Header image created as fanart for @_nyancrimew by Sprouts (@coolartcorner) (Source: Twitter)

Imagine the shock and horror of the most sophisticated national security apparatus on the planet, upon realizing that their multi-billion dollar Terrorism Watch List and Selectee Screening List (known colloquially as the “No Fly List”) were obtained from an unsecured airline server by a self proclaimed “Anarchist Kitten.” Yeah. Owned by a nonbinary catgirl. UwU, spooks, UwU.

The corporate press is going to have difficulties even reporting on the exploits of Maia Arson Crimew (that’s pronounced Crime-Mew) or her trademark phrase “Holy Fucking Bingle!" (a bingle, as it turns out, is a kind of minor accident or upset). These concepts and words are incomprehensible, impenetrable and even unprintable for aging legacy media institututions. A nonbinary swiss catgirl hacker using a port scanning tool called Shodan to identify unprotected servers is something straight out of William Gibson. CDProjektRed could file for copyright infringement. Crimew's exploits can be taken as further proof that we are indeed, living in the future.

Her motivation? Ideology? Profit? According to a blog post on her blog maia.crimew.gay, the primary catalyst for this stunning revelation was boredom. This could be the most relatable hacker in history.

As science fiction author Gregory Benford said in 1975 “The role of boredom in human history is underrated.”

Snowden and Greenwald demonstrate "peaking early".

File under [photos that aged poorly].

This is a far cry from Snowden and Greenwald getting sweaty while doing some light treason, with their cellphones in the microwave of a Hong Kong hotel room. The national security implications, however, are just as staggering. If not more so.

There's something to the hacker's domain name crimew.gay. A joke in the LGBT community is that the slogan "be gay, do crimes" usually just means "be gay". If there are crimes, these are usually limited to jaywalking. Finally, a role model who takes the crime part seriously.

The hacker has been compared to Aaron Swartz in Swiss media. That's a flattering if rather unsettling comparison, given how Swartz' life ended. Is Maia in immediate danger of imprisonment for liberating information? Switzerland does maintain an extradition treaty with the United States and according to Maia's wikipedia page, Swiss authorities have raided her parents house before, in response to a US grand jury indictment in March 2021 on criminal charges related to her alleged hacking activity between 2019 and 2021.

As reported on CNN, a republican congressman stated that congress “Will be coming for answers”.  In a tweet on the subject, Bishop, a representative from the party responsible for the policies which created the No Fly List in the first place, concedes that “the list is a civil liberties nightmare."

The congressman is not wrong. Googling a random sampling of people from the leak, which was shared with Warp Media, turns up social media profiles, family linkages, employment records, news articles and even home addresses. A cursory review of surface-level SOCMINT (that’s social media intelligence to those of you not inured to the acronyms of surveillance) turns 1.1 million lines of data in to a staggering doxx of global "terror" suspects. The key word here is “suspect”. Many of the people appearing on the list were never charged with a crime.

Nonprofit and civil liberties organizations have long expressed concern with the No Fly List, Terrorism Wach List and Selectee list. Chief among these was a lack of transparency for who was on the list and how they were added, a lack of appeals process, the unregulated sharing of this sensitive information with potentially negligent entities (like the airline CommuteAir which this leak came from) and the potential for human rights abuses if the list leaked. Well, the nightmare came true.

America doesn't share its intelligence and risk assessments with every government for obvious reasons. Unfortunately, the exceedingly cute kitten has escaped the bag and the list is with newsrooms now. A bunch of people worldwide risk being surveilled, jailed, tortured or killed because their names appear (even erroneously) in a US database.

Despite having long since become one with the dust of Syria, Mohamed Farah Shirdon remains on the no fly list.

There are of course, Canadians on the Terrorism Screening and Selectee lists. Farah Mohamed Shirdon (a Daesh supporter) appears on the list. Shirdon was killed in 2017 in Syria, but was still on the list as of 2019. Shirdon had been at the center of an RCMP campaign to force a VICE reporter to turn over his kik instant message chat logs with the terror suspect. There are actually a lot of deceased people whose names remain on the list, which hints that it is easy to be added, but the review/removal process is imprecise. It is possible that nobody is following up on these names.

