Maia Arson Crimew's "No-Fly List" Leak

[View Related Sub-entries]

PROTIP: Press 'i' to view the image gallery, 'v' to view the video gallery, or 'r' to view a random entry.

This submission is currently being researched & evaluated!

You can help confirm this entry by contributing facts, media, and other evidence of notability and mutation.

Overview

Maia Arson Crimew's "No-Fly List" Leak refers to the January 2023 leak of a purported 2019 version of the American TSA's "No-Fly List" by a Swiss LGBTQ+ hacker named Maia Arson Crimew who leaked the info involving terrorists on her blog maia.crimew.gay. The leak inspired mass news coverage (first by the Daily Dot), memes and online discourse predominantly on Twitter and TikTok. Many highlighted her photo called Holy Fucking Bingle and discussed backlash reiterated by lesbian Twitter users about her identity as a "bi lesbian."

Background

Maia Arson Crimew is a 23-year-old Swiss developer and computer hacker^[10] formerly known as Tillie Kottmann (also known as deletescape and antiproprietary). She first became known for her hacking in July 2020 when she leaked the source codes of many companies like Intel and Nissan.^[11] She maintains a Telegram channel called "ExConfidential."^[10]

TSA No-Fly List Leak

On January 19th, 2023, Daily Dot^[1] journalists Mikael Thalen and David Covucci published an exclusive article titled, "U.S. airline accidentally exposes ‘No Fly List’ on unsecured server," in which they stated that a Swiss hacker known as "maia arson crimew" leaked a 2019 version of the "Terrorist Screening Database" (also known as the TSA's "No-Fly List") on her website (maia.crimew.gay^[2]). The leaked list included roughly 1.5 million names and aliases of people who have been barred from air travel due to having suspected or known ties to terrorist organizations.

The Daily Dot reached out to Maia Arson Crimew for questioning, who said, among other things:

“It’s just crazy to me how big that Terrorism Screening Database is and yet there is still very clear trends towards almost exclusively Arabic and Russian sounding names throughout the million entries.”

On her website's home^[2] page, it states:

hello i am maia arson crimew (it/she) and i am gay, mostly for girls, and i'm a tiny kitten :3

i know lot's of things about cyber security, programming and far too little about music but i still try to do all those things at once. if you like the things i do here or on social media you can support me on ko-fi. links to the various things i do can be found in the footer. if you're looking for some more serious info about me, there is wikipedia for that.

← → C maia. crimew.gay maia.crimew.gay 88 X 31 maia Don't Click Here arson crimew home | blog | sample packs hello i am maia arson crimew (it/she) and i am gay, mostly for girls, and i'm a tiny kitten :3 i know lot's of things about cyber security, programming and far too little about music but i still try to do all those things at once. if you like the things i do here or on social media you can support me on ko-fi. links to the various things i do can be found in the footer. if you're looking for some more serious info about me, there is wikipedia for that. rss feed birded site | fedded verse | sounded cloud | last dot federated states of micronesia | gitted hub gitted tea versary S ANARCHY Sleegy f A sleeqy fKitten's a oat.zone town Now! Zone A.C.A.B. archlinux radio Korner D slimes... "Now! L Slug ca

The blog^[3] post on her website that centered on the leak was titled, "how to completely own an airline in 3 easy steps and grab the TSA nofly list along the way," and it was created on January 19th, 2023, in conjunction with the Daily Dot's piece. The section outlined how she purportedly hacked the TSA's "no-fly list" by randomly browsing Zoomeye, the Chinese Shodan, and "looking for exposed jenkins servers that may contain some interesting goods." She then found "an exposed jenkins server belonging to CommuteAir."

