Entire US “no-fly list” leaked online after being left on an insecure server
The entire US “No-Fly List” was exposed online by a Swiss hacker who allegedly found three sensitive files hosted on an insecure website. cloud storage servants.
One of the files contained information on more than 1.5 million entries to the list, including individuals who had been barred from traveling to or from the United States.
The data is found boringly, according to a blog post (opens in a new tab) written by the hacker, known online as the criminal maia arson, shows her searching Shodan for exposed Jenkins servers.
No violation of the Flight List
Digging around the exposed CommuteAir server discovered three .csv files: employee_inif.csv, nofly.csv, and selectee.csv. Arguably the most notable and most controversial in recent days is nofly.csv, which is reported to contain information about banned flyers in the United States.
The file nofly.csv is nearly 80 MB in size and contains more than 1.56 million rows of data relating to individuals who are not authorized to fly within the United States, although it is reported that most of these entries include include aliases.
Aliases are used to try to avoid detection by such lists and may include changes to first and last names, including common misspellings and changes to birth dates.
One such example, according to daily dot (opens in a new tab) The first reports on the matter included the recently freed Russian arms dealer, Viktor Bout, with at least 16 related aliases.
Overall, it is estimated that in 2016 there were 81,000 individuals on the US No-Flight List, taking into account multiple aliases for each person.
Regarding the data revealed in 2023, crimew said: “To me, it’s crazy how big that Terrorist Screening Database is but there are still trends so obvious to most. Arabic and Russian pronunciation names in millions of entries”.
In addition to this list, crimew also disclosed a list containing personally identifiable information of CommuteAir crew members, including full names, addresses, phone numbers, passport numbers, license numbers, and license numbers. pilots, etc.
Erik Kane, CommuteAir’s director of corporate communications, confirmed that the data was legitimate and came from the 2019 version of the federal No-Flight List, and noted the disclosure of employee data. “We have notified the Cybersecurity and Infrastructure Security Agency and we are continuing to fully investigate,” Kane said.
TechRadar Pro asked the company for further comment on the matter.