English
Spanish
Italian
French
Greek
Portuguese
Japanese
Danish
Dutch
Finnish
Croatian
Estonian
Filipino
Czech
Korean
Slovenian
Chinese (Simplified)
Chinese (Traditional)
Somali
Hebrew
Polish
Hindi
Hungarian
Slovak
Norwegian
Swedish
Persian
Romanian
Punjabi
Arabic
Ukrainian
Russian
Bulgarian
Indonesian
Bosnian
Afrikaans
Armenian
AlbanianA foreign hacker obtained an old copy of the U.S. government’s Terrorist Screening Database and “no fly” list from an unsecured server belonging to a commercial airline.
The Swiss hacker known as “maia arson crimew” blogged Thursday that she discovered the Transportation Security Administration “no fly” list from 2019 and a treasure of data belonging to CommuteAir on an unsecured Amazon Web Services cloud server used by the airline.
The hacker told The Daily Dot the list appeared to have more than 1.5 million entries. The data reportedly included names and birthdates of various individuals who have been barred from air travel by the government due to suspected or known ties to terrorist organizations. The Daily Dot reported that the list contains multiple aliases, so the number of unique individuals on the list is far less at 1.5 million.
The report by the Daily Dot notes that “Many entries on the list were names that appeared to be of Arabic or Middle Eastern descent, although Hispanic and Anglican-sounding names were also on the list.”
The Daily Dot also quotes Hina Shamsi, director of the National Security Project at the American Civil Liberties (Liberal ACLU), as complaining, “Over last 20 years, the U.S. citizens that we’ve seen targeted for watchlisting are disproportionately Muslim and people of Arab or Middle Eastern and South Asian descent.”
Mikael Thalen, a staff writer at the Daily Dot, shared the following details in a series of Twitter posts:
NEW: The federal No Fly List was exposed on an open server discovered by a security researcher last week. The list, which was being stored by the US airline CommuteAir, contained over 1.5 million rows of data including names, aliases, & birth dates.
NEW: The federal No Fly List was exposed on an open server discovered by a security researcher last week.
The list, which was being stored by the US airline CommuteAir, contained over 1.5 million rows of data including names, aliases, & birth dates. https://t.co/fhL3w97BFj
— Mikael Thalen (@MikaelThalen) January 19, 2023
The server, discovered by hacker @_nyancrimew, was secured prior to publication. CommuteAir says the list was a version from 2019.
The Daily Dot was able to find numerous high-profile figures including the recently-freed Russian arms dealer Viktor Bout & at least 16 aliases.
The infrastructure, described by CommuteAir as a development server, also contained the names, addresses, phone numbers & passport numbers of over 900 CommuteAir staff including pilots & crew. CommuteAir says an initial investigation shows that no customer data was exposed.
The infrastructure, described by CommuteAir as a development server, also contained the names, addresses, phone numbers & passport numbers of over 900 CommuteAir staff including pilots & crew.
CommuteAir says an initial investigation shows that no customer data was exposed.
— Mikael Thalen (@MikaelThalen) January 19, 2023
The server also contained credentials that @_nyancrimew says allowed them access to live production servers, including 41 AWS buckets. With that access, @_nyancrimew says a threat actor could have “completely owned” the airline.
If you’re interested in a more technical breakdown, @_nyancrimew has now published a blog post detailing how the server was discovered & what all it contained.
If you’re interested in a more technical breakdown, @_nyancrimew has now published a blog post detailing how the server was discovered & what all it contained. https://t.co/RzdwM9WjSx
— Mikael Thalen (@MikaelThalen) January 19, 2023
In a blog post entitled “How to completely own an airline in 3 easy steps and grab the TSA no fly list along the way,” a Swiss hacker details how boredom led to hunting on the internet for exposed open-source automation Jenkins servers. https://t.co/p5uNw0Aomd pic.twitter.com/Fs7twoZAEy
— Forbes (@Forbes) January 20, 2023
TSA ‘no fly’ list leaked after being found on unsecured airline server https://t.co/HI8EPaw51j
— FOX Business (@FoxBusiness) January 21, 2023
To get more information about this article, please visit FOXBUSINESS.COM. To weigh in, leave a comment below.
The post NEWS ALERT: TSA ‘no fly’ list leaked after being found on unsecured airline server appeared first on Dennis Michael Lynch.
Click this link for the original source of this article.
Author: Anneta Griffee
This content is courtesy of, and owned and copyrighted by, https://dennismichaellynch.com and its author. This content is made available by use of the public RSS feed offered by the host site and is used for educational purposes only. If you are the author or represent the host site and would like this content removed now and in the future, please contact USSANews.com using the email address in the Contact page found in the website menu.