The blog post included many self-made memes from Maia Arson Crimew including one in the style of a GIF caption reading, "this aviation shit getting serious" (shown below, left). Once she found the "no-fly list," she posted a photo of a stuffed Sprigatito Pokémon with the caption, "holy shit, we actually have the nofly list. holy fucking bingle. what?! :3" (shown below, right).

this aviation s--- get serious Remote site: /ForNavtech/ACARS IN STY DUT PDF OUT ForNavtech ACARS IN AIMS IN FUELIN Filename A Filesize Filetype in-01012023-00... in-01012023-00... in-01012023-00... in-01012023-00... in-01012023-01.... in-01012023-01... in-01012023-01.. in-01012023-011... in-01012023-01 in-01012023-01... in01012023-01 in-01012023-01... in-01012023-01 in-01012023-01... in-01012023-01 01012023-01... in-01012023-0 125 RCV-file 126 RCV-file 129 RCV-file 133 RCV-nte 126 RCV-file 126 RCV-file 133 RCV-file 127 RCV-file 127 RCV-file. 127 RCV-file 129 RCV-file 127 RCV-file 127 RCV-file 127 RCV-file 127 RCV-ke 127 RCV-le 126 RCV-e 127 RCV nie 127 RCV-tie 127-BOY- 05012023-01 in-01012023-01 Last modified Permission Owner/Gro 658 500 658 500 658 500 658 500 658 500 658 500 658 500 658 500 658 500 658 500 01012023-01 01/06/2023. -rw-r 01/06/2023... ----- 01/06/2023... -rw-r---- 01/06/2023. -rw-r- 01/06/2023... -rw-r--- 01/06/2023... -rw-r--- 01/06/2023... -rw-t-- 01/06/2023 -rw-r--- 01/06/2023. -rw-r-- 01/06/2023 01/06/2023 01/06/2023. 01/06/2023 01/06/2023 01/06/2023 01/06/2023 QU06/2023 QU09/2023 01/06/2023 01/04/2023 28319 fos Total size 3.581552 bytes -ZW-7-7- -W-I--- -TW-1- 578 the 4-4- 658 500 658 500 558 500 658 500 658 500 658 500 658 500 658 500 458 900 658-500

h--------, we actually have the nofly list. holy f------ bingle. what?! :3 commute Visual Studio Codle 11:41 T & 6 HUAWEI - / 7 Z H BA 1 ( 8 U N 9170 O 1 9 1 M O O ; . L ? P 6 O : Alt Gr ė A Ctrl al L 51 A

Maia Arson Crimew ended the blog post with a section titled, "so what happens next with the nofly data," in which she stated that the no-fly list data would only be handed over by her to parties "with legitimate interest," specifically writing:

while the nature of this information is sensitive, i believe it is in the public interest for this list to be made available to journalists and human rights organizations. if you are a journalist, researcher, or other party with legitimate interest, please reach out at nofly@crimew.gay. i will only give this data to parties that i believe will do the right thing with it. alternatively the data is now also available for access (upon request) via DDoSecrets.

Online Reaction

On January 19th, 2023, one of the Daily Dot journalists that broke the story, Mikael Thalen, posted a tweet^[4] that announced the publishing of his article, gaining roughly 3,400 likes in four days. The tweet gained more engagement as it was retweeted and quote retweeted by various users, racking up its views to over 1.2 million in four days.

Soon after, Twitter users began reacting to the story in viral tweets, such as Twitter^[5] user SarahBurssty on January 19th, who emphasized in a tweet, "the person who ended up cracking the TSA no fly list is a trans person whose blog is bright pink and purple like its still the mid-2000s …" gaining roughly 5,200 likes in four days (shown below, left). Also on January 19th, Maia Arson Crimew posted her own QT^[12] of Thalen's tweet,^[4] writing, "this was one of the most fun stories i've worked on so far, thanks for the great collaboration once again Mikael and David," and gaining over 800 likes in four days (shown below, right).

