Travel Agency Website for Gov Workers Hacked

The Govtrip.com website, which is used by many government employees to make travel arrangements, has been compromised by hackers in order to distribute malware. At least two federal agencies have blocked access to the resource from their internal LANs.

Govtrip.com serves numerous government departments as a travel agency for their employees. The website is operated by a defense contractor called Northrop Grumman, under the supervision of the U.S. General Services Administration (GSA).

According to Brian Krebs of SecurityFix, beginning with February 11, users started reporting that the website was attempting to install malicious software onto their computers. “Govtrip.com also is used to reimburse workers via direct deposit, which means that many federal employees' checking account information is stored there as well,” Mr. Krebs notes.

The Federal Aviation Administration (FAA), which has also recently made the subject of a data breach incident, was one of the first agencies to issue a warning. It took the precaution of blocking access to the affected website, and instructed its employees on how to manually resolve the issue of their traveling needs.

Brian Krebs reports that the Department of Transportation has also informed its employees to stop accessing the website via an internal memo. “The Department has identified a security issue with the use of GovTrip. The GovTrip system has been blocked from inside the DOT network. Employees should not access GovTrip from any DOT/FHWA PC while at work and we strongly suggest employees refrain from any attempts to access GovTrip using a home system or government-issued laptop, as this could cause the PC to be infected with a virus that may not be detected by your anti-virus software,” the DOT e-mail reads.

The US-CERT has released a warning regarding the incident, and the IT staff has taken the site down for investigations. It remains unavailable at this time, however, as up to this point there has been no evidence that any personal information has been compromised. Both short-term and long-term measures are being considered in order to prevent similar security breaches from occurring in the future, GSA representatives say.

This is not the first time that an official website has been used to distribute malware. Social networking features on the website of President Barack Obama have also been abused in a similar manner. Malware distributors are interested in capitalizing on the trust that people generally place in governmental or popular websites. Not long ago we reported that open redirection scripts from sites like Microsoft.com, IRS.gov, countless media outlets, magazines and universities have been commandeered in order to poison search results with malicious links.