Slashdot Mirror

← Back to Stories (view on slashdot.org)

Uncle Sam's Travel Site Grounded By Breach

Posted by timothy on from the bailout-is-in-order dept.

McGruber writes "Northrop Grumman's Govtrip.com website has been shut down following a security breach, according to a report by 'Security Fix' blogger Brian Krebs. Being a federal employee and frequent work traveler, I am (was?) a Govtrip user. My agency required me to use Govtrip to book all of my trips, including my airfare, car rentals, and hotel reservations, so Northrop Grumman's Govtrip databases contain my frequent flier numbers, Avis & Budget car rental numbers and frequent hotel guest (Choice Privileges, Marriott Rewards, Priority Club, etc.) numbers. Northrup-Grumman also stored all of my trip itineraries, including destinations, dates & modes of travel and the particular vendors (airline, hotel, rental car brand, etc.) used on a particular trip. Also stored on the website were my work travel credit-card (it has a $15,000 charge limit), personal checking account where my travel reimbursements were deposited, my home address, and emergency contacts ... just imagine what an accomplished social engineer can do with that combination of information!"

5 of 67 comments (clear)

  1. Accounts need 2 access no's: In & Out #'s by ivi · · Score: 4, Interesting

    If having another's check book account number means that one can withdraw from it, here's an easy fix:

    Each account gets (at least) 2 numbers:

    1. to deposit INTO it,
    2. another to write cheques to get $$$ OUT of it, &
    3. maybe a 3rd to let vendors & banks (with a cheque in-hand) to check that the balance covers the cheque.

    It would - with that structure - not matter that this web site's security is breached (at least for -that- particular account).

  2. bad summary by socsoc · · Score: 4, Informative

    The first line of the summary doesn't even match TFA. A few agencies, FAA & DoT are mentioned explicitly, started blocking the website on their networks to prevent the download of malware/viruses.

    TFA specifically says that user information was not compromised, the submitter's car reservation confirmation number from last month is safe. The site was not shut down and loads fine for me.

    What I don't get is the reasoning behind hosting 3 servers containing information on US government employees in Taiwan, what the hell?

  3. Spelling??? by LiQiuD · · Score: 4, Funny

    Can we at least spell Nothrop Grumman correctly?

  4. Re:Governments... by Curunir_wolf · · Score: 4, Interesting

    They are also the company that is basically taking over all of the IT functions for the Commonwealth of Virginia. It's working about as smoothly as you would expect.

    I'm sure once all the agencies have turned over all their equipment, applications, and network services to Northrop-Grumman to be run from their new high-efficiency data center, that It service will improve, security will be rock-solid, and costs will drop like a stone.

    --
    "Somebody has to do something. It's just incredibly pathetic it has to be us."
    --- Jerry Garcia
  5. Hype by emance · · Score: 4, Informative

    The Website was not disabled. Rather, the web-based compromise began redirecting users to malicious websites.

    It is interesting to read that the 'compromise' was achieved through eAuthentication, a ubiquitous federal application serving multiple agencies.

    It seems like the attack could have been more harmful than this apparently relative ineffectual inconvenience.