OPM Spends $133 Million on Credit Monitoring, Still No Credit Freeze

Posted: 12:34 am PDT

 

On September 1, OPM announced the $133M contract for identity thief protection and credit monitoring services for the 21.5 million individuals affected by the massive OPM breach that includes security clearance data. Our go-to expert on this says that “perhaps the agency should be offering the option to pay for the cost that victims may incur in “freezing” their credit files, a much more effective way of preventing identity theft.” Excerpt from Krebs on Security:

The only step that will reliably block identity thieves from accessing your credit file — and therefore applying for new loans, credit cards and otherwise ruining your good name — is freezing your credit file with the major credit bureaus. This freeze process — described in detail in the primer, How I Learned to Stop Worrying and Embrace the Security Freeze — can be done online or over the phone. Each bureau will give the consumer a unique personal identification number (PIN) that the consumer will need to provide in the event that he needs to apply for new credit in the future.

Here is part of the OPM announcement:

The U.S. Office of Personnel Management (OPM) and the U.S. Department of Defense (DoD) today announced the award of a $133,263,550 contract to Identity Theft Guard Solutions LLC, doing business as ID Experts, for identity theft protection services for 21.5 million individuals whose personal information was stolen in one of the largest cybercrimes ever carried out against the United States Government. These services will be provided at no cost to the victims whose sensitive information, including Social Security numbers, were compromised in the cyber incident involving background investigations.

“We remain fully committed to assisting the victims of these serious cybercrimes and to taking every step possible to prevent the theft of sensitive data in the future,” said Beth Cobert, Acting Director of the Office of Personnel Management. “Millions of individuals, through no fault of their own, had their personal information stolen and we’re committed to standing by them, supporting them, and protecting them against further victimization. And as someone whose own information was stolen, I completely understand the concern and frustration people are feeling.”

ID Experts will provide all impacted individuals and their dependent minor children (under the age of 18 as of July 1, 2015) with credit monitoring, identity monitoring, identity theft insurance, and identity restoration services for a period of three years. This task order was awarded under GSA’s Blanket Purchase Agreements (BPA) for Identity Monitoring, Data Breach Response and Protection Services which GSA awarded today.

The U.S. Government, through the Department of Defense, will notify those impacted beginning later this month and continue over the next several weeks. Notifications will be sent directly to impacted individuals.

 .

.

.

.

.

Heard that? Crickets.

#

Asset Freeze Against Former Monk Accused of Defrauding Chinese Investors Highlights EB-5 Visa Program

Posted: 12:38 am EDT

 

Via Securities and Exchange Commission:

Washington D.C., Aug. 25, 2015 —The Securities and Exchange Commission today announced an asset freeze obtained against a man in Bellevue, Wash., accused of defrauding Chinese investors seeking U.S. residency through the EB-5 Immigrant Investor Pilot Program by investing in his companies.

The SEC alleges that Lobsang Dargey and his “Path America” companies have raised at least $125 million for two real estate projects: a skyscraper in downtown Seattle and a mixed-use commercial and residential development containing a farmers’ market in Everett, Wash.  But Dargey diverted $14 million for unrelated real estate projects and $3 million for personal use including the purchase of his $2.5 million home and cash withdrawals at casinos.

“We allege that Dargey promised investors their money would be used to develop specific real estate projects approved under the EB-5 program, but he misused millions of dollars to enrich himself and jeopardized investors’ prospects for U.S. residency,” said Jina L. Choi, Director of the SEC’s San Francisco Regional Office.

According to the SEC’s complaint filed yesterday in U.S. District Court for the Western District of Washington:

  • Under the EB-5 program, foreign citizens may qualify for U.S. residency if they make a qualified investment of at least $500,000 in a specified project that creates or preserves at least 10 jobs for U.S. workers.
  • Dargey and his companies obtained investments from 250 Chinese investors under the auspices of the EB-5 program.  Path America SnoCo and Path America KingCo operated as regional centers through which EB-5 investments could be made.
  • Dargey told U.S. Citizenship and Immigration Services (USCIS) and EB-5 investors that he would use investor money only for the Seattle skyscraper and Everett, Wash., projects.
  • Dargey and his companies misled investors about their ability to obtain permanent residency by investing in the Path America projects.  For example, Dargey knew that USCIS can deny investors’ residency applications if investor money is used for a project that materially departs from the approved business plan presented to USCIS.  Dargey failed to tell investors that he and his companies had departed from the business plan by using investor money for personal expenses and unrelated projects.

