First it was the FAA. Now news comes of another government Web site being hacked.
A GSA spokesman confirmed today that GovTrip.com, a travel reservations site used by federal agencies was hacked last week. Visitors to the site were redirected to another site that delivered malicious code to their computers. GSA says the incident was quickly identified, access to the site was blocked and no employees information was compromised. GSA spokesman Bob Lesino said the agency is working to prevent recurrences and provided the official statement below:
"February 11, 2009, some users of GovTrip.com when logging on to the site were redirected to a site that delivered malicious software to their computers. No personal data was known to be compromised. The incident was quickly identified and a US CERT (US Computer Emergency Readiness Team) alert was issued. GSA, the vendor, and customer agency IT specialists are moving swiftly to identify short-term and long-term measures to find the source of the incident and to prevent such an incident from recurring."
While the attack and potential compromising of employees personal and financial information is troubling enough, perhaps more so is the complete lack of information released on this subject. Employees at the Transportation Department and the Environmental Protection Agency have reported receiving e-mails telling them to steer clear of GovTrip, but not a word out of the federal government on the extent of the attack or the nature of the malware that was downloaded. A bit disappointing given the Obama administration's promises of transparency.
GSA chief information officer Casey Coleman declined to comment, saying the event is still being analyzed. Northrup Grumman did not respond to a request for a comment either. The site remained offline at the time of this posting.
COMMENTS
The GSA statement claims a US Cert alert was issued. To who? I receive their email bulletins and never saw any mention or warning about the Govtrip site. Even now, on the US Cert web page, under current alerts for government there is no mention of it: (see below)
The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Last reviewed: February 23, 2009 17:03:33 EST
February 23 New Variant of Conficker/Downadup Worm Circulating
February 20 Adobe Releases Security Bulletin for Critical Vulnerability
February 17 Active Exploitation of Microsoft Internet Explorer 7 Vulnerability
February 17 Apple Releases Security Updates
February 10 BlackBerry Security Advisory
February 10 Microsoft Releases February Security Bulletin Summary
February 9 HP Releases Security Bulletin to Address a Vulnerability in Multiple Printers
February 6 IRS Stimulus Package Phishing Scam
February 6 HP Releases Security Bulletin for HP OpenView Network Node Manager
February 5 Microsoft Releases Advanced Notification for February Security Bulletin
Sgt Schlitz 02/23/09 06:02 pm ET
Blaming Obama for lack of transparency on this matter? Are you kidding? I think it comes down to problem with US-CERT and what they consider to be sensitive information. Of course, a push from the Administration to open up would certainly hasten that effort. Mind you, these procedures and programs are new and it will take time, at a governmental pace, to get kinks ironed out and to figure out what type of information needs to get funneled to who and in what fashion.
harls 02/22/09 03:32 pm ET
I had posted similar sentiments on the 17th after spending a few days getting nowhere trying to get a meaningful response from anyone: http://www.databreaches.net/?p=1545
After I published, they sent me the same short statement they sent everyone else.
What the mainstream stories don't seem to know is that the site was online on the 15th. It's not like they took it down after they sent out the notices and it stayed down. It was online on the few days that I checked it before publishing on the 17th, which raises additional questions.
Dissent 02/19/09 03:44 pm ET