A Swiss hacktivist and self-proclaimed “anarchist kitten” managed to get his hands on America’s no-fly list – which contains the identities of known or suspected terrorists – not by breaching an impenetrable defense, but allegedly because a regional airline fooled them around on an unprotected server let . That’s the serious part of the news, but what people are talking about is how Anime is the site hosting the leak and that the new Pokemon on the block, Sprigatito, has apparently become the mascot of all of this.
Maia Arson Crimew explains on a fabulously pink blog (opens in new tab) with a meowing sound pack the hack started out of relative boredom. She searched exposed servers and wasn’t expecting to find much before stumbling upon an exposed server owned by CommuteAir that contained an old no-fly list with over 1.5 million entries (but which includes multiple aliases, so the number of individual persons is far below.
As part of the Maia Arson Crimew blog took a picture (opens in new tab) their screen with the sensitive information. However, what slightly obscures the screen is a plush of a Srigatito. That would be Bingle the Crimew explained (opens in new tab) came into her possession as a thank you for finding a “massive vulnerability” on a Japanese merch retailer’s website.
Of course, the internet also got involved, of which you can see the highlights below.
A Uwu trans polyam anarchist hacking into the United States No Fly List blogging this on his super cute website at (name) dot crime dot gay is the most biblically accurate account of hacking I’ve come across in the 21st century th century have seenJanuary 23, 2023
Trans women rule the world and the no fly list hack is just another example 🏳️⚧️🖤 pic.twitter.com/CaA2Hz8NJUJanuary 22, 2023
The no fly list leaked with :3 on the same page is INSANE LMAOOOOOO pic.twitter.com/baNf0TsSENJanuary 22, 2023
Since publishing the blog, Commute Air has confirmed the legitimacy of the data to The Daily Dot (opens in new tab), explaining that the exposed infrastructure was used for testing purposes and that the list is four years old. While the exposed server also contained information about nearly 1,000 CommuteAir employees, the airline claims no customer information was breached.
In addition, the Transportation Security Administration has confirmed that they are aware of the cybersecurity incident and are conducting an investigation.
Elsewhere in the Pokemon fandom, the owner of it valuable Pokemon Yellow copy Destroyed by US Customs says they are shocked at ‘pointless damage’
