DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

EXCLUSIVE: GovTrip site shut down; DOT computers infected

Posted on February 17, 2009 by Dissent

Over on USA Today, Peter Eisler’s lead is about how more infiltrators are trying to plant malicious software they could use to control or steal sensitive data.  Here’s another incident this week that mainstream media doesn’t seem to know about.

Over on the FAA Follies blog, it’s been reported that the Cyber Security Management Center detected that certain users of the GovTrip site were being redirected to a site that was delivering malicious software to users, resulting in the compromise of certain computers within the Department of Transportation (DOT). The site was reportedly shut down on the 13th although it was back online by the time I checked it on the 15th. The notices, as posted on the blog read:

From: 9-NATL-Broadcast
To:
cc: bcc:
Date: Friday, February 13, 2009 7:20
Subject: GovTrip

Do NOT reply to this message.
This mailbox is only used for relaying Broadcast Messages and cannot accept incoming messages.
–
The GovTrip system has been shut down due to security reasons. Travelers who need assistance with reservations or have travel questions during this outage should contact the GovTrip helpdesk at 405-954-7900.

Travelers making reservations will need to have a Travel Authorization Number as well as their government travel card available when calling the helpdesk.

Questions on how to obtain a travel authorization number should be directed to your Operating Administration travel manager.

and:

9-AWA-Broadcast/AWA/FAA
02/13/2009 12:38 AM
To
cc
Subject Status of GovTrip access

Do NOT reply to this message
This mailbox is only used for relaying Broadcast Messages and cannot accept incoming messages.

To All,

The Cyber Security Management Center (CSMC) has reported that certain users have been redirected away from the GovTrip site to a site that is delivering malicious software to users, resulting in the compromise of certain computers within the DOT.

Therefore the GovTrip site has been temporarily blocked until the matter can be resolved.

We will keep you apprised of the status of GovTrip access. Travelers needing to book reservations during this outage will need to call their assigned TMC (i.e. American Express). The TMC will require an internally assigned TA number and government credit card information.

Travelers needing to book reservations using the CBA need to call the GovTrip Etravel Helpdesk for assistance. If you have questions please contact the GovTrip help desk at 405-954-7900.

When contacted about the breach, an employee of the DOT informed me that he had received the broadcast emails, but that’s all they he knew, and no one at Cyber Security Management Center has returned calls asking for more information about the breach.  Nor did anyone seem to know who would even collect information from all agencies that use GovTrip to determine how many agencies and how many computers might have been infected.

GovTrip serves a number of major U.S. departments and agencies, including power administrations, the Department of Energy, the Internal Revenue Service, and the Federal Energy Regulatory Commission.

So was this breach similar to what happened in the FISERV/CheckFree incident, or did something else happen?  How many computers from DOT and other  agencies were infected, and what types of potentially sensitive information may have been acquired?

While the travel plans of some government employees may or may not be of   value to hackers, access to the computers raises other possibilities that are more serious.   Despite emails and phone calls to a number of parties, and despite the supposed transparency of the new administrations, no answers have been provided.  Maybe one of my mainstream colleagues can find out.   Or maybe it’s just another small breach in what is an increasing number of attacks on our cybersecurity and we should all just yawn one more time and go on our merry way.

Category: Breach IncidentsGovernment SectorMalwareU.S.

Post navigation

← And yet even more p2p breaches
GA: Federal grand jury indicts Bulgarians on bank card skimming →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.