Network News

X My Profile
View More Activity

Travel-Booking Site for Federal Agencies Hacked

Govtrip.com, which handles travel reservations for at least a dozen U.S. government agencies, last week was infected with a virus that tried to install malicious software when users visited the site, causing some agencies to block employees from accessing it, Security Fix has learned.

Sometime on Feb. 11, hackers changed the Govtrip.com Web site to redirect visitors to a site that installed malicious software. A number of agencies, including the departments of Agriculture, Energy, Health & Human Services, Interior, Transportation, and Treasury, use the site exclusively to book travel arrangements. Govtrip.com also is used to reimburse workers via direct deposit, which means that many federal employees' checking account information is stored there as well.

On Thursday, Feb. 12, the Federal Aviation Administration began urging employees to avoid visiting the site. Rather, employees seeking to make travel arrangements were given instructions on how to book travel arrangements manually, FAA spokeswoman Laura Brown said.

"When we first realized there was a problem, we blocked access to the site from our end, because people who had contact with it were reporting some kind of virus being downloaded," Brown said.

Govtrip.com is managed by defense contractor Northrop Grumman, which declined to comment for this story. The company referred all inquiries to the General Services Administration.

GSA spokesman Robert Lesino said the agency's ability to comment was limited because the incident was still under investigation. GSA issued the following statement:

"On February 11, 2009, some users of GovTrip when logging on to the site were redirected to a site that delivered malicious software to their computers. No personal data was known to be compromised. The incident was quickly identified and a US CERT [alert] was issued. GSA, the vendor, and customer agency IT specialists are moving swiftly to identify short-term and long-term measures to find the source of the incident and to prevent such an incident from recurring."

On Tuesday, the Department of Transportation sent an agency-wide e-mail to employees warning them to steer clear of Govtrip.com.

"The Department has identified a security issue with the use of GovTrip. The GovTrip system has been blocked from inside the DOT network. Employees should not access GovTrip from any DOT/FHWA PC while at work and we strongly suggest employees refrain from any attempts to access GovTrip using a home system or government-issued laptop as this could cause the PC to be infected with a virus that may not be detected by your anti-virus software. This safeguard will be in effect until further notice. Once this issue is resolved, all employees will be notified when to resume use of the GovTrip system."

While it remains unclear what type of malware infested Govtrip.com, there are indications that the site's administrators are still struggling to keep it available and online. The site was inaccessible throughout Tuesday evening and into Wednesday morning.

Update, Feb. 21, 2:53 p.m. ET: According to an analysis shared with Washingtonpost.com, the compromise of govtrip.com came from multiple sources and was fairly extensive. From an internal government memo:


The General Services Administration (GSA) and Northrop Grumman (NG) contractor has conducted extensive forensic analysis and confirmed that the GovTrip systems were successfully compromised. Forensic analysis revealed that hackers were able to gain access from four remote systems (3 systems residing in Taiwan and 1 system belonging to Harvard University) to exploit a default configuration setting in the GovTrip eAuthentication module that allowed remote administration using the Internet.

GSA and NG are moving forward to ensure security safeguards and controls are implemented. Additionally, NG is expanding their monitoring capabilities to include additional network and host based intrusion monitoring technologies.

Until those systems are in place, however, Northrop Grumman will have its authority to operate the service on behalf of federal agencies revoked, the memo notes. The GSA said it anticipates restoring government access to govtrip.com on Monday, Feb. 23.

By Brian Krebs  |  February 18, 2009; 10:20 AM ET
Categories:  Fraud , Latest Warnings , Safety Tips , U.S. Government  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Verizon to Implement Spam Blocking Measures
Next: Attackers Exploiting Unpatched Flaw In Adobe Reader, Acrobat

Comments

Yeah, that outsourcing to defense contractors really works great, doesn't it? NOT.

Posted by: hairguy01 | February 18, 2009 10:40 AM | Report abuse

hairguy01,
Had any of this IT work been done in house by the Feds, the entire U.S. government would now be at the mercy of a group of teenagers in Novosibirsk.

Maybe it was a federal employee who introduced the virus in the first place.

Posted by: Wallenstein | February 18, 2009 11:00 AM | Report abuse

It is a hideous system that no one likes to use anyway so there are benefits to it being down. And yes it is still down.

Posted by: McCarthy911 | February 18, 2009 11:54 AM | Report abuse

To Whom It May Concern:

For Months I've been hearing how much people didn't like GovTrip.

Now today thats its officially down for all Agencies I hear how people miss it?

Once you learn the ins and Outs, Its not a bad system and a lot better then Fed Traveler.

Posted by: XGCX | February 18, 2009 12:16 PM | Report abuse

GovTrip is an amazing product. I depend on it. I CANNOT wait for it to be up and running again and yes I concur Fed Traveler is inadequate.

Posted by: lol1231 | February 18, 2009 3:03 PM | Report abuse

I'm a headquarters FATA for my agency and I think that GovTrip is a decent system. Granted, it has it's ups and downs, but the system itself is nothing terrible compared to the ridiculous approval process we have to go through to get meetings and conferences approved. It is probably easier for a person to escape their electrically charged jail cell than to get an MRP-13 approved in the time these people tell us we need to get them done. Case and point - We need a down to the letter set of SPECIFIC travel regulations that are set across the board and that DON'T change overnight once people are getting used to them.

Posted by: KevinEWilliams | February 18, 2009 3:10 PM | Report abuse

I don't like GovTrip, it's very unfriendly. The only reason I would miss it...is...it's the only way we can travel and be reimbursed for travel within the government!

Posted by: rasky | February 18, 2009 3:36 PM | Report abuse

GovTrip is just one of several applications that can be used for travel depending on agency. What about some of the others?

Posted by: traveler12 | February 18, 2009 5:24 PM | Report abuse

XGCX, the reason I miss it is because I can't get PAID for my travel until it is back up. I'm going to have to pay my government issued travel card with my own funds, WITHOUT interest, until the system is back up.

Government contractors always overpromise, underdeliver, and then pocket a huge profit because they can get away with it.

Posted by: orffteacher | February 19, 2009 8:37 AM | Report abuse

If the hackers are found, they should be awarded the Congressional Medal of Honor, and strongly encouraged to work their magic on the Defense Travel System (DTS), aka Deranged Travel System. I've tried three times this week to set up a trip, and just got a call from the travel agent that DTS has lost some of the reservation info. On my last trip, I was stuck in the Phoenix Airport for 6 hours because someone "forgot" to PAY FOR THE TICKET. Then, because I got home 30 minutes after midnight, DTS claimed that I had overstayed by a day and wanted to charge me leave. And I was traveling on a Sunday!! Yes, they wanted to charge me leave for a Sunday- and I wasn't paid to travel on Sunday in any case!

Posted by: 438-47960 | February 19, 2009 3:25 PM | Report abuse

@ the GSA's pr statement: 'I love the smell of PR in the morning!'

@ the variety of comments: there's a great disparity of opinion about Govtrip. As an outside observer, one couldn't draw any conclusion about quality of service. Is the disparity a result of underling attitudes on outsourcing? Any disinterested commentary available?

Posted by: featheredge9 | February 19, 2009 7:32 PM | Report abuse

The proof in the end for any of these sites, pr aside, is how in the end is how effectively they are going to be able to manage their digital security.

When I have questions about this I usually consult http://www.justaskgemalt.com. Pretty soon I'll know what is the best answer. It's not rocket science to know if a company or agency is effective in protecting their clients. You get the feeling.

Posted by: ThomasWhitney | February 25, 2009 11:31 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company