The No-Fly List Has Been Leaked, TSA Investigating 'Cybersecurity Incident'

  • In Business
  • 2023-01-23 01:25:00Z
  • By Kotaku
Photo: crimew
Photo: crimew  

The Transportation Security Administration's No-Fly List is one of the most important ledgers in the United States, containing as it does the names of people who are perceived to be of such a threat to national security that they're not allowed on airplanes. You'd have been forgiven then for thinking that list was a tightly-guarded state secret, but lol, nope.

A Swiss hacker known as "maia arson crimew" has got hold of a copy of the list-albeit a version from a few years ago-not by getting past fortress-like layers of cybersecurity, but by...finding a regional airline that had its data lying around in unprotected servers. They announced the discovery with the photo and screenshot above, in which the Pokémon Sprigatito is looking awfully pleased with themselves.

Read more

As they explain in a blog post detailing the process, crimew was poking around online when they found that CommuteAir's servers were just sitting there:

Among other "sensitive" information on the servers was "NOFLY.CSV", which hilariously was exactly what it says on the box: "The server contained data from a 2019 version of the federal no-fly list that included first and last names and dates of birth," CommuteAir Corporate Communications Manager Erik Kane told the Daily Dot, who worked with crimew to sift through the data. "In addition, certain CommuteAir employee and flight information was accessible. We have submitted notification to the Cybersecurity and Infrastructure Security Agency and we are continuing with a full investigation."

That "employee and flight information" includes, as crimew writes:

The government is now investigating the leak, with the TSA telling the Daily Dot they are "aware of a potential cybersecurity incident, and we are investigating in coordination with our federal partners".

If you're wondering just how many names are on the list, it's hard to tell. Crimew tells Kotaku that in this version of the records "there are about 1.5 million entries, but given a lot are different aliases for different people it's very hard to know the actual number of unique people on it" (a 2016 estimate had the numbers at "2,484,442 records, consisting of 1,877,133 individual identities").

Interestingly, given the list was uploaded to CommuteAir's servers in 2022, it was assumed that was the year the records were from. Instead, crimew tells me "the only reason we [now] know [it] is from 2019 is because the airline keeps confirming so in all their press statements, before that we assumed it was from 2022."

You can check out crimew's blog here, while the Daily Dot post-which says names on the list include members of the IRA and an eight year-old-is here.

Click here to read the full article.


Leave a Comment

Your email address will not be published. Required fields are marked with *

Cancel reply


  • Finding the perfect dog gear can be difficult. There is so much on the market nowadays, and yet, there seems to be no standard for quality. All too often, you can order a product only to have it break just a few days after opening the packaging! But we want to make our products better! That is why we took it upon ourselves to try to change the dog industry, by starting up our own working dog clothing and gear store at Wk9DOG.Com


Top News: Business