How to own an airline in 3 easy steps and grab the TSA nofly list along the way

1028 点作者 half-kh-hacker超过 2 年前

43 条评论

Headline buries the real lede a bit in my opinion; the author has gotten a snapshot of the no-fly list from 2019. Presumably the system under attack processes more up-to-date versions of it regularly.Corresponding news story: <a href="https://www.dailydot.com/debug/no-fly-list-us-tsa-unprotected-server-commuteair/" rel="nofollow">https://www.dailydot.com/debug/no-fly-list-us-tsa-unprotecte...</a>

评论 #34447130 未加载

评论 #34446930 未加载

评论 #34449173 未加载

评论 #34454142 未加载

评论 #34447897 未加载

INTPenis超过 2 年前

Hah shodan, the title made me think this was about starting a dummy airline and getting the nofly list from the government.

评论 #34450456 未加载

tastysandwich超过 2 年前

As a software engineer even I sometimes can't help romanticising hacking in my imagination. But so many times it turns out to be just like some company left the front gate wide open and the "hacker" walked in and took a look around.Eg when an airline had a public API where you could get someone's passport number and details just from their boarding pass <a href="https://mango.pdf.zone/finding-former-australian-prime-minister-tony-abbotts-passport-number-on-instagram" rel="nofollow">https://mango.pdf.zone/finding-former-australian-prime-minis...</a>

评论 #34449414 未加载

评论 #34465762 未加载

评论 #34451018 未加载

评论 #34450339 未加载

评论 #34450508 未加载

评论 #34450260 未加载

vunicipna超过 2 年前

Interesting hack, but this seems quite the brazen confession to a fair number of computer crimes. If I were the author, I'd be worried about getting arrested and potentially extradited for this. Especially as he deliberately downloaded a load of confidential information after gaining access, and then shared it around. He'd be looking at years in prison for this, in the US.

评论 #34448658 未加载

评论 #34449844 未加载

评论 #34450109 未加载

评论 #34448545 未加载

ohbleek超过 2 年前

I had always assumed that the “no fly” list was a phrase and that it didn’t refer to an actual list, but rather a database with more detailed information than a “can they fly?” Column with a Y/N entry. In pharmacy we have a database we have to access when we suspect there is abuse, fraud, or diversion of controlled substances. The database is regularly updated with current information about prescriptions that were dispensed including location, prescribing physician, etc. I had always assumed the “no fly” list would be something similar. Now that I think about it though, that wouldn’t be efficient or useful at all. It would make sense for it to be much more simple.

评论 #34450030 未加载

评论 #34463694 未加载

评论 #34450394 未加载

评论 #34448814 未加载

评论 #34450103 未加载

as_bntd超过 2 年前

I expected to read an article about actually owning an airline in 3 easy steps. :(

评论 #34449520 未加载

评论 #34450046 未加载

评论 #34451569 未加载

评论 #34448859 未加载

评论 #34453765 未加载

评论 #34455795 未加载

评论 #34469333 未加载

jkingsman超过 2 年前

For those unaware, maia is a pretty prolific hacktivist, and it has been indicted by a grand jury for a variety of USA govt penetrations but has USA proceedings on hold until it's extradited, which it's confident won't happen.<a href="https://en.wikipedia.org/wiki/Maia_arson_crimew" rel="nofollow">https://en.wikipedia.org/wiki/Maia_arson_crimew</a>

评论 #34451251 未加载

ericpauley超过 2 年前

This is clearly on the darker side of gray-hat. Hate to be preachy but anyone seeking to emulate this sort of attack-finding should consider their ethical obligations as a computer scientist and follow best practices for responsible disclosure. It appears this was completely ignored here, including sharing stolen sensitive data of normal people with whoever can plead a case.

评论 #34447012 未加载

评论 #34448792 未加载

评论 #34447311 未加载

评论 #34447009 未加载

评论 #34461319 未加载

评论 #34447846 未加载

评论 #34449533 未加载

评论 #34451116 未加载

评论 #34450163 未加载

ec109685超过 2 年前

While VPN's shouldn't be the only device, it seems like that should be part of any competent security posture. E.g. Jenkins should only be accessible from known VPN endpoint IP addresses.Administrative IAM's should be IP restricted as well: <a href="https://aws.amazon.com/premiumsupport/knowledge-center/iam-restrict-calls-ip-addresses/" rel="nofollow">https://aws.amazon.com/premiumsupport/knowledge-center/iam-r...</a>

