Hacker seizes control of airline systems, steals no-fly list out of boredom

The TSA is investigating the hack.

Updated: January 20, 2023 - 4:26pm

The Facts Inside Our Reporter’s Notebook

A hacker recently claimed to have seized control of airline systems for CommuteAir and secured its no-fly list claiming to have done so merely out of boredom.

Hacker "maia arson crimew," who previously used the alias Tillie Kottmann, spoke with the Washington Times, explaining the details of the operation. Crinew is a seasoned hacker and faces an outstanding grand jury indictment under the name "Till Kottman."

The outlet asked whether someone with access to CommuteAir's system could have canceled flights or produced physical airline ideas.

"Presumably yes, though due to the complexity of said [application programming interface], and the sensibility of it (given its production airline systems) I opted not to probe very deeply, so I cannot confirm this with certainty," was Crimew's response.

The hacker also managed to obtained the airline's no-fly list, which is a 2019 version of the Transportation Security Administration's list and contains the names and dates-of-birth of known or suspected terrorists.

The Times indicated that the hacker had alerted the airline to its security shortfalls. The small airlines runs flights out of Denver, Colo.; Houston, Texas; and Dulles International Airport outside of Washington, D.C.

The TSA is investigating the hack.

Just the News Spotlight