EXCLUSIVE: GovTrip site shut down; DOT computers infected

Over on USA Today, Peter Eisler’s lead is about how more infiltrators are trying to plant malicious software they could use to control or steal sensitive data.  Here’s another incident this week that mainstream media doesn’t seem to know about.

Over on the FAA Follies blog, it’s been reported that the Cyber Security Management Center detected that certain users of the GovTrip site were being redirected to a site that was delivering malicious software to users, resulting in the compromise of certain computers within the Department of Transportation (DOT). The site was reportedly shut down on the 13th although it was back online by the time I checked it on the 15th. The notices, as posted on the blog read:

From: 9-NATL-Broadcast
To:
cc: bcc:
Date: Friday, February 13, 2009 7:20
Subject: GovTrip

Do NOT reply to this message.
This mailbox is only used for relaying Broadcast Messages and cannot accept incoming messages.

The GovTrip system has been shut down due to security reasons. Travelers who need assistance with reservations or have travel questions during this outage should contact the GovTrip helpdesk at 405-954-7900.

Travelers making reservations will need to have a Travel Authorization Number as well as their government travel card available when calling the helpdesk.

Questions on how to obtain a travel authorization number should be directed to your Operating Administration travel manager.

and:

9-AWA-Broadcast/AWA/FAA
02/13/2009 12:38 AM
To
cc
Subject Status of GovTrip access

Do NOT reply to this message
This mailbox is only used for relaying Broadcast Messages and cannot accept incoming messages.

To All,

The Cyber Security Management Center (CSMC) has reported that certain users have been redirected away from the GovTrip site to a site that is delivering malicious software to users, resulting in the compromise of certain computers within the DOT.

Therefore the GovTrip site has been temporarily blocked until the matter can be resolved.

We will keep you apprised of the status of GovTrip access. Travelers needing to book reservations during this outage will need to call their assigned TMC (i.e. American Express). The TMC will require an internally assigned TA number and government credit card information.

Travelers needing to book reservations using the CBA need to call the GovTrip Etravel Helpdesk for assistance. If you have questions please contact the GovTrip help desk at 405-954-7900.

When contacted about the breach, an employee of the DOT informed me that he had received the broadcast emails, but that’s all they he knew, and no one at Cyber Security Management Center has returned calls asking for more information about the breach.  Nor did anyone seem to know who would even collect information from all agencies that use GovTrip to determine how many agencies and how many computers might have been infected.

GovTrip serves a number of major U.S. departments and agencies, including power administrations, the Department of Energy, the Internal Revenue Service, and the Federal Energy Regulatory Commission.

So was this breach similar to what happened in the FISERV/CheckFree incident, or did something else happen?  How many computers from DOT and other  agencies were infected, and what types of potentially sensitive information may have been acquired?

While the travel plans of some government employees may or may not be of   value to hackers, access to the computers raises other possibilities that are more serious.   Despite emails and phone calls to a number of parties, and despite the supposed transparency of the new administrations, no answers have been provided.  Maybe one of my mainstream colleagues can find out.   Or maybe it’s just another small breach in what is an increasing number of attacks on our cybersecurity and we should all just yawn one more time and go on our merry way.

About the author: Dissent

Comments are closed.