitimate one, allowing the hacker to conduct a phishing attack against unsuspecting users who entered their bank credentials into the fake site. He released two free tools that would help an attacker conduct such an attack.
Three months later, PayPal froze his account with $500 in it because the company objected to the use of its logo on his website, where visitors could download the free tools. A PayPal representative said at the time that the company did not allow PayPal “to be used in the sale or dissemination of tools which have the sole purpose to attack customers and illegally obtain individual customer information.”
Under the “border search exception” of United States criminal law, international travelers can be searched without a warrant as they enter the United States. Under the Obama administration, law enforcement agents have aggressively used this power to search travellers’ laptops, sometimes copying the hard drive before returning the computer to its owner. Courts have ruled that such laptop searches can take place even in the absence of any reasonable suspicion of wrongdoing.
Marlinspike said ticket agents told him he was on a federal watchlist.
![[Image: moxie-marlinspike.jpg]](http://markwood.co.cc/donotdelete/articles/moxie-marlinspike.jpg)
The well known, and respected computer security researcher was detained on Wednesday for several hours as his laptop and cellphones were searched by border agents.
The researcher, who goes by the hacker handle Moxie Marlinspike, as he prefers not to divulge his legal name, was met by two U.S. Customs and Border Protection agents at the door of his plane when he arrived at JFK airport on a flight from the Dominican Republic. The agents escorted him to a detention room where they held him for 4 1/2 hours, he says. During that time, a forensic investigator arrived and seized his laptop and two cellphones - he also asked for his passwords to access his devices to which Marlinspike refused.
Moxie Marlinspike is the creator of tools such as SSL strip, a SSL stripping CLI tool wrote in Python. A thread on how to use it and more information can be found here: http://mcompute.co.uk/showthread.php?tid=255
Moxie Marlinspike Wrote:“I can’t trust any of these devices now. They could have modified the hardware or installed new keyboard firmware.”
Marlinspike gained attention last year at the Black Hat security conference in Las Vegas when he revealed a serious vulnerability in how internet browsers verify digital security certificates. The flaw would let a hacker create a fake website for Bank of America or some other legitimate business, obtain a fake digital certificate and trick a browser into thinking the fake site was the legitimate one, allowing the hacker to conduct a phishing attack against unsuspecting users who entered their bank credentials into the fake site. He released two free tools that would help an attacker conduct such an attack.
Three months later, PayPal froze his account with $500 in it because the company objected to the use of its logo on his website, where visitors could download the free tools. A PayPal representative said at the time that the company did not allow PayPal “to be used in the sale or dissemination of tools which have the sole purpose to attack customers and illegally obtain individual customer information.”
Under the “border search exception” of United States criminal law, international travelers can be searched without a warrant as they enter the United States. Under the Obama administration, law enforcement agents have aggressively used this power to search travellers’ laptops, sometimes copying the hard drive before returning the computer to its owner. Courts have ruled that such laptop searches can take place even in the absence of any reasonable suspicion of wrongdoing.
Moxie Marlinspike Wrote:They’re beginning to destroy my ability to run a business with international customers. I can’t travel internationally without assurances that I’m not going to spend five hours in a detention room and am not going to lose whatever electronic devices I have with me at the time.
Marlinspike said ticket agents told him he was on a federal watchlist.
![[Image: nomnomnom.jpg]](http://img844.imageshack.us/img844/884/nomnomnom.jpg)
![[Image: Bulbasaur_by_bigsharn.jpg]](http://fc03.deviantart.net/fs70/f/2010/113/9/8/Bulbasaur_by_bigsharn.jpg)