评论 #34450197 未加载

mananaysiempre超过 2 年前

From the accompanying (and linked) Daily Dot article[1]:> On the list were several notable figures, including the recently freed Russian arms dealer Viktor Bout, alongside over 16 potential aliases for him.> [...]> Numerous names included aliases that were common misspellings or slightly altered versions of their names.For non-natively-Latin names, the US government is thorough to the point of hilarity in including every possible romanization and misspelling of one, and they list full names not their individual parts so combinatorics ahoy, as well. For example, if you know a bit of any Slavic language written in Cyrillic, browse the Russian sanction lists, it’s going to give you a chuckle.In all seriousness, this actually makes perfect sense given the prospective consumers of the lists may not have any clue about the languages the targeted people speak. It’s just that the article makes 16 aliases sound vaguely sinister, whereas if you’re a Russian—or, for that matter, a Ukrainian or a Belarusian—that’s just a reasonably low estimate for how many romanizations of your name people may think up. (Not that Bout isn’t sinister as hell.)[1] <a href="https://www.dailydot.com/debug/no-fly-list-us-tsa-unprotected-server-commuteair/" rel="nofollow">https://www.dailydot.com/debug/no-fly-list-us-tsa-unprotecte...</a>

评论 #34447636 未加载

评论 #34448319 未加载

评论 #34447429 未加载

mkl95超过 2 年前

TIL <a href="https://en.wikipedia.org/wiki/Maia_arson_crimew" rel="nofollow">https://en.wikipedia.org/wiki/Maia_arson_crimew</a>> In March 2021, crimew was indicted by a grand jury in the United States on criminal charges related to her alleged hacking activity between 2019 and 2021. The charges were unrelated to the hack of Verkada. Her home and her parents' home were raided by the Swiss police at the request of United States authorities, and her electronic devices were seized. People used the hashtag "#freetillie" to express support for her in the aftermath of the raid, and the Swiss magazine Republik compared her to Jeremy Hammond and Aaron Swartz.

评论 #34454203 未加载

评论 #34457122 未加载

评论 #34452038 未加载

评论 #34450444 未加载

评论 #34461117 未加载

评论 #34450489 未加载

评论 #34451001 未加载

评论 #34450794 未加载

raydiatian超过 2 年前

Wow, actual hacker news.For once.Meanwhile, another front page article is some genius asking why there aren’t any cars in 1984.

评论 #34449001 未加载

jhoelzel超过 2 年前

And this kids, is why you always need 2FA and you need to whitelist your build servers with ipranges. Yes Like the 90s.

shadowgovt超过 2 年前

Apropos of nothing, I also just really appreciate crimew.gay's aesthetic.This website is what me from 1993 thought a hacker's website would look like. A nod of respect to them for kickin' it old-school.

评论 #34449503 未加载

评论 #34455665 未加载

评论 #34449502 未加载

评论 #34451083 未加载

评论 #34450650 未加载

评论 #34449934 未加载

justinpombrio超过 2 年前

Cached version from the internet archive: <a href="http://web.archive.org/web/20230119220130/https://maia.crimew.gay/posts/how-to-hack-an-airline/" rel="nofollow">http://web.archive.org/web/20230119220130/https://maia.crime...</a>

personjerry超过 2 年前

> with pretty much no skill requiredSeriously? I know like none of the tools or terms they used, like wtf is shodan?In general the author doesn't seem to follow the white hat guidelines, and I'd be worried what they've done is quite illegal (possibly on a federal level if the nofly list is so secret)

评论 #34446923 未加载

评论 #34447146 未加载

评论 #34447740 未加载

评论 #34447352 未加载

评论 #34451033 未加载

评论 #34449751 未加载

评论 #34448566 未加载

评论 #34450094 未加载

评论 #34448216 未加载

pifm_guy超过 2 年前

Oh it must be nice to be able to do things like this, while only keeping an eye out for the laws of your own country, safe in the knowledge that your government won't extradite you for breaking the laws of another country.

curiousllama超过 2 年前

Hack aside, there's something poetic about leaking the no fly list from an email address called "nofly@crimew.gay"

colanderman超过 2 年前

Interesting to see ASCII SOH/STX/ETX in the wild! (^A, ^B, ^C in the .RCV files.)

评论 #34448299 未加载

flawn超过 2 年前

That's the Lawnchair app founder LOL

dboreham超过 2 年前

The headline made me think this was about a scheme where you register as an airline, just to get access to the list. I mean, how many planes do you need to own to be an airline?

ctb9超过 2 年前

assuming i was willing to ever interact with a SOAP api in my life which i sure as hell am not^^^ this killed me. i'm sure everyone who has ever interacted with a SOAP api feels the same. god bless this tiny kitten/person/hacktivist, the world needs more of this energy.

aj7超过 2 年前

<a href="https://www.egattorneys.com/federal-computer-hacking" rel="nofollow">https://www.egattorneys.com/federal-computer-hacking</a>See in particular the broad definition of “protected computer.”

