Uncle Sam's Travel Site Grounded By Breach

McGruber writes "Northrop Grumman's Govtrip.com website has been shut down following a security breach, according to a report by 'Security Fix' blogger Brian Krebs. Being a federal employee and frequent work traveler, I am (was?) a Govtrip user. My agency required me to use Govtrip to book all of my trips, including my airfare, car rentals, and hotel reservations, so Northrop Grumman's Govtrip databases contain my frequent flier numbers, Avis & Budget car rental numbers and frequent hotel guest (Choice Privileges, Marriott Rewards, Priority Club, etc.) numbers. Northrup-Grumman also stored all of my trip itineraries, including destinations, dates & modes of travel and the particular vendors (airline, hotel, rental car brand, etc.) used on a particular trip. Also stored on the website were my work travel credit-card (it has a $15,000 charge limit), personal checking account where my travel reimbursements were deposited, my home address, and emergency contacts ... just imagine what an accomplished social engineer can do with that combination of information!"

bad summary

[socsoc]

The first line of the summary doesn't even match TFA. A few agencies, FAA & DoT are mentioned explicitly, started blocking the website on their networks to prevent the download of malware/viruses.

TFA specifically says that user information was not compromised, the submitter's car reservation confirmation number from last month is safe. The site was not shut down and loads fine for me.

What I don't get is the reasoning behind hosting 3 servers containing information on US government employees in Taiwan, what the hell?

Re:Sadly

[cypherwise]

Contractors basically bid on any contract they can. Then hire the expertise needed to complete that contract during/after the bidding. Many of the big name contractors do A LOT more than their traditional public image leads many to believe.
Also, would it have really made a difference if the website was .gov or .com? The government, in general, doesn't have the desire to produce and maintain a site like that in-house.

Re:bad summary

[sunking2]

I believe what they meant was that those were where the remote hosts that hacked the site were. Along with one from Harvard. But still, the summary is so full of paranoia and hype its almost sickening. This seems to be nothing more than a front page being changed to redirect to a new destination. Hardly anything to get your panties in a twist.

Re:Sadly

[Hognoxious]

The government, in general, doesn't have the ability to select a competent contractor to produce and maintain a site like that in-house.

Fixed now.

Re:what?

[codepunk]

Let me enlighten you here mr security expert. Once you hit that submit button on your shopping cart at joe's online store, you have no idea what just happened with that information. I don't care if you
put in your cc number a thousand times it does not in any way mean that the other end is not storing the information. In fact for all you know it sends a email to someone that processes the order, however
mr hacker already owns that server and grabs everything running through the mail spool. Or has just modified the code to send himself a copy of your information as well.

Hype

[emance]

The Website [govtrip.com] was not disabled. Rather, the web-based compromise began redirecting users to malicious websites.

It is interesting to read that the 'compromise' was achieved through eAuthentication [gsa.gov], a ubiquitous federal application serving multiple agencies.

It seems like the attack could have been more harmful than this apparently relative ineffectual inconvenience.

Re:Accounts need 2 access no's: In & Out #'s

[Anonymous Coward]

yeah, you have it backwards. He used the checking acct for REIMBURSEMENTS. under ivi (126837)'s system, they would not be able to do anything with that number except give him more money, because the number would be used solely for deposits