A Swiss IT security researcher and activist sparked a data protection scandal in the US. People around the world are being affected directly and indirectly: it involves a long list of people who have been classified by US security authorities as suspects of terrorism or potential security threats and are therefore not allowed to fly.
What exactly happened?
A well-known Swiss hacker and data protection activist (see below) highly sensitive, supposedly unprotected data has fallen into the hands of the US government.
According to US media reports, she discovered and downloaded an explosive document on a server of the regional US airline CommuteAir (partner of United Airlines). The text file contains the identities of hundreds of thousands of people from the Terrorism screening database and the “No Fly List”. This concerns data that determine whether you are allowed to board a commercial aircraft and whether you are subject to stricter security checks.
The American medium Daily Dot reported exclusively on this last Thursday (January 19). When the media group “Vice” brought up the subject, it made international headlines over the past week.
Who is this Swiss hacker?
The one under the pseudonym Maia Arson Crimew According to her Wikipedia description, the acting person (formerly Tillie Kottmann) is a Swiss developer and computer hacker.
It has been repeatedly linked to data breaches that made headlines in the past.
In March 2022, the hacker gave swissinfo.org a video interview about her motives, explaining that she deliberately overstepped the boundaries of the law to point out social grievances. In the US, she was charged with data disclosure in 2021. She was charged with conspiracy, telecommunications fraud and serious identity theft, as reported by republik.ch.
Has the “No Fly” list been leaked and published?
no There are no reports on this.
The hacker, who works under the pseudonym Maia Arson Crimew, doesn’t just want to leak the data, she wants to make it accessible to people who have a legitimate interest in it. She was aware that the lists contained confidential information, but believed that “it is in the public interest to make this list available to journalists and human rights organizations”.
The hacker, who lives in central Switzerland, has therefore decided to proceed in a way that the public knows from Edward Snowden. The NSA whistleblower worked with select journalists, handing them highly sensitive documents he copied from Secret Service servers.
Why is that (also) important from a Swiss point of view?
The incident proves that US institutions are too lax with sensitive personal data. In addition, the content of the text file still needs to be discussed.
Since the terrorist attacks of September 11, 2001, the list has grown by hundreds of thousands of names. Civil rights groups, including the Council on American-Islamic Relations (CAIR) and the American Civil Liberties Union (ACLU), have already filed complaints of discrimination.
In the early 2000s, there were many reports of people being erroneously put on the no-fly list.
Important to know: The “No Fly List” differs from the “Terrorist Watch List” – a much more comprehensive list of people suspected by U.S. authorities of having links to terrorism, or who have been identified as potential security risks (see below).
Are there also Swiss names on the list?
This is not public knowledge.
The list is said to contain about 1.5 million names, mostly from the Arabic-speaking world; however, there are also plenty of Slavic and Spanish sounding names, as reported by the Daily Dot. It also contains numerous aliases (pseudonyms), making the number of people clearly affected much less than 1.5 million.
According to the hacker, among the millions of entries “there are still very clear trends towards almost exclusively Arabic and Russian sounding names”. Some of the people on the list were only four or five years old when they were on the list (see below).
The data was from 2019 and are partially obscured (blacked out) by the respective airline, CommuteAir, so that “only” the names and dates of birth of the individuals are visible.
According to the investigative journalists, the list included “several notable personalities”, including the recently released man Russian arms dealer Viktor Boutin addition to over 16 possible aliases for him.
Who is responsible for the list?
Ultimately, it is the US government.
The U.S. no-fly list is maintained by the Terrorist Screening Center (TSC), a federal agency created after the terrorist attacks of September 11, 2001.
The US Federal Police FBI authority also maintains the so-called “Terrorist Screening Database” (TSDB). This is the central monitoring list on which known and suspected terrorists are listed. This much larger list is made available to numerous U.S. government agencies, including law enforcement, the U.S. State Department, U.S. Immigration, and the Transportation Security Administration (TSA). The latter is also responsible for security checks at the airport.
What are the consequences of the find?
This is unknown.
The data breach should lead to an investigation by the US Congress. Republican MP Dan Bishop, who sits on the responsible oversight committee of the House of Representatives, announced this via Twitter.
How could that happen?
The US airline CommuteAir said the data was obtained from an (unauthorized) third party via a “misconfigured development server”. The vulnerability would have existed in an online computer system used for software testing.
In addition, the IT security researcher also gained access to a database containing personal data of CommuteAir employees on the server.
Based on initial findings, no customer data was released. The affected server was immediately taken offline and an investigation was launched.
Is this the first incident?
no
In August 2021, Ukrainian security researcher Volodymyr Dyachenko found a – probably even more current – list of people who classify the US as a security risk. At that time, a database on an IT system with a Bahrain Internet address was accessible, heise.de recalls. That list contained not only 1.9 million names, but also the citizenship, gender, date of birth, passport number and “no fly” status of those affected.
Sources
Soource :Watson
I am Amelia James, a passionate journalist with a deep-rooted interest in current affairs. I have more than five years of experience in the media industry, working both as an author and editor for 24 Instant News. My main focus lies in international news, particularly regional conflicts and political issues around the world.
