In July this year, cybersecurity researcher Bob Diachenko discovered a secret terrorist watchlist on the Internet. Apparently, the watchlist belonged to the Terrorist Screening Center (TSC), a multi-agency group administered by the FBI. The organization is responsible for maintaining the U.S. ‘No-Fly’ watchlist. The watchlist contained 1.9 million records detailing people’s full name, citizenship, gender, date of birth, passport number, no-fly indicator, and more.
Diachenko reported the leak to Department of Homeland Security officials, who acknowledged the incident and thanked him for his work. He further discovered and reported the server on July 19th. However, the takedown was completed on August 9th. It took close to three weeks to take the server down. The TSC watchlist contains sensitive information on many people who have not exactly been convicted of anything.
What is a TSC Watchlist?
Many screening agencies use the TSC watchlist to identify known or suspected terrorists entering the country. However, most people on this list are innocent as the watchlist has a history of false positives. Because of this, it’s not unusual to see innocent people on the TSC’s no-fly watchlist.
After 2015, the U.S. changed its policy and began privately informing people in the U.S. who were added to the list. However, people from other countries still can’t find out if they are on the TSC watchlist until they try to board a plane. This inconveniences many travelers hoping to visit America only to be turned back at the last minute.
FBI’s No-Fly Watchlist in Danger
The exposed server was discoverable through search engines such as Censys and ZoomEye. However, as it took three weeks to take down the list, it is unclear whether unauthorized users were accessing the data or not. In the wrong hands, this list could have disastrous consequences. Seeing as it contains susceptible information related to U.S. national security concerns. Each entry contains the following info on the 1.9 million people on the TSC watchlist.
- Full name
- TSC Watchlist ID
- Date of birth
- Passport number
- Country of issuance
- No-fly indicator
The TSC watchlist can also be used to harass people on the list and their families. If exposed, it could also lead to them losing their jobs or their loved ones.