Sarah Burssty @SarahBurssty so the person who ended up cracking the TSA no fly list is a trans person whose blog is bright pink and purple like its still the mid-2000s and took a pic of the no fly list with a sprigatito plushie, of which the domain for all of what i mentioned ends in .gay we stay winning 5:10 PM. Jan 19, 2023 144.1K Views ●

maia arson crimew @_nyancrimew this was one of the most fun stories i've worked on so far, thanks for the great collaboration once again Mikael and David Mikael Thalen @MikaelThalen • Jan 19 NEW: The federal No Fly List was exposed on an open server discovered by a security researcher last week. The list, which was being stored by the US airline CommuteAir, contained over 1.5 million rows of data including names, aliases, & birth dates. dailydot.com/debug/no-fly-l... Show this thread ●●● 4:51 PM Jan 19, 2023 79.7K Views www

Many memes and reactions about her hack centered on her status as a member of the LGBTQ+ community, as well as about the "old web" aesthetic of her website. For instance, on January 21st, 2023, Twitter^[6] user PunishedLink tweeted two screenshots with one showing her blog's homepage and the other showing the various news outlets covering the leak, captioning them, "Someone leaking the entire no fly list on this fucking blog is the funniest thing I've ever seen." The tweet received roughly 109,900 likes in two days (shown below).

Lucas @Punished Link Someone leaking the entire no fly list on this f------ blog is the funniest thing I've ever seen maia arson crimew home blog | sample packs O results (0.60 seconds) 5 ⠀ how some exposed hello i am maia arson crimew (it/she) and i am gay, mostly for girls, a 11:27 AM Jan 21, 2023 5.2M Views i know lot's of things about cyber security, programming and far too still try to do all those things at once. if you like the things i do here can support me on ko-fi. links to the various things i do can be found looking for some more serious info about me, there is wikipedia for st data ed site | fedded verse sounded cloud | last dot federated states of micronesia | gitted hub versary A.B. archlinux A sleegy fr town HOYU ANARCHY Now! Zone radio DB The Daily Beast TSA's 'No Fly List' Data L Up for Grabs on Unprotec Server: Report 22 hours ago CBS News : How did no-fly list of suspected terrorists end u online? 3 hours ago More news →

Holy Fucking Bingle

Maia Arson Crimew's photo of a stuffed Sprigatito Pokémon soon evolved into its own meme primarily due to her caption for the photo that centered on the phrase Holy Fucking Bingle. For instance, on January 21st, 2023, Twitter^[7] user E3kHatena wrote, "'holy fucking bingle. what?! :3' might be the funniest string of obviously transfem text this year and it’s on a blog leaking the fucking no fly list," earning over 12,000 likes in two days (shown below).

E3kHatena @E3kHatena : 1,636 Retweets 26 Quote Tweets 12.3K Likes *** "holy f------ bingle. what?! :3" might be the funniest string of obviously transfem text this year and it's on a blog leaking the f------ no fly list. 1:34 PM. Jan 21, 2023 223.5K Views

Maia Arson Crimew's "Neopronouns and Bi Lesbian" Discourse

Despite many in the LGBTQ+ community reacting positively to Maia Arson Crimew's No-Fly Leak, a certain number of lesbian Twitter users became disgruntled with her identity as a self-proclaimed "bi lesbian." Her since-deleted tweet that sparked the backlash read, "neopronouns slap and ive used them myself for a while before !!! while we're at it im a bi lesbian for the record." Some Twitter users were angered, like one QT that read, "ever had your worldview SHATTERED and everything you love STRIPPED AWAY AND BURNED" (shown below).

ever had your worldview SHATTERED and everything you love STRIPPED AWAY AND BURNED maia arson crimew @_nyancrimew - 9m Replying to @KinographyKing neopronouns slap and ive used them myself for a while before !!! while we're at it im a bi lesbian for the record

The aforementioned QT screenshot was tweeted^[8] by Maia Arson Crimew on January 22nd, 2023, who captioned it, "let me just tell u that this is not a normal way to react to someones queer identity," and received over 790 likes in one day. Other tweets from Maia Arson Crimew about the backlash received more engagement, like one tweet^[9] posted by her on January 22nd that read, "let me just delete that tweet i dont have the energy to deal with people cancelling me over an innocent word i use to describe myself y'all are incredibly childish," and earned roughly 3,600 likes in less than a day (shown below).

maia arson crimew @_nyancrimew ... let me just delete that tweet i dont have the energy to deal with people cancelling me over an innocent word i use to describe myself y'all are incredibly childish 9:25 PM Jan 22, 2023 446.4K Views 78 Retweets 148 Quote Tweets 3,692 Likes

