No-Fly roster leaked, Pokemon briefly involved

featured image

Image for article titled No-fly list leaked, TSA investigating 'cyber security incident'

The Transportation Security Administration’s no-fly list is one of the most important records in the United States, containing the names of persons who are considered a threat to national security who are not allowed on planes. You would have been forgiven for thinking the list was a closely guarded state secret, but lol no.

A Swiss hacker known as “maia arson crimew” obtained a copy of the list – albeit a version from a few years ago – not by getting through fortress-like layers of cybersecurity, but by… finding a regional airline that had its data scattered on unprotected servers. They announced the discovery with the photo and screenshot above, in which the Pokémon Sprigatito looks awfully pleased with itself.

while they explain in a blog post detailing the processcrimew was scouring online when they discovered CommuteAir’s servers were there:

like so many of my other hacks, this story starts with me getting bored and surfing shodan (or well, technically zoomeyechinese shodan), looking for exposed jenkins servers that may contain some interesting assets. at this point, I’ve probably clicked through about 20 boring exposed servers with very little interest, when I suddenly start seeing some familiar words. “ACARS”, many mentions of “crew” and so on. many words I heard before, probably while binge-watching Pilot Mentor YouTube videos. jackpot. an exposed Jenkins server belonging to CommuteAir.

Among other “sensitive” information on the servers was “NOFLY.CSV,” which hilariously was exactly what it said on the box: “The server contained data from a 2019 version of the federal no-fly list that included first and last names and dates of birth. ”, Erik Kane, Corporate Communications Manager at CommuteAir told the daily pointwho worked with crimew to filter the data. “In addition, some information from CommuteAir flights and employees was accessible. We have sent a notice to the Cybersecurity and Infrastructure Security Agency and are continuing with a full investigation.”

This “employee and flight information” includes, as crimew writes:

taking sample documents from various s3 buckets, going through flight plans and dumping some dynamodb tables. by this point I’ve found pretty much every PII imaginable for each of the crew members. full names, addresses, phone numbers, passport numbers, pilot license numbers, next line check due date, and more. i had trip sheets for every flight, the potential to access every flight plan ever, a bunch of image attachments for refund flight bookings containing once again more PII, plane maintenance data, what you want.

The government is now investigating the leak, with the TSA telling the daily point they are aware of a potential cybersecurity incident and are coordinating with our federal partners to investigate.”

If you’re wondering how many names are on the list, it’s hard to say. crimew says kotaku that in this version of the records “there are about 1.5 million entries, but given that there are many different pseudonyms for different people, it is very difficult to know the real number of unique people in it” (an estimate from 2016 had the numbers in “2,484,442 records, consisting of 1,877,133 individual identities”).

Interestingly, as the list was uploaded to CommuteAir’s servers in 2022, it was assumed to be the year the records originated. Instead, crimew tells me “the only reason why [now] to meet [it] is from 2019 is because the airline keeps confirming this in all its press statements, before we assumed it was from 2022.”

You can check the crimew blog on herewhile the daily point post – which says the names on the list include IRA members and an eight-year-old child –is here.

.

Post a Comment

Previous Post Next Post
1111111111111111111
1111111111111111111
1111111111111111111
1111111111111111111
1111111111111111111
1111111111111111111
1111111111111111111
1111111111111111111
1111111111111111111
1111111111111111111
1111111111111111111
1111111111111111111
1111111111111111111
1111111111111111111

نموذج الاتصال