www.vice.com Open in urlscan Pro
151.101.129.132  Public Scan

Form analysis
2 forms found in the DOM

<form><label class="sr-only" for="search-bar__input">Input for searching articles, videos, shows</label><input type="text" id="search-bar__input" role="searchbox" value="" placeholder="Search articles, videos, shows" required=""><button type="submit"
    role="button" aria-label="Search" class="nav-bar__search-bar__button"><svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
      <path fill-rule="evenodd" clip-rule="evenodd"
        d="M6.55892 10.7328C8.86408 10.7328 10.7328 8.86408 10.7328 6.55892C10.7328 4.25376 8.86408 2.38506 6.55892 2.38506C4.25376 2.38506 2.38506 4.25376 2.38506 6.55892C2.38506 8.86408 4.25376 10.7328 6.55892 10.7328ZM6.55892 13.1178C10.1813 13.1178 13.1178 10.1813 13.1178 6.55892C13.1178 2.93653 10.1813 0 6.55892 0C2.93653 0 0 2.93653 0 6.55892C0 10.1813 2.93653 13.1178 6.55892 13.1178Z"
        fill="white"></path>
      <path fill-rule="evenodd" clip-rule="evenodd" d="M14.5219 15.9015C14.3906 16.0328 14.1777 16.0328 14.0464 15.9015L9.18249 11.0376L11.0376 9.18249L15.9015 14.0464C16.0328 14.1777 16.0328 14.3906 15.9015 14.5219L14.5219 15.9015Z" fill="white">
      </path>
    </svg></button></form>

<form class="user-newsletter__form" novalidate="">
  <div class="user-newsletter__form__wrap"><input type="email" name="email" id="email" class="user-newsletter__form__input" value="" placeholder="Your email address"><label class="user-newsletter__form__label" for="email">Your Email:</label> </div>
  <button aria-label="newsletter submit button" type="submit" class="vice-button vice-button--black user-newsletter__submit">Subscribe</button>
</form>

Text Content

Advertisement


Sign InCreate Account
+ English


VICE
 * Video
 * TV
 * News
 * Tech
 * Rec Room
 * Food
 * World News
 * The 8:46 Project
 * Games
 * Music
 * Health
 * Money
 * Drugs
 * Identity
 * Entertainment
 * Environment
 * Travel
 * Horoscopes
 * Sex
 * VICE Magazine
 * The Gender Spectrum Collection
 * Shop Merch

VICE
 * 
 * 
 * 

Sign InCreate Account
 * Video
 * TV
 * Podcasts
 * Apps
 * Newsletters
 * VICE Voices
 * Rec Room

Input for searching articles, videos, shows
 * 
 * 
 * 
 * 
 * 
 * 
 * 

 * News
 * Tech
 * Rec Room
 * Food
 * World News
 * The 8:46 Project
 * Games
 * Music
 * Health
 * Money
 * Drugs
 * Identity
 * Entertainment
 * Environment
 * Travel
 * Horoscopes
 * Sex
 * VICE Magazine
 * The Gender Spectrum Collection
 * Shop Merch

 * About
 * Jobs
 * Partner
 * VICE Voices
 * Content Funding on VICE
 * Security Policy
 * Privacy & Terms
 * Accessibility Statement
 * Do Not Sell or Share My Info

© 2023 VICE MEDIA GROUP



U.S. ‘NO FLY LIST’ LEAKS AFTER BEING LEFT IN AN UNSECURED AIRLINE SERVER


The list, which was discovered by a Swiss hacker, contains names and birth dates
and over 1 million entries.
by Matthew Gault
January 20, 2023, 5:03pm
 * Share
 * Tweet
 * Snap

PATRICK T. FALLON / Getty

A copy of the U.S. No Fly List has leaked after being stored on an unsecure
server connected to a commercial airline. The No Fly List is an official list
maintained by the U.S. government of people it has banned from traveling in or
out of the United States on commercial flights.

As first reported by The Daily Dot, a Swiss hacker known as maia arson crimew
discovered the list on an unsecured Jenkins server one night while poking around
on Shodan, a search engine that lets people look through servers connected to
the internet. 

