Swedish hackers recently uncovered a no-fly list used by the FBI to bar suspects from flying, but this data, including passport numbers, dates of birth and other personal information, remains secure. It was left by a server who wasn’t there. It’s amazing considering the FBI’s no-fly list, which is used for the protection and security of aviation networks, was very easily accessed by hackers due to lack of proper encryption and server he security.
This is a prime example of why data protection and cybersecurity should be a top priority, especially when it comes to sensitive information such as the FBI’s no-fly list. Why is security an important aspect of modern electronics? What did the hack show? What can engineers learn from this incident?
Why is security an important aspect of modern electronic devices?
As technology advances, so does our dependence on it, and modern life seems virtually impossible without access to computers, smartphones, and the internet. In fact, the importance of these three key technologies is so important that there is government legislation to ensure that all new properties are connected to high-speed internet cables, and properties with poor access are You can apply for grants and plans to help build better installations. internet infrastructure.
but like today Life increases our dependence on this technology, it also brings a lot of challenges. The first and most obvious challenge is that those without access to the latest technology are at risk of being left behind. For example, poor internet access makes it difficult to stream video content, access cloud-based software, and make reliable calls. This wasn’t an issue for him a decade ago, but the shortage of movie rental stores, the shift to cloud-only services, and remote work have made all these technologies essential.
A second challenge related to technology, specifically Internet-enabled technology, is: Makes your device vulnerable to cyberattacksFor example, 20 years ago most electronic devices didn’t have an internet connection. In other words, it was very difficult to hack remotely. However, since all devices have some kind of internet connection, anyone in the world can launch a remote attack.
To make matters worse, all of the critical infrastructure that runs modern civilization (road networks, air traffic control, power distribution, supply chains, etc.) is connected to the internet to some extent. Bring the country down with a massive cyber attack. This is why strong security measures in electronic devices are essential This includes using encryption to protect data streams, strong passwords to make devices harder to access, and unique identities for each device manufactured to prevent widespread simultaneous attacks.
Hackers find No Fly List on unsecured servers
recently, Swedish hackers reportedly announced discovery of FBI no-fly list and employee data On an unsecured server hosted by CommuteAir. The FBI’s no-fly list is an important database that informs airlines of individuals they consider to be potential criminal threats, such as terrorists and arms dealers. Persons attempting to board a plane on a no-fly list are automatically identified by computer systems (via stored personal information, such as passport numbers) and used by law enforcement for arrest or removal from the airport. can be safely approached by officers.
Under normal circumstances, No-fly lists can claim to be public information, because multiple airliners must be able to identify the individual of interest. In fact, it’s not entirely different from the FBI’s Most Wanted list. This list is open to the public and allows members of the public to report potentially dangerous offenders.
What made this particular hack concerning, however, is that the no-fly list also includes personal data such as names, passport numbers, and dates of birth. All of these can be used for identity theftWhile there is no doubt that some of the people on the list have good reasons, they could end up on this list during criminal investigations (even if they are innocent). Innocent civilians on the list are therefore at serious risk of numerous crimes, including fraud and targeted crime.
To make matters worse, the server also contained a list of data for 1,000 employees. Similar to no-fly lists, this data also includes passport numbers, addresses and phone numbers, all of which can be used for fraud.
What can engineers learn from this?
In such cases, it is difficult to understand why this is the case. According to hackers, the data was found on unsecured AWS cloud servers, which was probably forgotten. However, the server should still be created, data transferred to it, and used for practical reasons. None of the engineers involved decided to think about privacy, where personal data is stored, and how to protect it.
From this incident, Engineers can learn basic lessons; Data processing. Simply put, when working with data, consider where it is stored, how it is transmitted, and where it is used. If the data at rest is potentially private, it should at least be encrypted. If that data is held on a server with an internet connection, access to that server should only be through strong credentials. Finally, if that data is expected to be used remotely from that server, encryption should be used for transmission of that data.