Federal 'No Fly List' exposed by US airline hacker reveals heavy biases

A bored Swiss hacker stumbled across an unsecured CommuteAir server and discovered an official 'No Fly List' curated by Federal authorities.

1 minute & 53 seconds read time

The US airline CommuteAir reportedly left a federal "No Fly List" on an unsecured server that was then accessed by a Swiss hacker.

Federal 'No Fly List' exposed by US airline hacker reveals heavy biases 25

The exclusive report comes from The Daily Dot that claims US airline CommuteAir left an unsecured server open that contained a large quantity of sensitive information. This server was accessed by a Swiss hacker that goes by "maia arson crimew" who wrote a blog post titled "how to completely own an airline in 3 easy steps," where they explained that they stumbled across the sensitive server by accident and through boredom.

Essentially, the hackers were just looking around through a search engine called Shodan when they discovered the server and a file titled "NoFly.csv". The file was opened, and the hackers discovered a 2019 version of a federal No Fly list that includes first and last names as well as dates of birth. The Daily Dot reports the list contained the names and aliases of many high-profile people, such as the recently-freed Russian arms dealer Viktor Bout and his 16 aliases.

Federal 'No Fly List' exposed by US airline hacker reveals heavy biases 01

CommuteAir Corporate Communications Manager Erik Kane told the Daily Dot that the server also contained sensitive information on CommuteAir employees and flight information, and the company has submitted a notification to the Cybersecurity and Infrastructure Security Agency while also conducting its own investigation.

The information contained in the exposed server was already looked over by researchers, and according to The Daily Dot, the no-fly list contained a heavy bias against Muslim people. Unfortunately, the hacker or CommuteAir didn't confirm the specific number of people on the 2019 no-fly list. However, according to Sen Dianne Feinstein, the 2016 no-fly list contained more than 81,000 people, which is at least something to go by.

It should be noted that in crimew's blogpost, they wrote they found lots of mentions of the word "crew" and other words they recognized after binge-watching "mentor pilot YouTube videos".

Erik Kane, a spokesperson for CommuteAir, said in a statement to Insider that based on initial internal investigations, no customer data was exposed and that CommuteAir has since taken the exposed server offline. Furthermore, the Transportation Security Administration has confirmed it's been made aware of the incident and has launched its own investigation.

For more information on this story, check out this link here.

Buy at Amazon

Hyp NASA The Eagle Has Landed Men's Crew Socks 5 Pair Pack

TodayYesterday7 days ago30 days ago
* Prices last scanned on 9/24/2023 at 2:05 pm CDT - prices may not be accurate, click links above for the latest price. We may earn an affiliate commission.

Jak joined the TweakTown team in 2017 and has since reviewed 100s of new tech products and kept us informed daily on the latest science, space, and artificial intelligence news. Jak's love for science, space, and technology, and, more specifically, PC gaming, began at 10 years old. It was the day his dad showed him how to play Age of Empires on an old Compaq PC. Ever since that day, Jak fell in love with games and the progression of the technology industry in all its forms. Instead of typical FPS, Jak holds a very special spot in his heart for RTS games.

Newsletter Subscription

Related Tags