Advertisement


“Like so many other of my hacks this story starts with me being bored and
browsing shodan (or well, technically zoomeye, Chinese shodan), looking for
exposed jenkins servers that may contain some interesting goods,” crimew said in
a blog about the leak. “At this point I've probably clicked through about 20
boring exposed servers with very little of any interest, when I suddenly start
seeing some familiar words. ‘ACARS,’ lots of mentions of ‘crew’ and so on. Lots
of words I've heard before, most likely while binge watching Mentour Pilot
YouTube videos. Jackpot. An exposed jenkins server belonging to CommuteAir.”

On the server was a large amount of company data about CommuteAir, including the
private information about its employees. There was also a file containing a copy
of a 2019 edition of the No Fly List. The list includes names and birth dates
and more than 1.5 million entries, but many of those entries are aliases that
all reference the same person.“It’s so much bigger than I thought it’d be,”
crimew told Motherboard.

“TSA is aware of a potential cybersecurity incident, and we are investigating in
coordination with our federal partners,” a spokesperson for the TSA told
Motherboard.

The United States has maintained a No Fly List for decades, but its number was
much smaller in the days before 9/11 and only contained 16 people. After the
attacks and the creation of the Department of Homeland Security, the list
rapidly expanded. The exact number of people on the list is unknown, and the
leaked data is a few years old and contains multiple entries for a single
individual, but recent estimates put the total number at somewhere between
47,000 and 81,000 people.

“It’s a perverse outgrowth of the U.S. police and surveillance state,” crimew
said. “Just a list with no due process…mostly just based on them being related
to someone or being from the same village as someone. It’s so massive. I feel
like this has no place anywhere. I feel like this doesn’t solve the problem.”

crimew told Motherboard they weren’t shocked to stumble on an unsecured copy of
the No Fly List. “I’ve been digging into various jenkins [servers] for a while
and there’s just so much to find,” they said. “It was just a matter of time
until I found something like this.”

CommuteAir said the leak happened because of a misconfigured development server.
“The researcher accessed files including an outdated 2019 version of the federal
no-fly list that included first and last name and date of birth,” it said.
“Additionally, through information found on the server the researcher discovered
access to a database containing personal identifiable information of CommuteAir
employees.  Based on our initial investigation, no customer data was exposed.
CommuteAir immediately took the affected server offline and started an
investigation to determine the extent of data access. CommuteAir has reported
the data exposure to the Cybersecurity and Infrastructure Security Agency, and
also notified its employees.”

Tagged:worldnewsterrorismno-fly lists


ORIGINAL REPORTING ON EVERYTHING THAT MATTERS IN YOUR INBOX.

Your Email:
Subscribe

By signing up, you agree to the Terms of Use and Privacy Policy & to receive
electronic communications from Vice Media Group, which may include marketing
promotions, advertisements and sponsored content.




MORE


LIKE THIS

 * Tech
   
   
   TWITTER BANS ELON MUSK FLIGHT TRACKING ACCOUNT AFTER HE SAID IT WOULDN’T, FOR
   FREE SPEECH
   
   Musk said, “My commitment to free speech extends even to not banning the
   account following my plane,” after taking over Twitter.
   
   Matthew Gault, Jordan Pearson
   12.14.22
   
 * Tech
   
   
   NEW TOOL LETS YOU SEARCH TONS OF OLD CDS AND FLOPPY DISKS FOR LOST MEDIA
   
   DiscMaster lets you search and view millions of old files from the early days
   of the internet.
   
   Matthew Gault
   10.19.22
   
 * Tech
   
   
   RUSSIAN HACKERS TRIED TO BREAK INTO THE U.S.'S TOP NUCLEAR LABS: REPORT
   
   The national laboratories research everything from nuclear fusion power to
   maintaining America's stockpile of warheads.
   
   Matthew Gault
   01.10.23
   
 * Tech
   
   
   FTX FOUNDER DEEPFAKE OFFERS REFUND TO VICTIMS IN VERIFIED TWITTER ACCOUNT
   SCAM
   
   A fake digital Sam Bankman-Fried used a Twitter blue account to trick
   followers into enrolling in a fake crypto giveaway.
   
