The Nonbinary Hacktivist Who Hijacked TSA’s No-Fly List
It only takes three easy steps to infiltrate one of the most important national security ledgers in the United States, according to Swiss hacktivist and software developer maia arson cimew (formerly Tillie Kottmann). In mid-January, the nonbinary hacker was leisurely browsing cyberspace search engines when they came across an unprotected server belonging to the airline CommuteAir. And after only a brief examination, crimew discovered they had access to sensitive flight information, personal information about CommuteAir’s employees, and most eye-catching of all, a file containing TSA’s No-Fly List.
The No-Fly List reveals who the United States government prohibits from traveling within, into, or out of the country. The Transportation Security Administration’s No-Fly List contains the names of people either perceived to be a threat to national security or possibly suspected terrorists. Among the names released were a Russian arms dealer (Victor Bout, whom the U.S. exchanged for imprisoned American basketball star Brittney Griner), alleged members of the Irish Republican Army, and an 8-year-old.
“I had trip sheets for every flight, the potential to access every flight plan ever, a whole bunch of image attachments to bookings for reimbursement flights containing yet again more PII, airplane maintenance data, you name it.” crimew reports in their delicious pink blog, “i had owned them completely in less than a day, with pretty much no skill required”
U.S. Homeland Security expresses concern over the security breach in a letter to TSA Administrator David Pekoske, saying, “the hacker claimed they may have been able to exploit their access to the server to cancel or delay flights and even switch out crew members. If this were to be the case, the national security implications of this are alarming.”
The list also raises serious questions about prejudices surrounding the “terrorist” label, as crimew phrased it to the Daily Dot, “It’s just crazy to me how big that Terrorism Screening Database is and yet there are still very clear trends toward almost exclusively Arabic and Russian sounding names throughout the million entries.”
“What problem is this even trying to solve in the first place?” the self-described anarchist told Insider, “I feel like this is just a very perverse outgrowth of the surveillance state. And not just in the US, this is a global trend.”
On Twitter, crimew describes themself as an “indicted hacktivist/security researcher, artist, mentally ill enby polyam trans lesbian anarchist kitten.” And though indicted for hacking activity in 2019-2021, the crimes which crimew has committed would likely not be punished in Switzerland, and much of the data they leaked was publicly available on the internet.
if just one more neolib think tank emails me asking for the nofly list to write some weird war mongering think pieces i am going to dismantle capitalism all by myself
— maia arson crimew (@_nyancrimew) February 4, 2023
