Hacker Grabs FBI No Fly List Off Of Unprotected Server

No Fly List

Not featured: salacious images of J. Edgar Hoover

A 23-year-old Swiss hacker, one maia arson crimew, apparently found the U.S. No Fly List on an unprotected server. This news comes from the Daily Dot.

The server in question was an Amazon Web Services cloud server belonging to the Ohio regional airline CommuteAir. Moreover, the server didn’t just contain the No Fly List, but also the private information of the airline’s nearly 1,000 employees, including their passport numbers, addresses, and phone numbers.

Included on the list were a number of names. Of recent note, Viktor Bout, who was exchanged for Brittany Griner, was featured on it, alongside a number of other well-known names you’d probably expect to find on it.

According to CommuteAir, the list is an out-of-date one from 2019, and that the server was taken offline last week after being flagged. They have confirmed, however, that no customer data was compromised. A CommuteAir communications representative told the Daily Dot that they have contacted the Cybersecurity and Infrastructure Security Agency and have launched a full investigation into the server. The TSA was aware of the incident, and is investigating alongside whichever alphabet soup agency is involved.

Per a memo issued to both current and former employees found by CNN, CommuteAir had been made aware of a security breach back in November, where an “unauthorized party” accessed personal information including names, birthdates, and the last 4 digits of their social security numbers.

READ:  Crypto.com Experiences 'Unauthorized Activity'; Halts Withdrawals For 14 Hours

crimew, meanwhile, told the Daily Dot that she found the list while searching for automated servers used in the building, testing, and deployment of software. This process involved the use of Shodan, a specialized search engine the cybersecurity community uses to locate servers connected to the internet. crimew pointed out that the larger Terrorist Watchlist, part of the No Fly List, features in large part names that sound either Russian or Arabic.

It’s just crazy to me how big that Terrorism Screening Database is and yet there is still very clear trends towards almost exclusively Arabic and Russian sounding names throughout the million entries.

maia arson crimew

Gee, can’t imagine why those two regions are so represented.

crimew was previously part of a group of hackers that hacked into security cameras made by the US company Verkada. The point of that hack was to expose the extent of surveillance in society by accessing over 50,000 cameras installed in prison hospitals.

Source: PC Magazine

About Author

B. Simmons

Based out of Glendale California, Bryan is a GAMbIT's resident gaming contributor. Specializing in PC and portable gaming, you can find Bryan on his 3DS playing Monster Hunter or at one of the various conventions throughout the state.

Learn More →