A hacker stumbled upon the no-fly list via unsecured airline server

Everybody makes mistakes at work but, leaving the no-fly list exposed on the internet seems like a really bad mess-up.

That’s reportedly what happened with the U.S. airline CommuteAir. The Daily Dot reported(Opens in a new window) that a Swiss hacker known as “maia arson crimew” found the unsecured server while using the specialized search engine Shodan. There was apparently a lot of sensitive information on the server, including a version of the no-fly list from four years ago. Somewhat hilariously that was reportedly found via a text file labeled “NoFly.csv.” That is…not hard to guess.

A blog post(Opens in a new window) from crimew titled “how to completely own an airline in 3 easy steps” cited boredom as the reason for finding the server. They were just poking around and found it.

“At this point, I’ve probably clicked through about 20 boring exposed servers with very little of any interest, when I suddenly start seeing some familiar words,” crimew says in their blogpost. “‘ACARS’, lots of mentions of ‘crew’ and so on. Lots of words I’ve heard before, most likely while binge-watching Mentour Pilot YouTube videos. Jackpot. An exposed jenkins server belonging to CommuteAir.”

Tweet may have been deleted
(opens in a new tab)
(Opens in a new window)

CommuteAir, a regional US airline headquartered in Ohio, confirmed the info on the server was authentic to the Daily Dot. The server has been taken offline.

“The server contained data from a 2019 version of the federal no-fly list that included first and last names and dates of birth,” CommuteAir Corporate Communications Manager Erik Kane told the Daily Dot. “In addition, certain CommuteAir employee and flight information was accessible. We have submitted notification to the Cybersecurity and Infrastructure Security Agency and we are continuing with a full investigation.”

The info from the server has already been poured over, with some researchers saying(Opens in a new window) it shows how the list is heavily biased against Muslim people. According to Daily Dot(Opens in a new window), while there is no official number to how many names are on the no-fly list, Sen. Dianne Feinstein (D-Calif.) suggested in 2016, that over 81,000 people were on the list.

Source link

Inairline, hacker, List, nofly, server, Stumbled, unsecured

The Affordable Connectivity Program Kept Them Online. What Now?

Is your MSI Claw struggling with performance issues? Download the latest GPU and BIOS update ASAP

Razer hit with $1.1M FTC fine over glowing ‘N95’ mask COVID claims

NYT ‘Connections’ hints and answers for May 1: Tips to solve ‘Connections’ #325.

Quordle today – hints and answers for Wednesday, May 1 (game #828)

Vega-C to launch Europe and China’s first joint space mission

Turns out the Rabbit R1 was just an Android app all along

Google’s Pixel 8A Is Coming, but Last Year’s Pixel 7A Is at Its Lowest Price Yet

Hisense’s new 5,000 nits mini-LED TV is so bright you may need to wear shades

The Affordable Connectivity Program Kept Them Online. What Now?

Is your MSI Claw struggling with performance issues? Download the latest GPU and BIOS update ASAP

Razer hit with $1.1M FTC fine over glowing ‘N95’ mask COVID claims

NYT ‘Connections’ hints and answers for May 1: Tips to solve ‘Connections’ #325.

Quordle today – hints and answers for Wednesday, May 1 (game #828)