Late yesterday, the court granted the SEC’s request for an asset freeze and issued an order restraining Dargey and his companies from soliciting additional investors.  The SEC also was granted an order expediting discovery, prohibiting the destruction of documents, and requiring Dargey to repatriate funds he transferred to overseas bank accounts.

The SEC’s investigation was conducted by Brent Smyth and Michael Foley of the San Francisco office and supervised by Steven Buchholz.  The SEC’s litigation will be led by Mr. Smyth and Susan LaMarca.  The SEC appreciates the assistance of the USCIS.

According to the Seattle Times, citing a civil fraud suit filed Monday by the Securities and Exchange Commission (SEC), Dargey, a former monk, allegedly diverted millions to spend on a $2.5 million home, other real-estate investments and gambling at 14 casinos across the West. The report notes that the EB-5 visa program allows wealthy foreigners to invest at least $500,000 in a commercial enterprise that creates at least 10 full-time jobs, in exchange for a permanent-residency visa or green card. China dominates the list of countries from which immigrant investors hail.

Department of Homeland Security’s USCIS administers the Immigrant Investor Program, also known as “EB-5,” created by Congress in 1990 to stimulate the U.S. economy through job creation and capital investment by foreign investors. Under a pilot immigration program first enacted in 1992 and regularly reauthorized since, certain EB-5 visas also are set aside for investors in Regional Centers designated by USCIS based on proposals for promoting economic growth. As of August 3, 2015, USCIS had approved approximately 697 regional centers. Regional centers can operate in multiple states.

In its adjudication policy memorandum dated May 30, 2013, USCIS writes on how adjudication of EB-5 petitions and applications must only adhere to the “Preponderance of the Evidence Standard“:

As a preliminary matter, it is critical that our adjudication of EB-5 petitions and applications adhere to the correct standard of proof. In the EB-5 program, the petitioner or applicant must establish each element by a preponderance of the evidence. See Matter of Chawathe, 25 I&N Dec. 369, 375-376 (AAO 2010). That means that the petitioner or applicant must show that what he or she claims is more likely so than not so. This is a lower standard of proof than both the standard of “clear and convincing,” and the standard “beyond a reasonable doubt” that typically applies to criminal cases. The petitioner or applicant does not need to remove all doubt from our adjudication. Even if an adjudicator has some doubt as to the truth, if the petitioner or applicant submits relevant, probative, and credible evidence that leads to the conclusion that the claim is “more likely than not” or “probably true”, the petitioner or applicant has satisfied the standard of proof.

#

Related posts:

 

Related items:

The Iran Hostages: Long History of Efforts to Obtain Compensation

Posted: 12:22  pm EDT

 

We’ve previously blogged about the Iran hostages here (see Supremes Say No to Appeal from US Embassy Iran HostagesJanuary 20, 1981: The Iran Hostages – 30 Years LaterNovember 4, 1979: Iranian Mob Attacks US Embassy Tehran; Hostages Compensated $50/Day).  The following CRS report dated July 30, 2015  outlines the history of various efforts, including legislative efforts and court cases, and describes one bill currently before Congress, the Justice for Former American Hostages in Iran Act of 2015 (S. 868) on the bid to compensate the hostages.

Excerpted from CRS report via Secrecy News:

Even today, after the passage of more than three decades, the 1979-1981 Iran Hostage Crisis remains an event familiar to most Americans. Many might be unaware that the 52 American mostly military and diplomatic personnel held hostage in Tehran for 444 days or their survivors continue to strive for significant compensation for their ordeal. The former hostages and their families did receive a number of benefits under various civil service laws, and each hostage received from the U.S. government a cash payment of $50 for each day held hostage. The hostages have never received any compensation from Iran through court actions, all efforts having failed due to foreign sovereign immunity and an executive agreement known as the Algiers Accords, which bars such lawsuits. Congress took action to abrogate Iran’s sovereign immunity in the case, but never successfully abrogated the executive agreement, leaving the plaintiffs with jurisdiction to pursue their case but without a judicial cause of action.

