TSA "no fly" list leaked after being found on unsecured airline server

TSA “no fly” list leaked after being found on unsecured airline server

A foreign hacker obtained an old copy of the US government’s terrorist screening database and a “no fly” list from an unsecured server belonging to a commercial airline.

The Swiss hacker known as “maia arson crimew” wrote on her blog Thursday that she discovered the Transportation Security Administration’s 2019 “no fly” list and a trove of data belonging to CommuteAir on an unsecured cloud server. from Amazon Web Services used by the airline.

The hacker told The Daily Dot that the list appeared to have more than 1.5 million entries. The data reportedly included the names and dates of birth of several people who have been banned by the government from air travel due to suspected or known links to terrorist organizations. The Daily Dot reported that the list contains multiple aliases, so the number of unique people on the list is much less than 1.5 million.

Notable people reported to be on the list include Russian arms dealer Viktor Bout, who was recently released by the Biden administration in exchange for WNBA star Brittney Griner, and suspected members of the IRA and others, according to The Daily Dot.

FAA REVEALS WHAT CAUSED THE COMPUTER OUTAGE THAT CAUSED THE GROUND STALL

Identification requirements signs at the entrance to the TSA passenger security area in West Palm Beach, Florida. (Lindsey Nicholson/UCG/Universal Images Group via Getty Images/Getty Images)

US EXPANDS MANDATE FOR COVID-19 VACCINE IN AIR TRAVEL FOR INTERNATIONAL VISITORS

“It’s crazy to me how big the terrorism detection database is and yet there are still very clear trends towards almost exclusively Arabic and Russian sounding names in the million entries,” crimew told the outlet.

Reached for comment, a TSA spokesperson said the agency is “aware of a potential cybersecurity incident and that we are investigating in coordination with our federal partners.”

In a statement to FOX Business, CommuteAir confirmed the legitimacy of the hacked “no fly” list and the data containing private information about the company’s employees.

tsa sign

A Transportation Security Administration pre-check sign is displayed at Dulles International Airport in Dulles, Virginia on August 19, 2015. (Andrew Harrer/Bloomberg via Getty Images/Getty Images)

FTX SAYS HACKERS STOLEN $415M AFTER CRYPTO EXCHANGE FILED BANKRUPTCY

“CommuteAir was notified by a member of the security research community that they identified a misconfigured development server,” said Erik Kane, CommuteAir corporate communications manager. “The investigator accessed the files, including an outdated 2019 version of the federal no-fly list that included first and last name and date of birth. Additionally, through information found on the server, the investigator discovered access to a database containing personally identifiable information of CommuteAir Employees.

“Based on our initial investigation, no customer data was exposed,” Kane added. “CommuteAir immediately took the affected server offline and launched an investigation to determine the extent of the data access. CommuteAir reported the data exposure to the Cybersecurity and Infrastructure Security Agency and also notified its employees.”

Embraer ERJ-145XR airplane

An Embraer ERJ-145XR aircraft operated by CommuteAir. (Commute Air/Fox News)

CommuteAir is a regional airline founded in 1989 and headquartered in Ohio. The company operates with hubs in Denver, Houston and Washington Dulles and operates more than 1,600 weekly flights to more than 75 destinations in the US and three in Mexico.

CLICK HERE TO READ MORE ABOUT FOX BUSINESS

According to crimew’s Wikipedia page, which the hacker maintains to be accurate, a grand jury in the United States indicted her in March 2021 on criminal charges related to her alleged hacking activity between 2019 and 2021. Her Twitter bio describes her as an “accused hacktivist”. /security researcher, artist, mentally ill enby polyam anarchist trans lesbian kitten (θΔ), 23 years old.”

Leave a Comment

Your email address will not be published. Required fields are marked *