The Washington PostDemocracy Dies in Darkness

Hacker Chris Roberts told FBI he took control of United plane, FBI claims


A hacker who allegedly said he took over the controls of a plane in mid-flight has been investigated by the FBI — even as he pokes fun at the agency, saying he is only out to improve airline security.

Chris Roberts, of Denver’s One World Labs, a “security intelligence firm,” first made news last month after he tweeted what appeared to be a joke about “playing” with a United Airlines plane’s in-flight entertainment and crew-alerting system on April 15. Once he landed, he was questioned by the FBI for several hours. Some of his computer equipment was seized, and he was prevented from boarding another United flight.

“Lesson from this evening, don’t mention planes,” he later tweeted. “The Feds ARE listening, nice crew in Syracuse, left there naked of electronics.” In an interview after the incident with Wired, Roberts said he had not actually taken control of the plane, though he and his colleagues said it could be done. And that appeared to be that.

But now, in a search warrant obtained by Canada’s APTN, the FBI alleges Roberts told them he had taken control of the aircraft.

“He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” FBI Special Agent Mark Hurley wrote in his warrant application, as Wired reported. “He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system.”

The FBI is investigating Chris Roberts, a computer security expert, who told the agency he hacked into a plane's in-flight entertainment system while on board and managed to move the plane sideways. Here is an animation of how Roberts allegedly hacked the plane’s computer system according to the FBI's search warrant application. (Video: Jayne W. Orenstein and Cameron Blake/The Washington Post)

[Just how hackable is your plane?]

Roberts, a frequent speaker at security conferences who is very active on Twitter, seemed to want to clarify his intentions on Sunday.

“Over last 5 years my only interest has been to improve aircraft security,” Roberts tweeted. “Given the current situation I’ve been advised against saying much.”

Yet, even as Roberts played it straight, he seemed to be enjoying the spotlight, retweeting images of himself on television news — as well as satirical pictures of him taking over dishwashers and space shuttles, among other things.

In another interview with Wired, Roberts said his comments to agents were taken out of context.

“That paragraph that’s in there is one paragraph out of a lot of discussions, so there is context that is obviously missing which obviously I can’t say anything about,” he said. “It would appear from what I’ve seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others.”

Roberts also told Wired that One World has lost funding and had to make layoffs as a result of the investigation.

“The board has deemed it a risk. So that was one factor in many that made their decision,” he said. “Their decision was not to fund the organization any further.”

No charges have been filed against Roberts, who was not immediately available for comment. A biography of Roberts shared by One World last month praised his abilities:

Regarded as one of the world’s foremost experts on counter threat intelligence within the cybersecurity industry, Roberts constructs and directs One World Labs’ comprehensive portfolio of cyber defense services designed to improve the physical and digital security posture of both its enterprise and government clients. Roberts understands enterprise security requirements, having served as both an in-house security expert and consultant on IT security, engineering and architecture/design operations for scores of Fortune 500 companies across the finance, retail, energy and services sectors. Further, he regularly engages with various government agencies on critical security issues of national importance.

One World’s Web site includes references to a “Fortune 100 medical company,” a “Fortune 20 financial company” and “a government agency,” among other clients, but does not name the businesses that have hired it. The company was not immediately available for comment.