Having lost their bids in the courts to obtain recompense, the former hostages have turned to Congress for relief.
[…]
The Justice for Former American Hostages in Iran Act of 2015, S. 868, a bill similar to S. 559 (113th Cong.), was introduced in the Senate at the end of March and referred to the Committee on Foreign Relations. Like its predecessor bill, S. 868 would establish the American Hostages in Iran Compensation Fund in the U.S. Treasury to be funded through a 30% surcharge on penalties, fines, and settlements collected from violators of U.S. sanctions prohibiting economic activity with Iran. The 2015 bill, however, would permit payments from the fund to be administered by the plaintiffs’ representative and principal agent in Roeder I, under the supervision of the Secretary of the Treasury. The surcharge would apply to sanctions administered by Department of State, the Department of the Treasury, the Department of Justice, the Department of Commerce, or the Department of Energy. Surcharges would be required to be paid to the Secretary of the Treasury without regard to whether the fine or penalty is paid directly to the federal agency that imposed it or it is deemed satisfied by a payment to another federal agency.

The purpose of the fund would be to make payments to the former hostages and their family members who are members of the proposed class in Roeder I, as well as to settle their claims against Iran. The proposed class in Roeder I appears to consist of “Representatives, administrators and/or executors of the estates of all diplomatic and military personnel and the civilian support staff who were working at the United States Embassy in Iran during November 1979 and were seized from the United States Embassy grounds, or the Iranian Foreign ministry, and held hostage from 1979 to 1981.”

Accordingly, it is unclear whether all spouses and children of the former hostages qualify for payments from the fund.

Payments would be made in the following amounts and according to this order of priority:

(A) To each living former hostage identified as a member of the proposed class described in subsection (a)(1), $10,000 for each day of captivity of the former hostage [$4.44 million per former hostage].

(B) To the estate of each deceased former hostage identified as a member of the proposed class described in subsection (a)(1), $10,000 for each day of captivity of the former hostage [$4.44 million per estate of a former hostage].

(C) To each spouse and child of a former hostage identified as a member of the proposed class described in subsection (a)(1) if the spouse or child is identified as a member of that proposed class, $5,000 for each day of captivity of the former hostage [$2.22 million per qualifying spouse or child of a former hostage].

The bill would not appear to provide compensation for former hostages who were released from captivity prior to 1981.

Under the bill, once a class member consents and receives payments from the fund, the recipient would be barred from bringing a lawsuit against Iran related to the hostage crisis. Once all payments are distributed according to the above plan, all such claims against Iran would be deemed waived and released.

Read in ful here: CRS R43210: The Iran Hostages: Efforts to Obtain Compensation.

#

What Information Is Collected on OPM’s Background Investigation Forms?

Posted: 2:44  am EDT


Via
CRS Insight

The information collected will depend on the applicant’s position and the type of background investigation required. OPM uses three standard forms for background investigations: SF-85, SF-85P, or SF-86 form. The forms are typically submitted electronically using OPM’s Electronic Questionnaires for Investigations Processing (e-QIP) system. OPM had suspended use of e-QIP “for security enhancements,” but re-enabled the system on July 23, 2015.

Data Collected for Non-Sensitive Positions

The eight-page SF-85 is required for applicants to non-sensitive positions (e.g., positions that do not require a security clearance) who require physical access to government facilities and who are in positions with a “low risk” to cause damage to the federal government or national security. The responsibilities of these positions are limited and there is little opportunity to use such positions for personal gain. For this reason, the information collected is relatively limited in scope and includes

  • full name, aliases, and SSN;
  • citizenship information;
  • employment information and addresses for the past five years; and
  • information on use or possession of illegal drugs (including marijuana) in the previous year.

Data Collected for “Positions of Public Trust”

The 11-page SF-85P is required for applicants in “Positions of Public Trust,” (i.e., positions that do not involve access to classified information, but that demand a “significant degree of public trust” due to the level of policymaking or other responsibilities). These positions may involve a “significant risk for causing damage [to the federal government] or realizing personal gain.” In addition to the information listed above, the SF-85P requires

  • identifying information (e.g., height, weight, eye and hair color);
  • military service information;
  • employment information and addresses for the past seven years; schools, if any, attended during the past seven years;
  • name, address, and telephone number of three personal references and immediate family members;
  • criminal arrests and/or convictions for the past seven years (excluding incidents prior to the applicant’s 16th birthday or traffic fines under $150);
  • financial information, including bankruptcies during the past seven years and any delinquent financial obligations;
  • foreign travel during the past seven years; and
  • information on use or possession of illegal drugs (including marijuana) in the previous year and any illegal purchase, sale, or transport of drugs in the previous seven years.

