A foreign hacker obtained an old copy of the US government’s Terrorist Screening Database and a “no fly” list from an unsecured commercial airline server.
The Swiss hacker known as “maia arson crimew” blogged Thursday that she discovered the Transportation Security Administration’s 2019 “no fly” list and a trove of CommuteAir data on an unsecured Amazon Web Services cloud server operated by the airline. is used.
The hacker told The Daily Dot that the list appeared to contain more than 1.5 million entries. The data reportedly includes names and dates of birth of several individuals who have been banned from air travel by the government due to suspected or known ties to terrorist organizations. The Daily Dot reported that the list contains multiple aliases, so the number of unique people on the list is much less at 1.5 million.
Notable individuals reportedly on the list include Russian arms dealer Viktor Bout, who was recently released by the Biden administration in exchange for WNBA star Brittney Griner, and suspected members of the IRA and others, according to The Daily Dot.
FAA REVEALS WHAT CAUSED THE COMPUTER FAILURE TO STOP
US EXTENDS FLIGHT COVID-19 VACCINE MANDATE FOR INTERNATIONAL VISITORS
“I just think it’s crazy how big that terrorism screening database is, and yet there are still very clear trends towards almost exclusively Arabic and Russian sounding names in the million entries,” crimew told the outlet.
Reached for comment, a TSA spokesperson said the agency “is aware of a potential cybersecurity incident and we are investigating it in conjunction with our federal partners.”
In a statement to FOX Business, CommuteAir confirmed the legitimacy of the hacked “no fly” list and data containing private information about the company’s employees.
FTX SAYS HACKERS STOLEN $415M AFTER CRYPTOCURRENCY EXCHANGE FILED FOR BANKRUPTCY
“CommuteAir has been notified by a member of the security research community who has identified a misconfigured development server,” said Erik Kane, corporate communications manager for CommuteAir. “The investigator had access to files including an outdated 2019 version of the federal no-fly list containing first and last name and date of birth. In addition, through information on the server, the investigator discovered access to a database of personally identifiable information from CommuteAir- Staff members.
“Based on our initial investigation, no customer data has been released,” Kane added. “CommuteAir immediately took the affected server offline and launched an investigation to determine the extent of data access. CommuteAir has reported the data exposure to the Cybersecurity and Infrastructure Security Agency and has also notified its employees.”
CommuteAir is a regional airline founded in 1989 and based in Ohio. The company has hubs in Denver, Houston and Washington Dulles and operates more than 1,600 weekly flights to more than 75 destinations in the US and three in Mexico.
CLICK HERE TO READ MORE ABOUT FOX BUSINESS
According to crimew’s Wikipedia page, which the hacker says is correct, she was indicted by a grand jury in the United States in March 2021 on criminal charges related to her alleged hacking activities between 2019 and 2021. Her Twitter biography describes her as “indicted hacktivist”. /security researcher, artist, mentally ill enby polyam trans lesbian anarchist kitten (θΔ), age 23.”