Basically any air charter service (no matter how small) will have access to the no fly list. It's honestly surprising that it's not up to date online within minutes.
If I was the US government, I would add some fake but legitimate-looking IDs in such lists, different ones for every airline I send the list to, so I can identify who leaked the list ex post facto, and come down with God's Wrath on any airline that leaked theirs.
But then, I am not a Bond-esque criminal organization bent for world domination.
