The Daily Observer London Desk: Reporter- John Furner
The Transportation Security Administration’s (TSA) No Fly List found on an open server last week has been published on the dark web where anyone can see the 1.5 million entries – and it could ‘help terrorists sneak into the US.’
The bypass could be done when the individual purchases the ticket online or by modifying their boarding pass with a stolen name.
The TSA’s No Fly List, found on an unprotected server last week, has now been shared toa forum on the dark web. Here, anyone can see the list and it could be used by individuals to bypass airport security
The No Fly list screening program grew from the September 11, 2001 terrorist attacks and involved airlines comparing their passenger records with federal data to keep dangerous people off planes.
However, the list has since shrunk over the years.
Field said it is doubtful hackers were able to obtain the list just by reading crimew’s blog about the discovery to access the No Fly List for themselves.
‘They blocked out specific server names and Amazon cloud buckets on the screenshots so very doubtful,’ he said.
‘I think they lied to the DDOSecret site that they shared it with, and who said they were only sharing with journalists.’
DDOSecret stands for Distributed Denial of Secrets and is a journalist non-profit that allows the free transmission of data in the public interest.
This group shared news of the breach and is offering the list only to journalists and researchers due to the personal identifiable information.
The No Fly List, which is from 2019, was shared to the dark web this week
Individuals on the list can use this information to alter boarding passes to bypass security
One of the IRA members is part of the Balcombe Street gang and was found guilty of a car bomb attack.
Another entry shows the name of an individual member of the neo-Nazi Afrikaner Resistant Movement.
Hundreds of individuals, if not thousands, are associated with the IRA, but more entries show names of terrorists from the Middle East.
One individual from the Middle East is said to have played a role in radicalizing young Muslims in the UK and then recruited them to Al-Qaida.
Approximately 988 entries are with the name ‘John,’ 507 in the list show the last name ‘Garcia’ and more than 6,000 first names of Mohammed.
There are duplicated entries and others for the same person but with different spellings.
Some of the individuals are as young as 13 years old.
‘I’m going to assume its children of known people that may not be using fake IDs, but the people traveling with them are,’ said Field.
And several entries for Osama Bin Laden, who was killed in 2011, but with different spellings.
‘The total of individuals is much less because there’s a separate line for every person’s alias,’ said Field.
‘There’s also obviously not much reconciliation done as Bin Laden is still in there.’
crimew said they stumbled upon the unprotected server out of sheer boredom.
‘Hardcoded credentials there would allow me access to navblue apis for refueling, canceling and updating flights, swapping out crew members and so on,’ reads the hacker’s blog.
‘Most white hat hackers wouldn’t have released the list, but the hacker who found it is already charged with previous hacking crimes but is located in a country that won’t extradite,’ he said.
‘[It] makes you think it’s being rubbed in the US government’s face.
‘But they can’t travel to most places as she would be grabbed and extradited.
‘90% of hackers in ‘the underground’ do it for kudos from other hackers and to be seen as the best, not for any financial gain.
‘And the fact that they posted the whole process makes me think that is the situation.’
While the TSA has yet to respond to the latest leak, it did comment on the initial breach.
‘We will continue to work with partners to ensure that they implement security requirements to safeguard systems and networks from cyberattacks.’
