Seriously? I know like none of the tools or terms they used, like wtf is shodan?
In general the author doesn't seem to follow the white hat guidelines, and I'd be worried what they've done is quite illegal (possibly on a federal level if the nofly list is so secret)
maia[0] (it/she pronouns) is almost certainly aware of that this is illegal, and has been indicted by a grand jury for other government hacks.
shodan[1] is a search engine that deals in hosts and ip addresses rather than web pages, and is a goldmine for finding everything from exposed ip webcams to jenkins instances.
US law is neither a universal law nor an international one.
Accessing computer systems owned by a US company based in the US might constitute a violation of US law, but the hacker is based in Switzerland - where US law does not apply.
As you can see in the linked Wikipedia article, accessing these systems is probably not illegal in Switzerland, thus, for all intents and purposes, no crime was committed.
Here's an indictment from 2019 for similar activities. It's a crime in the U.S., thus prosecutable in the U.S. The question is whether Swiss authorities cooperate, not the jurisdiction.
The jurisdiction is quite questionable. If someone in north Korea would decide I'm guilty of breaking some bizarre law, I couldn't care less. Why would a Swiss citizen care about what the united states think is a crime?
It's easier to get extradited to the US than to North Korea
In fact I don't think any countries will extradite you to North Korea. There's plenty (including many in the neighborhood of Switzerland) that extradite to the US for at least some crimes.
According to its Wikipedia page [1], Switzerland doesn't extradite their nationals (including maia) without consent. maia might be trapped in Switzerland, but as long as it stays there the US can't get to it.
Legalities aside, it's morally wrong to hack a server, disregard reasonable disclosure, and publish (even to a selected group) an in-depth list of personal information; all for political reasons! (at least going off what their Wikipedia page describes as their motivations).
"Look at you, hacker. A pathetic creature of meat and bone. Panting and sweating as you run through my corridors. How can you challenge a perfect immortal machine?" — Shodan
You actually have most likely come across mentions of shodan if you use HN often. It is that search engine for insecure systems like exposed/insecure webcams.
I know those tools and i agree. There's no skill required to use a search engine for compromised/misconducted servers to find a compromised/misconfigured server and then pile around on it. I don't think it's so good to publish it instead of reporting to the airline but I'm pretty sure that is for political reasons considering the author's political views.
I think she used publicly available common tools in this regard without specific knowledge of the airline industry. Even searching the internet is a special skill for those never used a computer or held a smartphone but is a no brainer for those never created a search engine algorithm.
As a nontechnical person who enjoys this stuff, also wasn't familiar. Anyone have a good rec for a starter guide for a nontechnical person to be able to do similar research (albeit in ideally more of a white hat approach)?
Seriously? I know like none of the tools or terms they used, like wtf is shodan?
In general the author doesn't seem to follow the white hat guidelines, and I'd be worried what they've done is quite illegal (possibly on a federal level if the nofly list is so secret)