Data Collected for Security Clearances and Other National Security Positions

The 127-page SF-86 form is required for applicants to national security sensitive positions, which includes (but is not limited to) positions that require a security clearance. In addition to the information listed above, the SF-86 requires

  • employment information and home addresses for the past 10 years;
  • schools attended for the past 10 years, including a reference at each school attended;
  • personal information (including SSN) for current spouse or cohabitant;
  • foreign contacts, travels, and/or activities;
  • associations with individuals or groups dedicated to terrorism or the violent overthrow of the U.S. government;
  • details on applicant’s “psychological and emotional health,” including, with certain exceptions, details on treatments during the past seven years;
  • additional information on criminal activities, including convictions or charges involving firearms or explosives;
  • alcohol use in the past seven years that has negatively impacted the applicant’s work, personal relationships, finances, or resulted in “intervention by law enforcement/public safety personnel”;
  • use, possession, or other involvement with illegal drugs (including marijuana) in the past seven years or at any time while holding a clearance;
  • details on the applicant’s financial condition and civil court actions; and improper use of information technology systems.

What Other Records Are Contained in OPM’s Personnel Security Background Investigation Files?

OPM’s systems also include information gathered by investigators during the background investigation process, such as summaries of interviews with the applicant’s family members, co-workers, friends, and neighbors. Additionally, investigators may run credit checks, pull civil and criminal court records, and run checks of state and federal agency records to verify information that the applicant provided on the application.

According to OPM’s most recent Privacy Act Notice, personnel investigation records may also include information provided by other agencies, such as:

  • Internal Revenue Service income tax returns;
  • prior security clearance investigative records; and
  • clearance adjudicative records, including polygraph results, if applicable.

It is unclear from OPM’s news release if these types of investigative records were compromised in the breach.

#

US Embassy Pakistan: Local Employee Iqbal Baig Killed in Islamabad

Posted: 2:47 pm EDT

 

A local employee of the U.S. Embassy in Pakistan was reportedly killed by unidentified gunmen in the capital city of Islamabad.  The victim was identified as Iqbal Baig who worked for the US Drug Enforcement Agency (DEA) reportedly for about a dozen years. The AFP citing the victim’s brother reports that the victim had received threats in the recent past.

.

.

.

Related posts:

 

 

OPM to Charge Agencies for Credit Monitoring Offered to Federal Employees

Posted: 2:32 am EDT

 

The latest update from “M” on the OPM breach dated July 15, notes that “The State Department never transferred personnel records to the OPM facility. However, if you had other U.S. Government service prior to joining State, you may have had records that were involved.” On the background information breach, it says that “State Department employees’ SF-85 and SF-86 forms (depending on the appointment) were in the OPM system and thus were impacted. However, other background investigation material was not.”

If you have additional questions email DG DIRECT [DGDIRECT@STATE.GOV] or OPM’s new email: cybersecurity@opm.gov

AFSA’s latest update to its membership is dated July 10 and available to read here.

Some developments on the fallout from the data breach:

 

.

.

.

.

.

.

.

.

.

.

#

 

State Dept Authorization Bill Mandates Security Breach Reporting, NSA Consultations –Can PenTest Be Far Behind?

Posted: 12:27 am EDT
Updated: 11:23 am PDT

 

Update: A source on the Hill alerted us that the State Authorization bill was offered as an amendment when the NDAA was debated in the Senate last month but it was not voted on and the NDAA passed on June 18 (That would be H.R. 1735 which passed 215 (71-25)  We understand that both chambers are now starting the process to bring the bill to conference in order to resolve differences.  The State Authorization bill, we are told, will not be part of those discussions.  In order for this to move forward, it will either need to be brought to the floor as a stand alone vote or Corker/Cardin could try again to attach it to another piece of legislation. Given that this is the first authorization bill passed by the SFRC in 5 years, and made it through the committee with bi-partisan support, we suspect that the senators will not just easily forget about this. — DS

