The FBI Terrorism Screening Center’s secret “no-fly” sparked more debates after a Swiss hacker who was exploring unsecured servers shared her findings.
Maia arson crimew, described by the Department of Justice as a “prolific” hacker, said she was scraping an online search engine full of vulnerable servers on January 12.
The Daily Dot first reported that the server, hosted by CommuteAir contained among its files a redacted 2019 version of the anti-terrorism “no-fly” list. The files “NoFly.csv,” and “selectee.csv” found by crimew contain over 1.8 million entries including names and dates of birth of people the FBI identifies as “known or suspected terrorists” who are prevented from boarding aircraft “when flying within, to, from and over the United States.”
“Based on our initial investigation, no customer data was exposed,” Erik Kane, a spokesperson for CommuteAir, said in a statement to Insider. “CommuteAir immediately took the affected server offline and started an investigation to determine the extent of data access. CommuteAir has reported the data exposure to the Cybersecurity and Infrastructure Security Agency, and also notified its employees.”
