A screenshot of maia arson crimew’s blog, where she announced the “no fly” list leak. Photo courtesy of Nau media.

US “No Fly” List Leaked

On Thursday, January 19th, a Swiss hacktivist known as maia arson crimew (it/she) released a blog post detailing its discovery of the 2019 Transportation Security Administration’s (TSA) “no fly” list. The no fly list is a subset of the FBI’s larger terrorist watch list that singles out people who are not allowed to board an airplane within or bound for the U.S.

Crimew says she was browsing Shodan (a search engine for internet-connected servers) when she came across a server belonging to airline CommuteAir. After a few minutes, crimew was able to view the entirety of the 2019 no fly list and employee records (including passport numbers, addresses, phone numbers, and credentials). She then offered distribution of the list to researchers and journalists.

Shortly after the leak, a TSA spokesman said the agency was “aware of a potential cybersecurity incident, and we are investigating in coordination with our federal partners.” Additionally, the TSA has released new security directives that “reinforce existing requirements on handling sensitive security information and personally identifiable information.”

Reactions to the list’s leak have been mixed. Edward Hasbrouck (he/him), an author and human-rights advocate, writes that “the most obvious pattern in the data is the overwhelming preponderance of Arabic or Muslim-seeming names.” More than 10% of the entries on the list contain “Muhammad” in either the first or last name fields. The FBI, however, claims its procedures for including people on the list are not “based solely on race, ethnicity, national origin, religious affiliation, or any First Amendment-protected activities such as free speech.”

While Hasbrouck has used this hack to criticize alleged Islamophobia in the TSA, others fear the dangerous implications of the list’s leak. Kenneth Gray (he/him), a retired FBI agent, told Business Insider, “If that information is released, then the public becomes aware of ongoing investigations. And those international terrorism cases, those ongoing investigations are normally classified. And so revealing this kind of information could lead to those individuals becoming aware that they are under investigation… This could be of potential use for a terrorist group, even if that was not the original intent for the hack.”

+ posts

Leave a Reply

Your email address will not be published. Required fields are marked *


Bola Tinubu Wins Nigerian Presidency

After Nigerians experienced an anxious few days waiting for results, Bola Tinubu (he/him) of the All Progressive Congress (APC) was announced the winner of what many expect to be the country’s most consequential presidential election in over 20 years.   Nigeria is Africa’s largest democracy, and has been so since the end of a roughly […]

Nikki Haley Announces Presidential Run

The GOP primary field just got bigger. On February 14th, Nikki Haley (she/her, R) announced her candidacy for president of the United States, becoming the second major Republican to declare their run after former President Donald Trump (he/him, R). In a video posted to YouTube, she vowed to “take on the Washington establishment and bring […]

Chemical Spills in Ohio, Arizona Force Evacuations

Two chemical disasters in the past weeks have raised concerns about how the United States handles transportation infrastructure and environmental damage. On February 3rd, a train carrying hazardous chemicals derailed in East Palestine, Ohio. Five cars carrying vinyl chloride, a toxic and flammable gas, were at high risk of exploding. In response, Governor Mike DeWine […]