Kevin Omar Mohamed also appears on the list. Mohamed had been in contact with former CSIS infiltrator from the Toronto 18 terror plot and former Taliban supporter Mubin Shaikh since around 2014. In 2017 "counter-extremism" researcher and social movement expert Amarnath Amarasingam summarized Kevin's ideology in a twitter thread. It is believed that Mohamed traveled to Turkey in 2014 for the purposes of joining Al-Nusra front in Syria. His lawyer contested that this was a humanitarian trip. Ultimately a meme posted to twitter featuring a screenshot from the infamous "No Russian" level in the video game Call of Duty: Modern Warfare provided pretext for INSET to move to arrest him. A 2019 article written by Global's Stewart Bell identifies part of Mohamed's sentencing requirement as a requirement to undergo religious counseling. Stephanie Carvin a former national security analyst is quoted as questioning the effectiveness of that counseling approach. In a press release which appears to have been removed from the RCMP’s website, the RCMP states that Mohamed has since been investigated for breaching the conditions of his probation order, and was re-arrested by the O team of INSET in 2020.

Omar Khadr was still on the No Fly List as of 2019. Khadr, a former Taliban child soldier and Guantanamo detainee was arrested in Afghanistan in 2002 at the age of 15. In 2017 Khadr received a $10 million payout from the Canadian federal government and an apology for his treatment and detention. He remained on the US no fly list in 2019.

Another Canadian, a Sikh extremist Ripudaman Singh Malik was acquitted in 2005 of mass murder and conspiracy charges related to a pair of bombings targeting Air India flights. He was assassinated in Surrey, BC last year and appears to have been on the list as of 2019, despite his acquittal in the Air India case.

Former Canadian Forces reservist Patrik Mathews, affiliated with Neo Nazi group 'The Base' does not appear to have been on the list. Mathews was a prominent headline in both Canadian and American national security spaces in late 2019. It is possible the list was compiled before his story broke, or his name appears elsewhere on another list which was not included with this leak.

Emily Gorcenski, a data scientist who participated in counter-demonstrations in Charlottesville prepared a twitter thread summarizing the various white supremacists and neo nazis who appear on the no fly list leak. Many of the members of the far right who participated in Charlottesville and related violence were listed.

Texas based media outlet Daily Dot who broke the story and liased with Nyancrimew during the expository phase of her investigation, state that the list from Nofly.csv and the accompanying Selectee.csv (Gotcha) are actually technically the “Terrorism screening list” a larger document of around 1.5 million names, which encompasses the no-fly list, and identifies individuals of general national security or aviation security concern in the US.

Ashley Kent Johnston, a former Australian reservist who traveled to Rojava to help the Kurdish people there fight ISIS.

Foreign fighters who had traveled to oppose ISIS made the list, too. Ashley Kent Johnston is an Australian reservist killed in 2015 in Tel Hamis, Syria. He traveled to fight with the #Kurds in Rojava, despite it being illegal for him to do so. In addition to legal consequences he faced back home in Australia, the US put him on the #NoFlyList. The names of publicly identified Canadian volunteers who traveled to Kurdistan do not appear on the list. This indicates that the policies of individual ally (or NATO/Five Eyes) member nations toward specific conflicts may have affected America’s disposition towards these individuals traveling to warzones.

Implications

The implications of the leak, in terms of its scale and scope are staggering. 2019 is far from ancient history. Given that operations in the Global War on Terror (GWOT) were being deliberately scaled back in 2020 amid the Coronavirus pandemic and ahead of the 2021 withdrawal from Afghanistan, the 2019 Terrorism Screening List leak contains a snapshot of America's peak pre-pandemic threat actors.

The leak can also quite easily expose undercovers or other things which agencies would call sources and methods. While it is possible the leaked document represents only a partial version of the Terrorism Watch List, terror groups and states can certainly reference their member names/aliases against the database to see who the US knows about, and infer a lot from that. In 2021 a similar breach actually happened but did not circulate. The security expert Volodomyr Diachenko, who broadcast the existence of that breach stated that “In the wrong hands, this list could be used to oppress, harrass, or persecute people on the list and their families. It could cause any number of personal and professional problems for innocent people whose names are included in the list.” Worst case scenario, then.

