Hacker Found FBI No Fly List on Unsecured Server - PCMag

A 23-year-old Swiss hacker discovered an unsecured server that contained the identities of hundreds of thousands of individuals who were connected an aged mentation of the US Government’s No Fly List and Terrorist Screening Database, Daily Dot reports(Opens successful a caller window). 

The unsecured Amazon Web Services unreality server successful question was hosted by Ohio-based determination hose CommuteAir,  according to the hacker, and successful summation to the No Fly List, it contained backstage accusation connected astir 1,000 of the airline’s employees. This accusation reportedly included their passport numbers, addresses, and telephone numbers. 

Several well-known names were included connected the exposed No-Fly list, specified arsenic Viktor Bout, a Russian arms trader who was released from a US situation past period arsenic portion of an speech with US hoops subordinate Brittney Griner.

CommuteAir told the Daily Dot that the server contained information from an aged 2019 mentation of the US no-fly database and that it was taken offline past week aft it had been flagged. A spokesperson added that nary lawsuit accusation had been exposed. 

A CommuteAir communications typical told the Daily Dot that the hose had notified the Cybersecurity and Infrastructure Security Agency and was continuing with a “full investigation” into the server.

In a connection to CNN, The Transportation Security Administration (TSA) said it was “aware of a imaginable cybersecurity incident” and that it was investigating it “in coordination with our national partners.” 

The hacker besides told Daily Dot that they had recovered the exposed No Fly List portion searching for automated servers that assistance successful the building, testing, and deployment of software. They were utilizing Shodan, a specialized hunt motor utilized by the cybersecurity assemblage to find servers exposed to the internet.

Individuals connected the Terrorist Screening Database tin beryllium taxable to further information checks and searches erstwhile traveling, portion the smaller No-fly database is simply a acceptable of known oregon suspected terrorists who are barred from flying to oregon successful the US.

According to a memo to existent and erstwhile CommuteAir employees obtained by CNN, the hose was made alert of a information breach successful November aft an “unauthorized party” accessed idiosyncratic accusation held by the hose including names, birthdays and the past 4 digits of Social Security numbers.

Speaking to The Daily Dot, the hacker, known arsenic maia arson crimew, pointed retired the information that the database extensively featured names that were of Arabic and Russian descent: “It’s conscionable brainsick to maine however large that Terrorism Screening Database is and yet determination is inactive precise wide trends towards astir exclusively Arabic and Russian sounding names passim the cardinal entries.”

The Swiss nationalist was previously portion of a radical of hackers that breached US information camera shaper Verkada(Opens successful a caller window), which saw implicit 150,000 cameras successful hospitals successful prisons being accessed. The constituent of the breach, the hackers said, was to item the grade of surveillance successful society.