It was discovered that GovTrip.com, a website used by federal government employees for booking travel reservations was hacked and serving up malicious code through redirects.

The site is currently unavailable as they perform their forensic investigation and clean up the mess.

According to reports, “sometime” before February 11th, cybercriminals compromised the site and inserted redirect code that sent visitors to a website serving up malicious code. The site is used by such government agencies as: the US Environmental Protection Agency, departments of Agriculture, Energy, Health and Human Services, Interior, Transportation and Treasury.

The website is also used to reimburse employees for travel expenses so all sorts of information is stored there, however, it is not yet known what information was compromised during this breach. I personally don’t think the cybercriminals would have done both – insert redirect code and steal the data available. If the cybercriminals thought the data was valuable, they probably wouldn’t have risked inserting the redirect code as this could have, and did, alert others to the compromise.

The GovTrip.com website is managed by defense contractor Northrop Grumman.

The site had been blocked when the proper authorities were notified. Government agencies using the website were issuing warnings which could have only exacerbated the situation due to human curiosity. Frequently, when you tell a large number of people not to do something, you’re going to get a large percentage of those people to do exactly what they were told not to do.

Cybercriminals know this and use it all the time.