Government travel site hacked, remains shuttered

Share this article:
A government website used by a dozen federal agencies to book travel was hacked, redirecting federal employees to a site capable of downloading malware.

The site, GovTrip.com, remained offline as of Thursday afternoon EST.

The site was breached on or around Feb. 11, when some users attempting to login to the site were instead directed to a rogue site, said Robert Lesino, a spokesman for the General Services Administration (GSA), which manages federal agencies, in a statement. No personal data was exposed, and the government is investigating.

In addition to being used for government employees making travel reservations, the site -- operated by defense contractor Northrop Grumman -- also is used to reimburse employees by direct deposit.

Matt Castelli, director at Talis Data Systems, a San Diego-based maker of computer and network security products, told SCMagazineUS.com on Thursday that the hackers appeared set on obtaining sensitive information from users.

It appears the purpose of the attack was to collect data, such as credit card information, or login details to enable future remote access, he said in an email.

While the GSA would not detail what protections the system had in place, Castelli said traditional defenses such as firewall, intrusion prevention systems and SSL encryption probably wouldn't have helped.

"For a DNS [domain name system] or URL redirect methodology like this one, a lot of controls would not likely be in effect because the host server is outside the government enclave," he said. “To spoof a site like this though, in my opinion, required some forethought and planning, not like a random redirect of cnn.com to a prank website for instance...I suspect this was an information gathering-type attack.”

The system has been touted as saving taxpayers up to 50 percent of travel management costs. In addition to the GSA, GovTrip was used by the EPA, the Department of Energy, Department of Health and Human Services, Department of the Interior, Department of Transportation and the Treasury Department.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.