This database and others were found on an unprotected server by a hacker formerly known as Tilly Kottmann. It has recently changed its name to maia arson. In addition to the No-Fly List, there was also a government terror scan database containing a string of company’s own data, including information on hundreds of thousands of people and records of nearly 1,000 CommuteAir employees.

Who is on the list?

The researcher and hacker told reporters that he was “just bored” and while researching the Zoomeye search engine, he discovered another unprotected Jenkins server that abounds on the internet. In this particular server, attention was drawn to the abbreviation ACARS (Airborne Communications Addressing and Reporting System) and multiple occurrences of the word “crew”, after which it was revealed that the unprotected machine belonged to the airline CommuteAir.

• A wide variety of data was stored on the public server, including personal information of CommuteAir employees, flight routes, flight plans, aircraft maintenance information, and more.
• A file containing a copy of the so-called “No-Fly List” of 2019 was also found there at the end. This list includes more than 1.56 million records and even names and dates of birth, but many records are identical. Such bases emerged in the early 2000s, after the September 11 terrorist attacks. Initially, they included only a few dozen names (often these were “people known or reasonably suspected of involvement in terrorist activities”), but after terrorist attacks and the establishment of the Department of Homeland Security, the lists began to expand rapidly. .

• The list also includes Russian arms dealer Viktor Bout, as well as more than 16 possible nicknames and birthdays.
• There were also suspected members of the IRA, an Irish paramilitary organisation.
• Another person, according to Crimea, was listed as 8 years old by year of birth.
• Most of the entries in the list are names of Arabic or Middle Eastern origin.

It amazes me how large this database is, but it still shows a very clear trend towards names that seem almost entirely Arabic and Russian among a million entries.
– said the hacker, adding that there are also European names in the archives.

CommuteAir officials confirmed the leak. It was allegedly due to a misconfigured development server. The company immediately shut down the server and launched an investigation into the incident, and also said that customer data was not affected.

The crime of arson promises to provide the list to journalists and human rights organizations for the “public interest” on its blog. At the same time, the researcher still found it wrong to publish the list in open access.

who is maia arson

In 2021, US officials accused the hacker of hacking more than 100 companies and leaking confidential data. According to the latest information, he is in Switzerland, which does not have an extradition treaty with the United States. No longer can the investigator leave his home country, fearing an international arrest warrant, which has likely already been issued by Interpol.

He describes his finding as “a perverse product of American law enforcement and the US police state in general.” According to him, this is “a list without proper legal procedures” that people enter simply based on whether they know someone or live in the same village.