Has the Transportation Security Administration’s website been hacked? All indications are yes, and that a malicious phishing attack has been launched against travelers who have or think they have been delayed because they are on a watchlist or have a name similar to a person on the watchlist.

A new link on the TSA’s Our Travelers page directs people who “were told you are on a Federal Government Watch List” to click on a link taking them to this site, which, by all accounts, fits the profile of an attempt to harvest personal information and identity document details.

(UPDATE: The site has been changed and now redirects to https://trip.dhs.gov/index.html.  However, the janky spelling, incorrect information and the possibly illegal collection of information without an OMB control number can still be found on the website as of 12:30 pm PST.  TSA has still not responded to my call for comment.

1:05 PST — TSA employee Christopher White called to say “We are aware there was an issue and replaced the site. The issue has been fully addressed. We take IT responsibilities seriously.  There never a vulnerability; just a small glitch.” That’s not quite accurate, as the non-SSL encrypted form submission was a vulnerability, but I take it to mean the site wasn’t hacked by phishers.  White did not have an answer as to why there is no OMB number for the information collection, saying he was concerned at the moment with the site’s security.)

Let us count the 15 ways this site looks dangerous:

1 - The site looks like a TSA webpage but is actually a subdomain (rms.desyne.com) of a Virginia-based web design company spelled Desyne that lists a P.O. Box for an address on its main domain page.

2 - The site is ostensibly the new contact page for the Rice-Chertoff Initiative (RCI) Department of Homeland Security Traveler Redress Inquiry Program (DHS TRIP), which was “developed as a voluntary program by DHS to provide a one-stop mechanism for individuals to request redress who believe they have been:

(1) Denied or delayed boarding; (2) denied or delayed entry into or departure from the United States at a port of entry; or (3) identified for additional (secondary) screening at our Nation’s transportation.”That initiative, which took more than a year to develop, was announced on January 6, 2007 and the public comment period on the data collection ends on March 6. Miraculously, the site is already live.

3 - The online form has no OMB control number, which is required of every federal form requesting personal information.

4 - The website issues itself its own SSL certificate, so there is no trusted agency that verifies that this page belongs to the web design company, let alone TSA

5 - While the first link on the submit information page goes to an SSL page (encrypted communication with the server), the bolded link reading file your application online in the center of the page sends the user to the exact same form but unencrypted. A simple .htaccess redirect would solve this. The other 10.

OSA Editorial Comments:

This goes back to my main issue of online security and the threat of the online terrorists, if we can’t catch them and punish for there crimes, how do we even stand a chance against the rest the cyber-crime world!

We need to start making the cyber criminals, cyber terrorists pay with real punishment or real jail time! And we need to begin to say: “enough is enough” or scream out from the rooftops that
“Were not going to Take IT Anymore!!” 

We as an Internet family have to band together and force politicians, the Federal Government, and International leaders to make changes in how we treat terrorists and especially Cyber Criminals.

Your Online Security Authority
Bill Wardell

Popularity: 6% [?]

If you're a concerned parent, you may want to subscribe to the: OSA~RSS Thanks for visiting! and make sure to sign our OSA Guestbook...

If you enjoyed this post, make sure you subscribe to my RSS feed!