A U.S. No Fly list with over 1.5 million records of banned flyers and upwards of 250,000 selectees has been shared publicly on a hacking forum. BleepingComputer has confirmed the list is the same TSA No Fly list that was discovered recently on an unsecured CommuteAir server. This month, Swiss hacker maia arson crimew, stumbled upon a misconfigured AWS server containing TSAs No Fly list, as first reported by Daily Dot journalist Mikael Thalen. The server in question belonged to Ohio-based airline CommuteAir. We verified with Thalen and another source that the lists posted on the forum are the same no-fly and selectee lists that were recently discovered on the CommuteAir server. BleepingComputer reviewed a portion of these lists-provided as two CSV files named, NOFLY and SELECTEE. The latter list likely names some of the passengers who undergo a Secondary Security Screening Selection at airports when flying into the U.S. The no-fly spreadsheet posted on the forum contains 1,566,062 records, and includes duplicates/spelling variations of some names. The SELECTEE list comprises 251,169 records. The presence of duplicates and aliases in the list implies the total number of exposed names are fewer than 1.5 million. Both spreadsheets contain a persons first name, last name, potential aliases, and date of birth. The lists, according to the hacker, are from the year 2019. The list mentions Russian arms dealer, Viktor Bout along with his 16 potential aliases, the Daily Dot observed.
FBI's TSC is relied upon by multiple federal agencies to manage and share consolidated information for counterterrorism purposes. The agency maintains a watchlist called the Terrorist Screening Database, sometimes also referred to as the No Fly list. Such databases are secretive, even if not Classified and regarded as sensitive in nature, given the vital role they play in aiding with national security and law enforcement tasks. Terrorists or reasonable suspects who pose a national security risk are Nominated for placement on the secret watchlist at the governments discretion. The No Fly list is generally withheld from the public eye. The list is referenced by private airlines and multiple agencies such as the Department of State, Department of Defense, Transportation Security Agency, and Customs and Border Protection to check if a passenger is allowed to fly, inadmissible to the U.S. or assess their risk for various other activities.
Researchers including Bob Diachenko have previously discovered secret terrorist watchlists left exposed on the internet, but these leaks were patched long before receiving mainstream news coverage. This is the first time such a list has been shared on a publicly accessible website for anyone to see. Interestingly, the list discovered in 2021 by Diachenko was rather detailed: containing fields such as names, gender, passport number along with the country of issuance, TSC ID, watchlist ID, etc. Compared to the one published on the forum this month.
Although the security breach originated at an exposed AWS server belonging to an airline, it has sent chills down the U.S. government machinery, with government officials and lawmakers probing into the matter. TSA has been investigating the cybersecurity incident. On January 27, TSA issued a security directive to airports and air carriers, a TSA spokesperson told BleepingComputer in an updated statement. The security directive reinforces existing requirements on handling sensitive security information and personally identifiable information. We will continue to work with partners to ensure that
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 30 Jan 2023 15:56:02 +0000