Jan 23, 2023 12:00:00

A list of about 1.5 million flight bans was leaked from a server that was accidentally published by an airline company

It turned out that the server managed by

Commut Air in the United States was not protected by security, allowing hackers to break in and leak the stored data. In addition to the personal information of Commut Air employees, the data included information commonly known as the `` No Fly List '', which describes people suspected of being involved in terrorism.

US No Fly List Left on Unprotected Airline Server
https://www.dailydot.com/debug/no-fly-list-us-tsa-unprotected-server-commuteair/

Commut Air's server recorded the passport numbers, addresses, phone numbers of about 900 employees, more than 40 Amazon S3 buckets operated by Commut Air, and server user authentication information. Among the most important data was the 'No Fly List', which lists people suspected of being involved in terrorism and prevents them from boarding airliners.

Altogether, the No Fly List has about 1.5 million entries, with personal information like names and dates of birth, according to Swiss software developer and hacker Maia Arson Kleim, who accessed Commutair's servers. It was stated. The list included information about a Russian arms dealer, Viktor Bout , a suspected member of the Irish paramilitary group IRA , and a person whose date of birth indicates that he is now 8 years old. thing. However, the actual number of people on the list is well below 1.5 million, Climb said, including those who changed the spelling of their names or used pseudonyms.

The list contained Arabic, Middle Eastern, and Hispanic-sounding names, but Climb said, ``Despite the huge database, only Arabic and Russian names are listed. It's strange,' he said.

No Fly List was originally managed as a list containing information on 16 people, but it seems that the number of subjects gradually increased due to the simultaneous terrorist attacks in the United States . However, human rights groups have been sued for reasons such as false detection of people with the same name and the fact that completely innocent people are listed and there is no way to delete them.

The American Civil Liberties Union , which has long criticized the opacity of the No Fly List, said, ``American citizens targeted for the watch list are biased toward Muslims, Arabs, Middle Easterners, and South Asians. , or journalists who hold views that may be considered minority, may be listed.There is no challenge process for individuals, and governments can easily stigmatize individuals as terrorists. If the government were to use the list, it would have to set minimum specific disclosure standards and apply strict disclosure procedures for subjects to remove information from the list. ' said.

In response to this report, the Transportation Security Administration released a statement, ``We are aware of the possibility that a cybersecurity incident has occurred and are investigating in cooperation with federal partners.'' ``The server that was released this time was a test server for development, and an initial survey found that no customer information was leaked. The server is currently offline,'' said Commutair.