LoganDark超过 2 年前

This is gonna be random but I love people just shamelessly being themselves on the Internet. This person is literally a kitty cat playing around and I find that adorable~Oh, also secure your Jenkins servers.

exabrial超过 2 年前

The TSA no fly list is a blatant violation of the Constitution: for the government to be able to remove a right, you must be convicted at trial.The fact it still exists at all is incredible, but a disturbing precedent.

computerfriend超过 2 年前

This would be a good candidate for a k-anonymous API where you can query if a specified full name, DoB, etc., is in the list without divulging the list or the request.

richwater超过 2 年前

I love the implication that this random person should be the authority on whether or not I can see the no-fly list.

评论 #34447694 未加载

评论 #34449570 未加载

评论 #34448402 未加载

IYasha超过 2 年前

"That would be the gayest site I've ever seen" :DSeriously, though, is the list on the github yet?

Symbiote超过 2 年前

Was there any penalty for CommuteAir or their employees for negligently distributing the list?

derelicta超过 2 年前

You never fail to amaze us, Maia

dandongus超过 2 年前

Surprised to see this guy wasn't already in prison due to his previous antics, and it's too bad he didn't responsibly report this issue through the proper channels. Everyone's luck is bound to run out at some point.

评论 #34450935 未加载

Animats超过 2 年前

They should just send the list to the New York Times and Fox News.

fomine3超过 2 年前

I'm not confident that is it safe to link to the site operated by such hacktivist. I prefer to see link for news article on HN headline, rather than criminal hacker's website itself, but I don't know rules.

hattmall超过 2 年前

Why is the no fly list sensitive information?

BMorearty超过 2 年前

`cat` aliased to `bat`, nice. :) I really like bat.

089513646753超过 2 年前

monkeya1超过 2 年前

Hey all im new. Didnt expect so many of yall to actively check & comment on this one app

评论 #34449950 未加载

culi超过 2 年前

> Suspected members of the IRA, the Irish paramilitary organization, were also on the list.Oof the international politics always come out in things like this. Twitter also publicizes all of its suspensions and bans. There's a Wikipedia article with a list of all the notable suspensions since 2010. It's interesting to see that, contrary to popular narratives, many of the international groups banned were actually far-left aligned.The list gets really boring the more you scroll down however. The last notable ban was Paul Graham for simply sharing their Mastodon handle. A boring dystopia indeed<a href="https://en.wikipedia.org/wiki/Twitter_suspensions" rel="nofollow">https://en.wikipedia.org/wiki/Twitter_suspensions</a>

评论 #34450013 未加载

评论 #34448661 未加载

评论 #34449156 未加载

评论 #34450755 未加载

评论 #34457468 未加载

评论 #34449203 未加载

评论 #34449796 未加载

评论 #34448649 未加载

评论 #34449457 未加载

c1ccccc1超过 2 年前

After seeing the title but before clicking on the article, I thought this would be about a legal hack rather than a security hole. More specifically, creating the minimum possible corporation that qualifies as an airline (so that you literally own an airline), and then saying to the government, "hey, we need the nofly list, we're an airline, see?". The actual hack sounds way easier, to be sure, but I still like my version the best.

评论 #34449051 未加载

评论 #34449278 未加载

twunde超过 2 年前

Relatively off-topic, but I absolutely love the 90s/early 2000s vibes I get from this. I can't remember the last time I saw a webring, much less one with animated logos.

评论 #34447798 未加载

评论 #34448442 未加载

评论 #34447710 未加载

评论 #34448481 未加载

评论 #34449369 未加载

评论 #34448667 未加载

stonepresto超过 2 年前

For reference, it/she [1] previously was named Tillie Kottman [2] and was indicted by the US in 2021 [3].[1] <a href="https://maia.crimew.gay/" rel="nofollow">https://maia.crimew.gay/</a>[2] <a href="https://en.wikipedia.org/wiki/Maia_arson_crimew" rel="nofollow">https://en.wikipedia.org/wiki/Maia_arson_crimew</a>[3] <a href="https://www.justice.gov/usao-wdwa/pr/swiss-hacker-indicted-conspiracy-wire-fraud-and-aggravated-identity-theft" rel="nofollow">https://www.justice.gov/usao-wdwa/pr/swiss-hacker-indicted-c...</a>

评论 #34449512 未加载

评论 #34449523 未加载

arcastroe超过 2 年前

This guy is a (hobbyist?) security researcher who responsibly alerts companies of vulnerabilities.However are his actions of downloading the no fly list and offering to share with journalists legal? Or does that cross into overreach and criminal activity?

评论 #34450039 未加载

评论 #34450477 未加载

评论 #34448181 未加载

评论 #34449515 未加载

评论 #34448170 未加载

评论 #34449851 未加载

评论 #34450481 未加载

评论 #34462219 未加载

评论 #34468765 未加载

评论 #34450750 未加载

birdyrooster超过 2 年前

Maia should try proton mail, it’s fine

评论 #34450442 未加载