The Transportation Security Administration’s (TSA) no-fly list, found on an open server last week, has been leaked to the dark web, where anyone can see the 1.5 million entries — and it could “help terrorists sneak into the US.” .
has obtained the full 2019 list, which shows many high-profile members of the Chinese Communist Party, the Provisional Irish Republican Army (IRA), arms smugglers and convicted Middle East terrorists.
A security expert told that the content being shared on the dark web is new to most downloaders, but provides information to people on the no-fly list.
‘[The No Fly List] could be used by people on the list to avoid being flagged by using fake information to board a plane,” Paul Field, a New Jersey-based security adviser, told .
The circumvention could happen if the person buys the ticket online or by changing their boarding pass with a stolen name.
The TSA’s no-fly list, found on an unprotected server last week, has now been shared on a dark web forum. Anyone can see the list here and it could be used by individuals to bypass airport security
The no-fly-list screening program grew since the September 11, 2001 terrorist attacks and included airlines comparing their passenger records with federal data to keep dangerous individuals off planes.
However, the list has shrunk over the years.
The unprotected server was run by CommuteAir and was first uncovered by a Swiss hacker calling himself Crimew – they declined to comment when asked by .
Field said it was doubtful that hackers would have been able to obtain the list simply by reading Crimew’s blog about the discovery to access the no-fly list themselves.
“They blocked specific server names and Amazon cloud buckets on the screenshots, so very doubtful,” he said.
“I think they lied to the DDOSecret site they shared it with, who said they only shared it with journalists.”
DDOSecret stands for Distributed Denial of Secrets and is a journalistic non-profit organization that enables the free transmission of data in the public interest.
This group shared news about the breach and only offers the list to journalists and researchers due to the personal data.
The 2019 no-fly list was released on the dark web this week
People on the list can use this information to change boarding passes to bypass security
Scanning the 1.5 million entries, found names of London arms smugglers, convicted terrorists from India and IRA gang members.
One of the IRA members is part of the Balcombe Street gang and was found guilty of a car bomb attack.
Another entry shows the name of a single member of the neo-Nazi African resistance movement.
Hundreds, if not thousands, of people are linked to the IRA, but more entries show names of Middle Eastern terrorists.
A Middle Eastern figure is said to have played a role in radicalizing young Muslims in Britain and then recruiting them into al-Qaeda.
About 988 entries are with the name “John”, 507 in the list show the surname “Garcia” and more than 6,000 first names of Mohammed.
There are duplicate entries and others for the same person but with different spellings.
Some of the people are as young as 13.
“My guess is that these are the children of known people who may not be using fake IDs, but the people traveling with them are,” Field said.
And several entries for Osama Bin Laden, who was killed in 2011, but with different spellings.
“The total number of people is much less because there’s a separate line for each person’s alias,” Field said.
“There’s also obviously not much reconciliation since Bin Laden is still in there.”
Crimew said they stumbled across the unprotected server out of sheer boredom.
“Hardcoded credentials there would give me access to navblue APIs to refuel, cancel and update flights, swap crew members and so on,” the hacker’s blog reads.
Field told they are unable to extradite due to the violation as Crimew is based in Switzerland.
“Most white hat hackers would not have published the list, but the hacker who found it has previous hacking crime charges but is in a non-extradition country,” he said.
‘[It] makes you think it’s being rubbed in the nose of the US government.
“But they cannot travel to most places as it would be packed and delivered.
‘90% of ‘underground’ hackers do this to gain recognition from other hackers and to be seen as the best, not for financial gain.
“And the fact that they’ve made the whole process public makes me think that’s the situation.”