Insecure Server Reveals US Government’s “No-Fly List”


Why it’s important: A US regional airline accidentally revealed a secret document “The List of prohibited Flights”, which was distributed to government agencies. Although the list was removed from the network, the hacker who discovered the confusion revealed a number of unpleasant features concerning security and systematic racism towards “dissenting” people.

CommuteAir used an Internet-accessible server as a development platform, and a Swiss hacker known as “maia arsoncrimew” was able to access the system and look around. The server turned out to be a storehouse of confidential data about both the company’s commercial activities and a secret database about people who are banned from flying to the United States.

The data stored on an unsecured server contained a lot of information related to the company, including the personal data of almost 1,000 CommuteAir employees. In addition, a simple text file named “NoFly.csv” contained more than 1.5 million different entries with names and dates of birth, although many of these entries were aliases or spelling mistakes of pre-existing identifiers.

The official “no-fly list” referenced by the secret file is a subset of the much larger Terrorist Screening Database (TSDB), which is a central terrorist watch list managed by the FBI and used by several federal agencies to compile specific watch lists and for passengers. screening activities. People who are in TSDB are suspected or known to have links with terrorist organizations, and persons included in the list of prohibited flights are in no case allowed to board airline flights.

According to crimew, the list of banned for flights included such famous personalities as Viktor Bout (with more than 16 potential aliases), a Russian arms dealer recently released by the United States as part of a prisoner exchange initiative to free American basketball player Brittney Griner. The list also included suspected members of the Irish paramilitary organization IRA and, oddly enough, an eight-year-old child, based only on the date of birth.

Later, CommuteAir confirmed the security incident with the development server and the legality of the included data, stating that the list of prohibited flights discovered by criminal means was a federal database dating back to 2019. The US no—fly list is an ever-growing database, which, according to recent estimates, should include more than 80,000 people. A previously open copy of the larger TSDB database contained 1.9 million records.

What CommuteAir identifies as a forbidden list may indeed just be a copy of a much larger TSDB. Both lists have been repeatedly criticized for being massive and bloated systems designed to spy on dissidents.

According to Hina Shamsi, director of the National Security Project of the American Civil Liberties Society (ACLU), TSDB and the smaller no-fly list have been used for 20 years to attack US citizens who are “disproportionately Muslim, as well as those from Arab or Middle Eastern and South Asian backgrounds.” These people have to endure the stigma, embarrassment and “life difficulties of not being able to fly in our modern age,” Shamsi said, while the U.S. government maintains its bloated surveillance system based “on secret standards and secret evidence with no meaningful process to challenge.” mistake the government and clear their names.”


Please enter your comment!
Please enter your name here