Uncle Sam's Travel Site Grounded By Breach 67
McGruber writes "Northrop Grumman's Govtrip.com website has been shut down following a security breach, according to a report by 'Security Fix' blogger Brian Krebs. Being a federal employee and frequent work traveler, I am (was?) a Govtrip user. My agency required me to use Govtrip to book all of my trips, including my airfare, car rentals, and hotel reservations, so Northrop Grumman's Govtrip databases contain my frequent flier numbers, Avis & Budget car rental numbers and frequent hotel guest (Choice Privileges, Marriott Rewards, Priority Club, etc.) numbers. Northrup-Grumman also stored all of my trip itineraries, including destinations, dates & modes of travel and the particular vendors (airline, hotel, rental car brand, etc.) used on a particular trip. Also stored on the website were my work travel credit-card (it has a $15,000 charge limit), personal checking account where my travel reimbursements were deposited, my home address, and emergency contacts ... just imagine what an accomplished social engineer can do with that combination of information!"
Re:Governments... (Score:4, Insightful)
Northrop-Grumman (i.e. the company who runs the site, the guys who fucked up) is private sector [google.ca].
Being in the private sector is not magic pixie dust that makes people smarter and systems more secure.
Re:Sadly (Score:3, Insightful)
If it let them snoop on who was traveling to their competitor's facilities during particularly hectic contracts, I'd say it would have made a difference.
Not that it's contracted out, but that it's contracted out to a large firm who already does a specific kind of business with the government. Contracting out to orbitz or american express for travel is one thing. Contracting to someone who has a corporate interest in knowing who visits Boing, is another.
CIA? (Score:3, Insightful)
I hope the CIA wasn't required to use it! :-)
Re:I used to work for Northrop... (Score:1, Insightful)
The key phrase is, "the real problem is the utter lack of customer oversight and accountability."
Face it, the Government is incompetent and/or lazy. Why, because nearly every government employee is incompetent and/or lazy. The only way to restore faith in Government is to establish term limits for elected officials (and appointees) and remove union protection from all civil servants.
Defense Contractor Web Services? (Score:2, Insightful)
Govtrip took a long time to become ready for prime-time and to this day isn't a model of the programming arts.
Wonder how much it costs...
A greater concern is "Electronic Questionnaires for Investigations Processing (e-QIP)". If you need a security clearance you go to the e-QIP site and put in your life history, friends, bank info, credit history, medical history, everything.
It's a identity thief's dream, absolutely everything needed for somebody else to become you. In fact someone with this kind of information would have a better claim to being you than YOU would.
But don't worry, it's hacker proof.