As to the question of ethics, Nyancrimew, the "anarchist kitten" behind the leak said to the Daily Dot, "while the nature of this information is sensitive, i(sic) believe it is in the public interest for this list to be made available to journalists and human rights organizations.” The Warp concurs with this assessment, adhering to the anarchist principle of “radical transparency” as an editorial position. Keeping information secret only serves to benefit the dishonest. Putting this information in the hands of journalists has the potential to address the overreaches of the security state and unravel many mysteries and corruptions. At the end of the day, the consequences of the list’s exposure (and there will be consequences) rest with the people who created it and the people who were responsible for securing it.

Reflections

Not to put too fine a point on it, but if you wanted to build an A team of America's enemies, there's over a million lines in the main spreadsheet. So, what are you waiting for, aspiring revolutionary? Slide in to a few DMs, send some emails, see what happens. (For legal and safety reasons this is a joke, DO NOT DO THIS).

The key takeaway is that no matter how secure you think your data is, you're one cybersecurity fail away from inadvertently leaking hundreds of thousands of natsec targets in a massive civil liberties violation. There's no solution. If it exists, it will leak some day unless you destroy it. Best not to have it. On the left, activists should very much take care not to gloat. It is bad the Terrorism Screening List existed. It's bad the list was stored unsecured.

Shaikh works with far right podcaster and a fellow infiltrator to "convert" a compromised left wing activist.

In Canada, it is particularly concerning because the same federal infiltrator who was interacting with Kevin Omar Mohamed in 2014, was also involved quite recently in drama involving the Canadian antifascist community. Shaikh and another federal infiltrator successfully converted a "former" left wing activist to condemn the left's extremism on a far right podcast. Kevin Mohamed wound up on the No Fly List and has been in and out of custody since 2016. If Shaikh is interacting with the left in an effort to coax people away from it, and the people he tried to coax away in 2014 are currently on the list, it does imply that Terrorism Watch List may be imminently expanding.

Of course, as with most things in security and law enforcement spaces, the list is hideously racist. The vast preponderance of names on the list are Arabic, Persian, South Asian or Russian. It was long suspected just how culturally and racially biased national security processes were in US national security. This isn't an argument that we need to add more white people to the list (though they certainly did that after 1/6). The creation of a heavily biased list should never have happened under any circumstances. Prior to 9/11 there were 16 people on the no-fly list. It should have stayed that way.

It is safe to say that the same people previously focused on individuals like Kevin Mohamed, are now increasingly focused on the left wing activists who spent the last five years opposing organized fascism, racism and the far right. And we’ve seen, as with the Australian fighter on the list who died fighting ISIS, the security state has no problem in designating its “friends” and “allies” as probable terrorists when it is expedient to do so.

All of this hints that federal national security priorities in Canada, and probably the US, are expanding to include the antifascist and anarchist communities. Comparing numbers given in this leak to those from the 2021 data exposure, it seems the list grew by around 500k names between 2019 and the January 6, 2021 insurrection. Despite a clear coup attempt by the far right, it was an antifascist from Albany who received the longest prison sentence of any given out so far, in connection with the January 6 insurrection. Georgia Police just charged 7 left wing activists with domestic terrorism after killing one, at an environmental protest to stop “Cop City” in Atlanta. The state needs an unending supply of new enemies to justify its never ending quest for power.

It is a lesson for radicals which has held true since the time of John Brown. You are not permitted to fight for ideology, your own, or others’ liberation, until the national security state has managed to align those goals with the interests of capital, first. In the end, the list comes for us all.

Kevin Metcalf is an antifascist, security and human rights writer living in so-called Toronto, Ontario where he works as a landscaper full time. He is also the managing editor of The Warp and in his spare time he runs a gaming YouTube channel.

If you like anarchy, hacking, kittens or owning airlines in a way that makes the entire national security state recoil in shock and horror please consider supporting @_nyancrimew on her Ko-fi by buying her a coffee. https://ko-fi.com/nyancrimew she deserves it!