A foreign hacker obtained an old copy of the US government’s terrorism screening database and no-fly list from an unsecured server owned by a commercial airline.
The Swiss hacker known as ‘maia arson crimew’ blogged on Thursday that she discovered the Transportation Security Administration’s 2019 ‘no-fly’ list and a trove of data belonging to CommuteAir on a cloud server Unsecured Amazon Web Services used by the airline.
The hacker told the Daily Dot that the list appeared to contain more than 1.5 million entries. The data reportedly included the names and dates of birth of various people who have been banned from air travel by the government due to suspected or known links to terrorist organizations. The Daily Dot reported that the list contains multiple aliases, so the number of unique individuals on the list is well under 1.5 million.
Notable people who would make the list include Russian arms dealer Viktor Bout, who was recently freed by the Biden administration in exchange for WNBA star Brittney Griner, and alleged IRA and IRA members. others, according to The Daily Dot.
FAA REVEALS WHAT CAUSED COMPUTER FAILURE INVITING GROUND STOP
US EXTENDS COVID-19 VACCINE MANDATE ON AIR TRAVEL FOR INTERNATIONAL VISITORS
“It’s just crazy to me how big this terrorism screening database is, and yet there are still very clear trends towards almost exclusively Arabic and Russian sounding names across the million dollars. ‘entrees,’ crimew told the outlet.
Reached for comment, a TSA spokesperson said the agency is “aware of a potential cybersecurity incident, and we are investigating in coordination with our federal partners.”
In a statement to FOX Business, CommuteAir confirmed the legitimacy of the hacked no-fly list and data containing private information about company employees.
FTX SAYS HACKERS STOLE $415M AFTER CRYPTOCURRENCY EXCHANGE FILES FOR BANKRUPTCY
“CommuteAir has been notified by a member of the security research community who has identified a misconfigured development server,” said Erik Kane, corporate communications manager for CommuteAir. “The researcher accessed files including an outdated 2019 version of the federal no-fly list that included first name, last name, and date of birth. Additionally, through information found on the server, the researcher uncovered access to a database containing personally identifiable information of CommuteAir employees.
“Based on our initial investigation, no customer data was exposed,” Kane added. “CommuteAir immediately took the affected server offline and launched an investigation to determine the extent of the data access. CommuteAir reported the data exposure to the Cybersecurity and Infrastructure Security Agency and also notified its employees.”
CommuteAir is a regional airline founded in 1989 and based in Ohio. The company operates with hubs in Denver, Houston and Washington Dulles and operates more than 1,600 weekly flights to more than 75 destinations in the United States and three in Mexico.
CLICK HERE TO LEARN MORE ABOUT FOX BUSINESS
According to crimew’s Wikipedia page, which the hacker says is accurate, she was indicted by a grand jury in the United States in March 2021 on criminal charges related to her alleged hacking activity between 2019 and 2021. Her biography Twitter describes her as “indicted hacktivist/security researcher, artist, mentally ill enby polyam trans lesbian (θΔ) anarchist kitten, 23.”