Hackers Engaged Federal Travel Booking Site to Circulate Malware

A travel reservation site, GovTrip.com, which is used by many federal agencies, was found compromised in the second week of February 2009. The hacked site forwarded the visitors to a malicious web site.

Robert Lesino, Spokeman at General Services Administration (GSA), confirmed the hack of GovTrip site on February 18, 2009, as reported by ComputerWorld on February 18, 2009. According to Lesino, the incident was immediately detected.

GSA stated that few days before February 11, 2009, hackers breached the site, directing a malicious code to the PCs of the visitors who visited the web site.

It becomes even more clear from an e-mail sent to the workers of the US Environmental Protection Agency (EPA) informing them that a security problem has been identified by the Department while using GovTrip site. Thus, the employees should avoid accessing GovTrip from any computer in the office. In fact, they were recommended that not to access the hacked site via a home PC or any laptop issued by the government as this may infect the PC with a virus which may even trick the anti-virus software.

As of mid-day of February 18, 2009, GovTrip was reported offline. While still nothing could be said about the kind of malware that infected GovTrip site, the administrators of the site are apparently struggling to keep it online. Though, it is believed that none of the user's details have been compromised by the hack.

Lesino told that the US Computer Emergency Response Team (US-CERT) had been informed about the incident. However, US-CERT is not revealing the details of the hacking reports it had received from the federal agencies.

The security experts are asserting the GovTrip's malware spreading incident as unique since it is an official site of the US General Services Administration and is exclusively used by various US federal departments for booking travel arrangements, which include departments of Energy, Agriculture, and Treasury.

This is not the first incident related to the breach of a government site or server. Earlier, in the second week of February 2009, Federal Aviation Administration realized that their network had been hacked by the hackers.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 2/26/2009