On June 9, 2015, U.S. Senators Bob Corker (R-Tenn.) and Ben Cardin (D-Md.), the chairman and ranking member of the Senate Foreign Relations Committee, applauded the unanimous committee passage of the Fiscal Year 2016 Department of State Operations Authorization and Embassy Security Act. The SFRC statement says that it has been five years since the Senate Foreign Relations Committee passed a State Department Authorization bill and 13 years since one was enacted into law.  This State Department Authorization bill has been offered as an amendment to the National Defense Authorization Act, which currently is on the Senate floor. It is quite lengthy so we’re doing this in installments.

Below is the section on information technology system security that mandates security breach reporting, as well as making State Dept systems and networks available to the Director of the National Security Agency (NSA) and any other such departments or agencies to carry out necessary tests and procedures.

The State Department’s Consular Consolidated Database (CCD) as of 2011 contains over 137 million American and foreign case records and over 130 million photographs and is growing at approximately 40,000 visa and passport cases every day. If the CCD is compromised, it would be a jackpot for hackers that would make the OPM hack severely pales in comparison.

If this bill passes, will the penetration test by NSA on one of the world’s largest data warehouses finally happen?

Via govtrack:

Section 206.Information technology system security

(a)In general

The Secretary shall regularly consult with the Director of the National Security Agency and any other departments or agencies the Secretary determines to be appropriate regarding the security of United States Government and nongovernment information technology systems and networks owned, operated, managed, or utilized by the Department, including any such systems or networks facilitating the use of sensitive or classified information.

(b)Consultation

In performing the consultations required under subsection (a), the Secretary shall make all such systems and networks available to the Director of the National Security Agency and any other such departments or agencies to carry out such tests and procedures as are necessary to ensure adequate policies and protections are in place to prevent penetrations or compromises of such systems and networks, including by malicious intrusions by any unauthorized individual or state actor or other entity.

(c)Security breach reporting

Not later than 180 days after the date of the enactment of this Act, and every 180 days thereafter, the Secretary, in consultation with the Director of the National Security Agency and any other departments or agencies the Secretary determines to be appropriate, shall submit a report to the appropriate congressional committees that describes in detail—

(1)all known or suspected penetrations or compromises of the systems or networks described in subsection (a) facilitating the use of classified information; and

(2)all known or suspected significant penetrations or compromises of any other such systems and networks that occurred since the submission of the prior report.

(d)Content

Each report submitted under subsection (c) shall include—

(1)a description of the relevant information technology system or network penetrated or compromised;

(2)an assessment of the date and time such penetration or compromise occurred;

(3)an assessment of the duration for which such system or network was penetrated or compromised, including whether such penetration or compromise is ongoing;

(4)an assessment of the amount and sensitivity of information accessed and available to have been accessed by such penetration or compromise, including any such information contained on systems and networks owned, operated, managed, or utilized by any other department or agency of the United States Government;

(5)an assessment of whether such system or network was penetrated by a malicious intrusion, including an assessment of—

(A)the known or suspected perpetrators, including state actors; and

(B)the methods used to conduct such penetration or compromise; and

(6)a description of the actions the Department has taken, or plans to take, to prevent future, similar penetrations or compromises of such systems and networks.

#

Related Post:
S.1635: DOS Operations Authorization and Embassy Security Act, Fiscal Year 2016 – Security Clearance

21.5 Million Americans Compromised, OPM’s Ms. Archuleta Still Not Going Anywhere

Posted: 1:36 am  PDT

Excerpt via opm.gov:

OPM announced the results of the interagency forensic investigation into the second incident.  As previously announced, in late-May 2015, as a result of ongoing efforts to secure its systems, OPM discovered an incident affecting background investigation records of current, former, and prospective Federal employees and contractors.  Following the conclusion of the forensics investigation, OPM has determined that the types of information in these records include identification details such as Social Security Numbers; residency and educational history; employment history; information about immediate family and other personal and business acquaintances; health, criminal and financial history; and other details.  Some records also include findings from interviews conducted by background investigators and fingerprints.  Usernames and passwords that background investigation applicants used to fill out their background investigation forms were also stolen.

