Everyone makes mistakes at work, but leaving a no-fly list exposed on the Internet seems like a really bad mess.
This is said to be what happened with American Airlines CommuteAir. the The Daily Dot reported(opens in a new window) that a Swiss hacker known as “maia arson crimew” found the insecure server while using the specialized search engine SHODAN. Apparently there was Many Sensitive information on the server, including a copy of the no-fly list from four years ago. Somewhat funny, it was found via a text file titled “NoFly.csv.” This… is not hard to guess.
a blog post(opens in a new window) From Crimew titled “How to Completely Own an Airline in 3 Easy Steps” cited boredom as the reason for finding the server. They were just wandering around and found it.
“At this point, I’d probably clicked through about 20 boring exposed servers with very little interest, when all of a sudden I started seeing some familiar words,” says Crimew on his blog. “‘ACARS’, lots of references to ‘crew’ etc. Lots of the words you’ve heard before, probably while binge-watching Mentour Pilot YouTube videos. Jackpot. Exposed Jenkins valet belonging to CommuteAir.”
The tweet may have been deleted
(Opens in a new tab)
(opens in a new window)
CommuteAir, a regional airline based in Ohio, confirmed that the information on the server was original to the Daily Dot. The server has been disconnected.
“The server contained data from the 2019 version of the federal no-fly list that included first and last names and dates of birth,” Eric Kane, CommuteAir’s director of corporate communications, told the Daily Dot. “In addition, certain flight information and a CommuteAir employee were accessed. We have submitted a notification to the Cybersecurity and Infrastructure Security Agency and are continuing the full investigation.”
Information from the server has already been poured with some researchers say(opens in a new window) It shows how heavily the list is biased against Muslims. According to the Daily Dot(opens in a new window)While there is no official figure for the number of names on the no-fly list, Sen. Dianne Feinstein (D-Calif.) indicated in 2016 that there were more than 81,000 people on the list.