Various Reactions

The TSA no fly list got leaked in the funniest possible way h-------- MR. BISHOP dandy @daxdives CAN CNN Republican lawmaker indicates Congress will investigate TSA no-fly list TSA Pre 个 ENTRANCE o Zoomly Fox Business TSA 'no fly' list leake being found on unse airline server note: this is a slightly more technical and comedic write up of the story covered by my friends over at dailydot, which you can read here step 1: boredom like so many other of my hacks this story starts with me being bored and browsing shodan (or well, technically zoomeye, chinese shodan), looking for exposed jenkins servers that may contain some interesting goods. at this point i've probably clicked through about 20 boring exposed servers with very little of any interest, when i suddenly start seeing some familar words. "ACARS", lots of mentions of "crew" and so on. lots of words i've heard before, most likely while binge watching Mentour Pilot YouTube videos, jackpot, an exposed jenkins server belonging to CommuteAir. 2030 rss feed birded site fedded verse sounded cloud last dot federated states of micronesia | gitted hub Igitted tea HOSTAS M 88 X 31 a ost zo SAM estmeline A.C.A.B. Carchinu 1:53 AM Jan 22, 2023 2.2M Views SARE WOVE This site is part of the lavender software webring! SAIME T

imgflip.com Leaking world government secrets as a lark uwu theme tumblr user with time to kill War thunder players p----- their fave vehicle is 5% too slow Manden 2012

@missbeifong “ways to own an airline in 3 easy steps” #news #leaked #reaction #tumblr #blog #hacked #fyp #twitter #storytime ♬ original sound – squid/syd

@.kingink #fyp #foru2023 #inksociety #tiktokwinter2023 #noflylist ♬ Ginger Claps – Machine Girl

Search Interest

Unavailable.

External References

^[1] The Daily Dot – U.S. airline accidentally exposes ‘No Fly List’ on unsecured server

^[2] maia.crime.gay – home

^[3] maia.crime.gay – how to completely own an airline in 3 easy steps

^[4] Twitter – @MikaelThalen

^[5] Twitter – @SarahBurssty

^[6] Twitter – @PunishedLink

^[7] Twitter – E3kHatena

^[8] Twitter – @_nyancrimew

^[9] Twitter – @_nyancrimew

^[10] Wikipedia – maia arson crimew

^[11] Bleeping Computer – Source code from dozens of companies leaked online

^[12] Twitter – @_nyancrimew

Sub-entries 1 total

Holy Fucking Bingle

Recent Videos

There are no videos currently available.

+ Add a Video

Recent Images 25 total

Maia Arson Crimew's "No-Fly L... Uploaded by Owen	Maia Arson Crimew's "No-Fly L... Uploaded by sakshi	Maia Arson Crimew's "No-Fly L... Uploaded by Owen	Maia Arson Crimew's "No-Fly L... Uploaded by Owen
Maia Arson Crimew's "No-Fly L... Uploaded by Owen	Maia Arson Crimew's "No-Fly L... Uploaded by Owen	Maia Arson Crimew's "No-Fly L... Uploaded by Owen	Maia Arson Crimew's "No-Fly L... Uploaded by Owen
Maia Arson Crimew's "No-Fly L... Uploaded by Owen	Maia Arson Crimew's "No-Fly L... Uploaded by Owen	Maia Arson Crimew's "No-Fly L... Uploaded by Owen	Maia Arson Crimew's "No-Fly L... Uploaded by Owen

+ Add an Image

View All Images

Top Comments

Greyblades

Jan 23, 2023 at 03:12AM EST

“It’s just crazy to me how big that Terrorism Screening Database is and yet there is still very clear trends towards almost exclusively Arabic and Russian sounding names throughout the million entries,”

…Really?

+61

Pyroniusburn

Jan 23, 2023 at 11:14AM EST

One of my pet peeves this whole postmodern butchering of labels and stripping words of their meaning.

The label describes the identity, you do not choose a label you arbitrarily identify with it because it "feels good".
There is no such thing as a "Male lesbian" or a "bi lesbian", the same way there isn't the end of an infinity, totally contradictory ideas.

+55

+ Add a Comment