No-fly list leaked, Pokemon briefly included

Image for article titled No-Fly List Leaked, TSA Investigates 'Cyber ​​Security Incident'

The Transportation Security Administration’s no-fly list is one of the most important books in the United States, containing the names of people deemed to pose such a threat to national security that not allowed on airplanes. Then you’d be forgiven for thinking that list was a closely guarded state secret, but lol, no.

A Swiss hacker known as “maia arson crimev” obtained a copy of the list – albeit a version from several years ago – not by breaking through fortress-like layers of cyber security, but by… finding a regional airline that had its data that was lying around on unprotected servers. They announced the discovery with the above photo and screenshot, in which the Pokémon Sprigatito looks awfully pleased with itself.

Such as explain in a blog post detailing the processcrime was prowling the net when they discovered that the CommuteAir servers were just sitting there:

like many of my other hacks, this story starts with me being bored and browsing match (or well, technically zoomieChinese shodan), looking exposed jenkins servers that may contain some interesting products. at this point I’ve probably clicked through about 20 boring exposed servers with very little interest, when I suddenly start seeing some familiar words. “ACARS”, lots of mentions of “crew” and so on. many words I had heard before, most likely while watching them Mentor Pilot YouTube Videos. jackpot. the detected Jenkins server it belongs to CommuteAir.

Among the other “sensitive” information on the servers was “NOFLI.CSV,” which hilariously was exactly what it said on the box: “The server contained data from the 2019 version of the federal no-fly list that included first and last names and dates of birth “, CommuteAir Corporate Communications Manager Eric Kane he said Daily Dotwho worked with crime to review the data. “Additionally, certain information about CommuteAir employees and flights was available. We have filed a notification with the Cyber ​​Security and Infrastructure Security Agency and are continuing with a full investigation.

That “employee and flight information” includes, as the criminal writes:

grabbing sample documents from various s3 buckets, traversing flight plans and throwing in some dynamodb tables. at this point I have found almost every PII imaginable for each of their crew members. full names, addresses, phone numbers, passport numbers, pilot license numbers, when their next checkup is and more. I had travel sheets for every flight, the ability to access every flight plan ever, tons of picture attachments with reimbursement flight bookings containing PII again, aircraft maintenance data, you name it.

The government is now investigating the leak, with the TSA speaking of Daily Dot are aware of a potential cyber security incident, and we are investigating in coordination with our federal partners”.

If you’re wondering how many names are on the list, it’s hard to tell. Crime’s story Kotaku that in this version of the record “there are about 1.5 million entries, but given the many different pseudonyms for different people, it is very difficult to know the actual number of unique people on it” (2016 estimate it had numbers at “2,484,442 records, consisting of 1,877,133 individual identities”).

Interestingly, since the list was uploaded to CommuteAir’s servers in 2022, that was assumed to be the year the records were from. Instead, crime tells me “the only reason we are [now] I know [it] is from 2019 because the airline keeps confirming it in all its press statements, and before that we assumed it was from 2022.

You can check out the crime blog herewhile Daily Dot post—which says the names on the list include members of the IRA and an octogenarian—is here.

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button