Insecure Server Reveals US Government’s “Do Not Fly List”

Why is it important: A US regional airline accidentally released a classified No-Fly List document that was given to government agencies. Although the list was removed from the network, the hacker who discovered the confusion revealed a number of unsavory traits regarding security and systematic racism towards “dissenting” people.

CommuteAir used a server available on the Internet as a development platform and a Swiss hacker known as “maia arsoncrimew” was able to access the system and look around. The server turned out to be a treasure trove of sensitive data, both from the company’s commercial activities and from a secret database of people who are banned from flying to the United States.

The data, stored on an insecure server, contained a lot of company-related information, including the personal details of nearly 1,000 CommuteAir employees. In addition, a simple text file named “NoFly.csv” contained over 1.5 million different entries with names and dates of birth, although many of these entries were aliases or misspellings of pre-existing identifiers.

The official “no-fly list” referenced in the classified file is a subset of the much larger Terrorist Screening Database (TSDB), which is a central terrorist watch list administered by the FBI and used by several federal agencies to compile specific watch lists and for passengers . screening activities. Individuals present on the TSDB are suspected or known to be associated with terrorist organizations, while those on the no-fly list are under no circumstances allowed to board airline flights.

According to crimewow, the no-fly list included notables such as Viktor Bout (with more than 16 potential aliases), a Russian arms dealer recently released by the US as part of a prisoner exchange initiative to free American basketball player Britney Griner. The list also included suspected members of the Irish paramilitary IRA and, oddly enough, an eight-year-old child, based on date of birth alone.

CommuteAir later confirmed the security incident with the development server and the legitimacy of the data included, stating that the criminally uncovered no-fly list was a federal database dating back to 2019. more than 80,000 people. The previously opened copy of the larger TSDB contained 1.9 million records.

What CommuteAir identifies as a blacklist may indeed just be a copy of a much larger TSDB. Both lists have been repeatedly criticized for being massive and bloated systems designed to spy on dissidents.

According to Hina Shamsi, director of the American Civil Liberties Society’s (ACLU) National Security Project, the TSDB and a smaller no-fly list have been used for 20 years to attack U.S. citizens who are “disproportionately Muslim, and of Arab or Middle Eastern and South Asian descent.” origin.” These people have to endure stigma, embarrassment and “life hardships because they can’t fly in our modern age,” Shamsi said, while the US government maintains its bloated surveillance system based “on secret standards and classified evidence with no meaningful process to challenge.” the government’s mistake and clear their names.”

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button