This story is over 5 years old.


Airlines Are Terrible at Detecting Fake and Stolen Passports

As a result, the fake passport business is booming on the deep web.
March 12, 2014, 2:45pm

A screenshot from one of the internet's various phony passport vendors.

The sudden, mysterious, and tragic disappearance of a China-bound Malaysian Airlines flight (a story that turned into a full-on Twilight Zone episode yesterday when news broke that the cellphones of some missing passengers are still ringing) has exposed a crucial security flaw in air travel. While the proliferation of airport security has created plenty of jobs for people who love operating x-ray machines and needlessly patting down the elderly, it is now apparent that the tiny detail of making sure people aren’t using fraudulent passports has fallen by the wayside.


You have likely already heard that two of the passengers on the vanished Malaysian Airlines plane were using stolen passports. This does not necessarily mean that these men were terrorists, as everything from mechanical failure to a failed emergency landing is still on the table for possible causes of the plane’s disappearance. These stolen passports have, however, brought the issue of fraudulent documents into the mainstream. According to Interpol, there are already 40 million lost or stolen passports registered in their Stolen and Lost Travel Documents Database (SLTD), and as Robert Noble, Interpol’s Secretary General, has said, despite this massive database existing: “A billion passengers every year board planes without having their passports screened.”

Clearly Interpol has been concerned with this lack of integration between airlines, governments, and the SLTD for a quite a while—as it’s leading to people with fake or stolen passports hopping onto planes worldwide. In a February 2014 post on Interpol’s website, entitled “Preventing use of stolen passports by terrorists and criminals key to global security, says INTERPOL Chief,” Ronald Noble’s international guilt trip against countries who aren’t using his fancy passport database was laid on thick: “despite being incredibly cost effective and deployable to virtually anywhere in the world, only a handful of countries are systematically using SLTD to screen travellers. The result is a major gap in our global security apparatus that is left vulnerable to exploitation by criminals and terrorists.”


I contacted Transport Canada to find out how our government’s aviation security authorities work with the SLTD. Earlier this week, I was told by a media relations rep that she would have to “speak with their experts” about my inquiries, and hasn’t returned my calls since. There isn’t much open source information available about the Interpol database on the Transport Canada website, save for a 2010 promise to “strengthen and promote… the commitment to report, on a regular basis, lost and stolen passports, to the extent possible, to the INTERPOL Lost and Stolen Travel Document Database.” If Transport Canada’s compliance with air safety is anything like their widely criticized rail safety woes, we shouldn’t expect significant changes to be rolling out anytime soon.

Unsecured trains barreling through populated areas full of crude oil aside, with such flimsy security surrounding passport checks at airports, it’s not entirely surprising that the web is littered with vendors hocking fraudulent travel documents—especially on the deep web. Turns out, if you’re at all savvy with the deep, dark web or Bitcoin, there are plenty of vendors out there looking for your hard-earned cryptocurrency, to help you fake your way through airport security.

While I don’t advise anyone to ever, under any circumstances, attempt to purchase a fake passport, it’s surprising how easy they are to find. On Silk Road 2, the apparent sequel to the illegal contraband market that made huge headlines last year when it was seized and shut down, numerous vendors sell “passport scans” to beat the online verification processes of airlines or travel agencies. For $129 USD or ฿0.21 BTC, you can get a forged passport scan, in a hi-res digital file, featuring your own face, name, place of birth, birthday, and signature. These digital passport scans are advertised as being able to: “PASS Verification” with the added features of being, “complete with holograms, custom matched fonts, and machine readable passport codes.”


Commenters brag that these passport scans are worth the money: “fast turn around and the docs look good. thanks!! would buy from again,” “The scans are amazing way beyond what I expected,” “Awesome docs (UK)! A true master!”

Surprisingly, you don’t even need to venture into the deep web to find sketchy online sellers peddling fake passports. Over at the brazenly named website, which couches its services by saying their products are “for entertainment only” adding that their wares are “not a government document,” you can order up fake Australian, Canadian, German, Finnish, and several other phony passports to use at your own foolish risk.

Normally I would dismiss these sites, and deep web vendors, as being completely ludicrous scams, that couldn’t possibly help anybody sneak around the world’s airports undetected—but the news of Malaysia Airlines’s missing airplane and its stolen passport using passengers, certainly makes this forgeries market seem very effective for terrorists and con artists alike.

With such a stupefying lack of information sharing between the world’s aviation authorities when it comes to stolen passports at the forefront of the news right now, it’s clearer than ever that true security is an illusion. Despite the massive infrastructure we’ve built to keep “the terrorists” away from commercial airliners, there’s a huge gap in airline security that is ostensibly being exploited regularly. Add that to the underground market of fake travel documents being openly traded online, and it now appears to be far too easy to evade the security systems meant to protect us.

Sadly, if recent history tells us anything, once governments actually start to comply with Interpol’s passport database, this will likely result in stricter and more uncomfortable security measures—for only slightly more safety. @patrickmcguire