You have commented 339 times on Rantburg.

Your Name
Your e-mail (optional)
Website (optional)
My Original Nic        Pic-a-Nic        Sorry. Comments have been closed on this article.
Bold Italic Underline Strike Bullet Blockquote Small Big Link Squish Foto Photo
Submit your comments on this article
Cyber
TSA 'no fly' list leaked after being found on unsecured airline server
2023-01-22
[FoxBusinessNews] 'No Fly' list leaked by hacker reportedly contains 1.5 million entries and includes notable names linked to terrorist activities.

A foreign hacker obtained an old copy of the U.S. government's Terrorist Screening Database and "no fly" list from an unsecured server belonging to a commercial airline.

The Swiss hacker known as "maia arson crimew" blogged Thursday that she discovered the Transportation Security Administration "no fly" list from 2019 and a trove of data belonging to CommuteAir on an unsecured Amazon Web Services cloud server used by the airline.
Wasn’t there something about the DoD using them? I seem to recall Amazon staff being very upset at the idea.
The hacker told The Daily Dot the list appeared to have more than 1.5 million entries. The data reportedly included names and birthdates of various individuals who have been barred from air travel by the government due to suspected or known ties to terrorist organizations. The Daily Dot reported that the list contains multiple aliases, so the number of unique individuals on the list is far less at 1.5 million.

Noteworthy individuals reported to be on the list include Russian arms dealer Viktor Bout, who was recently freed by the Biden administration in exchange for WNBA star Brittney Griner, and suspected members of the IRA and others, according to The Daily Dot.

"It’s just crazy to me how big that terrorism screening database is, and yet there is still very clear trends towards almost exclusively Arabic and Russian sounding names throughout the million entries," crimew told the outlet.
Imagine that...
Reached for comment, a TSA spokesman said the agency is "aware of a potential cybersecurity incident, and we are investigating in coordination with our federal partners."

In a statement to FOX Business, CommuteAir confirmed the legitimacy of the hacked "no fly" list and data that contained private information about the company's employees.

"CommuteAir was notified by a member of the security research community who identified a misconfigured development server," said Erik Kane, corporate communications manager for CommuteAir. "The researcher accessed files, including an outdated 2019 version of the federal no-fly list that included first and last name and date of birth. Additionally, through information found on the server, the researcher discovered access to a database containing personal identifiable information of CommuteAir employees.

"Based on our initial investigation, no customer data was exposed," Kane added. "CommuteAir immediately took the affected server offline and started an investigation to determine the extent of data access. CommuteAir has reported the data exposure to the Cybersecurity and Infrastructure Security Agency and also notified its employees."

CommuteAir is a regional airline founded in 1989 and based in Ohio. The company operates with hubs in Denver, Houston and Washington Dulles and operates more than 1,600 weekly flights to over 75 U.S. destinations and three in Mexico.

According to crimew's Wikipedia page, which the hacker maintains is accurate, she was indicted by a grand jury in the United States in March 2021 on criminal charges related to her alleged hacking activity between 2019 and 2021. Her Twitter bio describes her as "indicted hacktivist/security researcher, artist, mentally ill enby polyam trans lesbian anarchist kitten (θΔ), 23 years old."
Indicted but no action taken? Til now?
Related:
Terrorist Screening Database: 2022-01-19 Texas synagogue hostage-taker was known to MI5
Terrorist Screening Database: 2021-10-20 1600 Migrants Apprehended in Southern Arizona over Weekend
Terrorist Screening Database: 2021-03-17 Border officials admit that four people arrested at border are on terror watchlist
Related:
Amazon Web Services: 2021-12-08 All of Amazon Web Services go down - taking huge part of the internet with it: Alexa, Ring, Disney+, Tinder and Venmo all crash in Cloud server outage
Amazon Web Services: 2021-11-26 Smithsonian's new FUTURES exhibit asks visitors when we'll see 'single global government'
Amazon Web Services: 2021-10-27 UK Spy Agencies Sign Deal with Amazon to Host Classified Information
Posted by:Skidmark

#4  Tell me again how efficient our government is and needs to be in charge of all of our lives.
Posted by: DarthVader   2023-01-22 18:58  

#3  It could be easily defeated anyway. When I was younger my partying buddy was a 17 year chick whose older look alike sister would let her use her ID. Now that is what you call family.
Posted by: Mad Eye Omeretch7959   2023-01-22 16:58  

#2  So Victor Bout can fly in America if he gets his birthday adjusted on his passport. Pretty high tech.
Posted by: Super Hose   2023-01-22 09:38  

#1  'No Fly' list leaked by hacker reportedly contains 1.5 million entries and includes notable names linked to terrorist activities.

'No Fly' list is being validated against existing data bases.
Posted by: Besoeker   2023-01-22 00:57  

00:00