While background investigation records do contain some information regarding mental health and financial history provided by those that have applied for a security clearance and by individuals contacted during the background investigation, there is no evidence that separate systems that store information regarding the health, financial, payroll and retirement records of Federal personnel were impacted by this incident (for example, annuity rolls, retirement records, USA JOBS, Employee Express).

This incident is separate but related to a previous incident, discovered in April 2015, affecting personnel data for current and former Federal employees.  OPM and its interagency partners concluded with a high degree of confidence that personnel data for 4.2 million individuals had been stolen.  This number has not changed since it was announced by OPM in early June, and OPM has worked to notify all of these individuals and ensure that they are provided with the appropriate support and tools to protect their personal information.

Analysis of background investigation incident.  Since learning of the incident affecting background investigation records, OPM and the interagency incident response team have moved swiftly and thoroughly to assess the breach, analyze what data may have been stolen, and identify those individuals who may be affected.  The team has now concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was stolen from the background investigation databases.  This includes 19.7 million individuals that applied for a background investigation, and 1.8 million non-applicants, predominantly spouses or co-habitants of applicants.  As noted above, some records also include findings from interviews conducted by background investigators and approximately 1.1 million include fingerprints.  There is no information at this time to suggest any misuse or further dissemination of the information that was stolen from OPM’s systems.

If an individual underwent a background investigation through OPM in 2000 or afterwards (which occurs through the submission of forms SF 86, SF 85, or SF 85P for a new investigation or periodic reinvestigation), it is highly likely that the individual is impacted by this cyber breach. If an individual underwent a background investigation prior to 2000, that individual still may be impacted, but it is less likely.

So, are we supposed to wait for another credit monitoring offer from OPM’s partners for this BI hack, after already being offered credit monitoring for the personnel data compromised in an earlier breach?

Yes. Wonderful.

Ms. Archuleta should do the right thing and resign.

Part of OPM’s public response to these breaches has been to protect the director’s record at the agency.  While she remains in charge, I suspect that the fixes at OPM will also include shielding the director from further damage. News reports already talk about OPM’s push back. Next thing you know we’ll have “setting the record straight” newsbots all over the place.

While it is true that Ms. Archuleta arrived at OPM with legacy systems still in operation, these breaches happened under her watch. Despite her protestation that no one is personally responsible (except the hackers), she is the highest accountable official at OPM.  Part and parcel of being in a leadership position is to own up to the disasters under your wings.  Ms. Archuleta should resign and give somebody else a chance to lead the fixes at OPM.

via reactiongifs.com

via reactiongifs.com

.

.

.

.

.

.

.

We Meant Well, Afghanistan Edition: Ghost Students, Ghost Teachers, Ghost Schools, Ugh!

Posted: 1:16 am  PDT

 

.

Excerpt:

Over and over, the United States has touted education — for which it has spent more than $1 billion — as one of its premier successes in Afghanistan, a signature achievement that helped win over ordinary Afghans and dissuade a future generation of Taliban recruits. As the American mission faltered, U.S. officials repeatedly trumpeted impressive statistics — the number of schools built, girls enrolled, textbooks distributed, teachers trained, and dollars spent — to help justify the 13 years and more than 2,000 Americans killed since the United States invaded.

But a BuzzFeed News investigation — the first comprehensive journalistic reckoning, based on visits to schools across the country, internal U.S. and Afghan databases and documents, and more than 150 interviews — has found those claims to be massively exaggerated, riddled with ghost schools, teachers, and students that exist only on paper. The American effort to educate Afghanistan’s children was hollowed out by corruption and by short-term political and military goals that, time and again, took precedence over building a viable school system. And the U.S. government has known for years that it has been peddling hype.
[…]
USAID program reports obtained by BuzzFeed News indicate the agency knew as far back as 2006 that enrollment figures were inflated, but American officials continued to cite them to Congress and the American public.

As for schools it actually constructed, USAID claimed for years that it had built or refurbished more than 680, a figure Hillary Clinton cited to Congress in 2010 when she was secretary of state. By 2014, that number had dropped to “more than 605.” After months of pressing for an exact figure, the agency told BuzzFeed News the number was 563, a drop of at least 117 schools from what it had long claimed.
.

Last week, we were looking for clinics.

What’s next … ghost soldiers? Oops, that’s already an old story?

#