Everyone makes mistakes at work, but leaving the no-fly list on the internet seems like a really big mess.
That reportedly happened with the American airline CommuteAir. The Daily Dot reported(Opens in a new window) that a Swiss hacker known as “maia arson crimew” found the unsecured server while using the specialized search engine Shodan. Apparently there was a lot of sensitive information on the server, including a version of the no-fly list from four years ago. Somewhat hilariously, it was allegedly found via a text file called “NoFly.csv.” That’s… not hard to guess.
A blog post(Opens in a new window) van crimew titled “how to fully own an airline in 3 easy steps” cited boredom as the reason for finding the server. They were just poking around and found it.
“At this point I’ve probably been clicking through 20 or so boring exposed servers with little interest, when all of a sudden I start seeing familiar words,” crimew says in their blog post. “‘ACARS’, lots of mentions of ‘crew’ and so on. Lots of words I’ve heard before, most likely while binge-watching YouTube videos from Mentour Pilot. Jackpot. An exposed Jenkins server from CommuteAir.”
Tweet may have been deleted
(opens in a new tab)
(Opens in a new window)
CommuteAir, a US regional airline headquartered in Ohio, confirmed that the information on its server was authentic to the Daily Dot. The server has been taken offline.
“The server contained data from a 2019 version of the federal no-fly list with first and last names and dates of birth,” CommuteAir Corporate Communications Manager Erik Kane told the Daily Dot. “In addition, certain CommuteAir personnel and flight information was accessible. We have filed a report with the Cybersecurity and Infrastructure Security Agency and are continuing a full investigation.”
The info from the server is already doused, with say some researchers(Opens in a new window) it shows how the list is strongly biased against Muslims. According to Daily Dot(Opens in a new window)while there is no official number of names on the no-fly list, Senator Dianne Feinstein (D-Calif.) suggested in 2016 that there were more than 81,000 people on the list.