   Matthew Gault
   11.21.22
   
 * Tech
   
   
   MYSTERIOUS ANTENNAS ARE APPEARING IN UTAH'S HILLS AND OFFICIALS ARE STUMPED
   
   City officials have found around a dozen of the antennas and no one is sure
   what they're for.
   
   Matthew Gault
   01.06.23
   

Advertisement





YOUMAY LIKE

[Bilder] Das Auto, das Greta Thunberg besitzt, sagt alles Das Auto, das Greta
Thunberg besitzt, sagt alles ADVERTISEMENT: I Am Famous
[Fotos] Eva Brenner lebt ein bescheidenes Leben Sie war in den 90ern hübsch,
jetzt ist es schwer, sie anzusehen ADVERTISEMENT: Cars&Yachts
Doctors Baffled: This Is What Detoxification Through The Feet Really Brings
ADVERTISEMENT: tech4-you.com
We Will Guess Your Education Level in 20 Questions ADVERTISEMENT:
https://themoneytime.com/

Three scenarios for how war in Ukraine could play out ADVERTISEMENT: The
Economist
Wall St. Legend Warns: "Huge Market Change is Coming" ADVERTISEMENT: Visionary
Profit
Ferienhäuser in Dänemark am See mit Motorboot Ferienhäuser in Dänemark suchen
ADVERTISEMENT: Ferienhaus | Suchanzeigen
Your Memory Is Photographic If You Can Name Even 10/20 Films From One Frame
ADVERTISEMENT: https://themoneytime.com/




MORE


FROM VICE

 * Tech
   
   
   AMAZON BUYS ROOMBA COMPANY, WILL NOW MAP INSIDE OF YOUR HOUSE
   
   The corporate giant has purchased a company that uses robots to map the
   interior of people’s homes. Also, it vacuums.
   
   Matthew Gault
   08.05.22
   
 * Tech
   
   
   MARK ZUCKERBERG TELLS JOE ROGAN THAT RUNNING FACEBOOK SUCKS, METAVERSE IS
   BETTER
   
   “It’s almost like everyday you wake up and you’re punched in the stomach,"
   the billionaire CEO told Rogan.
   
   Matthew Gault
   08.25.22
   
 * Tech
   
   
   ELON CONTINUES TWITTER CHAOS, KILLS ‘OFFICIAL’ BADGE FEATURE IN UNDER 24
   HOURS
   
   Killing his first Twitter feature so quickly is an example of the chaos that
   has roiled Twitter since Musk took over.
   
   Matthew Gault
   11.09.22
   
 * Tech
   
   
   DID HANS NEIMANN CHEAT AT CHESS WITH A SEX TOY? THIS CODER IS ATTEMPTING TO
   FIND OUT.
   
   ButtFish is a program that, hypothetically, would let someone communicate to
   an AI chess program using a butt plug.
   
   Matthew Gault
   09.27.22
   
 * Tech
   
   
   TESLA STOCK IS PLUMMETING AND REDDIT INVESTORS ARE BLAMING MUSK’S TWITTER
   CHAOS
   
   Tesla is in the toilet and some of the people on Wallstreetbets are left
   holding the bag.
   
   Matthew Gault
   11.08.22
   
 * Tech
   
   
   A GEN Z CODER JUST TOOK A CONSERVATIVE GROUP'S ANTI-STUDENT LOAN RELIEF
   CAMPAIGN OFFLINE WITH SPAM
   
   The Job Creators Network is no longer asking the internet how "unfair"
   student loan relief is after coder Sean Wiggs unleashed his spam script.
   
   Chloe Xiang
   09.23.22
   

Advertisement





 * About
 * Jobs
 * Partner
 * VICE Voices
 * Content Funding on VICE
 * Security Policy
 * Privacy & Terms
 * Accessibility Statement
 * Do Not Sell or Share My Info

© 2023 VICE MEDIA GROUP