The Transportation Security Administration’s (TSA) No Fly List found on an open server last week has been published on the dark web where anyone can see the 1.5 million entries – and it could ‘help terrorists sneak into the US.’
DailyMail.com obtained the complete list from 2019, which shows many highly profiled members of the Chinese Communist Party, Provisional Irish Republican Army (IRA), gun runners and convicted terrorists from the Middle East.
A security expert told DailyMail.com that while the content shared to the dark web is more novelty to most downloaders, it provides information to individuals on the No Fly List.
‘[The No Fly List] could be used by people on the list to avoid being flagged by using fake info to get onto a plane,’ Paul Field, a New Jersey-based security consultant, told DailyMail.com.
The bypass could be done when the individual purchases the ticket online or by modifying their boarding pass with a stolen name.
The No Fly list screening program grew from the September 11, 2001 terrorist attacks and involved airlines comparing their passenger records with federal data to keep dangerous people off planes.
However, the list has since shrunk over the years.
The unprotected server was run by CommuteAir and was first uncovered by a Swiss hacker who goes by crimew – they declined to comment when asked by DailyMail.com.
Field said it is doubtful hackers were able to obtain the list just by reading crimew’s blog about the discovery to access the No Fly List for themselves.
‘They blocked out specific server names and Amazon cloud buckets on the screenshots so very doubtful,’ he said.
‘I think they lied to the DDOSecret site that they shared it with, and who said they were only sharing with journalists.’
DDOSecret stands for Distributed Denial of Secrets and is a journalist non-profit that allows the free transmission of data in the public interest.
This group shared news of the breach and is offering the list only to journalists and researchers due to the personal identifiable information.
DailyMail.com found names of gun runners from London, convicted terrorists from India and gang members from the IRA while scanning the 1.5 million entries.
One of the IRA members is part of the Balcombe Street gang and was found guilty of a car bomb attack.
Another entry shows the name of an individual member of the neo-Nazi Afrikaner Resistant Movement.
Hundreds of individuals, if not thousands, are associated with the IRA, but more entries show names of terrorists from the Middle East.
One individual from the Middle East is said to have played a role in radicalizing young Muslims in the UK and then recruited them to Al-Qaida.
Approximately 988 entries are with the name ‘John,’ 507 in the list show the last name ‘Garcia’ and more than 6,000 first names of Mohammed.
There are duplicated entries and others for the same person but with different spellings.
Some of the individuals are as young as 13 years old.
‘I’m going to assume its children of known people that may not be using fake IDs, but the people traveling with them are,’ said Field.
And several entries for Osama Bin Laden, who was killed in 2011, but with different spellings.
‘The total of individuals is much less because there’s a separate line for every person’s alias,’ said Field.
‘There’s also obviously not much reconciliation done as Bin Laden is still in there.’
crimew said they stumbled upon the unprotected server out of sheer boredom.
‘Hardcoded credentials there would allow me access to navblue apis for refueling, canceling and updating flights, swapping out crew members and so on,’ reads the hacker’s blog.
Field told DailyMail.com that because crimew is in Switzerland they cannot be extradited for the breach.
‘Most white hat hackers wouldn’t have released the list, but the hacker who found it is already charged with previous hacking crimes but is located in a country that won’t extradite,’ he said.
‘[It] makes you think it’s being rubbed in the US government’s face.
‘But they can’t travel to most places as she would be grabbed and extradited.
‘90% of hackers in ‘the underground’ do it for kudos from other hackers and to be seen as the best, not for any financial gain.
‘And the fact that they posted the whole process makes me think that is the situation.’
DailyMail.com has contacted the TSA regarding the matter.
While the TSA has yet to respond to the latest leak, it did comment on the initial breach.
‘On January 27, TSA issued a security directive to airports and air carriers. The security directive reinforces existing requirements on handling sensitive security information and personally identifiable information,’ a TSA spokesperson told DailyMail.com.
‘We will continue to work with partners to ensure that they implement security requirements to safeguard systems and networks from cyberattacks.’
source: daily mail