Has the Transportation Security Administration’s website been hacked? All indications are yes, and that a malicious phishing attack has been launched against travelers who have or think they have been delayed because they are on a watchlist or have a name similar to a person on the watchlist.

A new link on the TSA’s Our Travelers page directs people who “were told you are on a Federal Government Watch List” to click on a link taking them to this site, which, by all accounts, fits the profile of an attempt to harvest personal information and identity document details.

(UPDATE: The site has been changed and now redirects to https://trip.dhs.gov/index.html.  However, the janky spelling, incorrect information and the possibly illegal collection of information without an OMB control number can still be found on the website as of 12:30 pm PST.  TSA has still not responded to my call for comment.

1:05 PST — TSA employee Christopher White called to say “We are aware there was an issue and replaced the site. The issue has been fully addressed. We take IT responsibilities seriously.  There never a vulnerability; just a small glitch.” That’s not quite accurate, as the non-SSL encrypted form submission was a vulnerability, but I take it to mean the site wasn’t hacked by phishers.  White did not have an answer as to why there is no OMB number for the information collection, saying he was concerned at the moment with the site’s security.)

Let us count the 15 ways this site looks dangerous:

1 – The site looks like a TSA webpage but is actually a subdomain (rms.desyne.com) of a Virginia-based web design company spelled Desyne that lists a P.O. Box for an address on its main domain page.

2 – The site is ostensibly the new contact page for the Rice-Chertoff Initiative (RCI) Department of Homeland Security Traveler Redress Inquiry Program (DHS TRIP), which was “developed as a voluntary program by DHS to provide a one-stop mechanism for individuals to request redress who believe they have been:

(1) Denied or delayed boarding; (2) denied or delayed entry into or departure from the United States at a port of entry; or (3) identified for additional (secondary) screening at our Nation’s transportation.”That initiative, which took more than a year to develop, was announced on January 6, 2007 and the public comment period on the data collection ends on March 6. Miraculously, the site is already live.

3 – The online form has no OMB control number, which is required of every federal form requesting personal information.

4 – The website issues itself its own SSL certificate, so there is no trusted agency that verifies that this page belongs to the web design company, let alone TSA

5 – While the first link on the submit information page goes to an SSL page (encrypted communication with the server), the bolded link reading file your application online in the center of the page sends the user to the exact same form but unencrypted. A simple .htaccess redirect would solve this. The other 10.

OSA Editorial Comments:

This goes back to my main issue of online security and the threat of the online terrorists, if we can’t catch them and punish for there crimes, how do we even stand a chance against the rest the cyber-crime world!

We need to start making the cyber criminals, cyber terrorists pay with real punishment or real jail time! And we need to begin to say: “enough is enough” or scream out from the rooftops that
“Were not going to Take IT Anymore!!” 

We as an Internet family have to band together and force politicians, the Federal Government, and International leaders to make changes in how we treat terrorists and especially Cyber Criminals.

Your Online Security Authority
Bill Wardell

Written by: OSAblogger / Bill Wardell - Please Read Our Latest OSA eZine Edition

Other Places You Can Find Me…

Digg - LinkedIn - OSA Community - Facebook - StumbleUpon - MyBlogLog

If you're a concerned parent, you may want to subscribe to the: OSA~RSS while your here, please JOIN our: OSA Forum... also Follow Me On Twitter Thanks for visiting!

OSA Related Posts

• Online Security: Protecting Your Content Security on the Internet means more than just protecting your personal computer from online predators and viruses. If you own a domain or have a website you may need to protect your online reputation as well as your content. The web pages you see when you browse the Internet with......
• Why Are We As People So Trusting? I was reading an article on the Keeping Our Children Safe website and they related part of the story “A Street Car Named Desire” and compared it to how we depend on the kindness of strangers, even in today’s online cyber world. Decades ago, our parents and grandparents warned us......
• Online Security Authority website is trusted by the WOT community! About Web of Trust WOT lets people like you share your experiences on the Web with others. Ratings from our worldwide community combined with information from trusted sources provide Internet users with up-to-date information on millions of websites. Seventy percent of shoppers abandon their online orders because they lack trust.......
• Looking Out For Your Children With Online Security Privacy Tips We may think we're playing it safe by having our kids at home on the computer where we can see them, but the dangers in cyberspace would shock you. To prevent a tragedy from happening, you must provide your kids with accurate safety information when using the computer. A good......
• Identity Theft Doesn’t Just Happen To Other People Here’s another interesting fact: most thieves still obtain our information the old-fashioned way, so keep an eye on your wallet and take cautionary measures with your snail (i.e., paper) mail. Remember it’s actually tougher offline without the spyware programs and password/security question protections we’ve come to expect on the web.......

OSA Related Websites

• Save Time, Money and Space in Over 80 Ways If you're looking for handy gadgets, tools and various items that can save you time, money or space (or all three!) this list of more than 80 top products is just what you need. Everyone's got saving money on their minds these days. Some of us are always looking to......
• Privacy Policy Our Commitment To Your Privacy Your privacy is important to us. To better protect your privacy we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make it......
• How to Get Lots of Free Targeted Website Traffic How to Get Lots of Free Targeted Website Traffic By Dean Caporella The question of how to get free targeted website traffic starts with having a plan of attack and then being consistent when you implement it. Too many online marketers, especially inexperienced ones are fed the solution in pieces......
• Do You Need a Blog Sitemap? If you have a blog, you may be wondering if you need to have a blog sitemap. What is a blog sitemap and what does having a blog sitemap mean for your website? A blog sitemap is a collection of links outlining the structure of your entire website. These links......
• Search Engine Optimization Guide for Webmasters [senior Hs Paper] Introduction Search Engines have developed into the Internet's most popular and powerful source of information, accounting for an estimated 80% of the Internet's traffic (Heche, 2007, p. 1). As a result, website owners are realizing the power in such devises and are shifting marketing budgets into the optimization of their......