An American Ambassador’s Charm Offensive Via a TV Reality Show

Posted: 3:54 am EDT




Excerpt via Vanity Fair:

Says Richard Stengel, Under Secretary of State for Public Diplomacy & Public Affairs, “We give ambassadors great latitude and discretion in media engagements in their host countries. Ambassador Gifford has been one of the most creative in identifying novel and innovative ways to connect with his local audience to advance the image of the U.S. and our foreign policy goals.”

His accessibility hasn’t come without his critics: some commentators in Denmark have suggested that Gifford’s celebrity status has made the Danish press less critical of the nice American man from television. The show will end its run this month, though, with no plans for a third season. Gifford’s charm offensive will continue for another year, until the next president assigns a new ambassador to Denmark.

So what does life post posting look like? “I have no idea what we’ll do next,” he says. “I say ‘we’ because Stephen is a big part of the equation [since] he’s moved around the world for me. . . . If he wants to move to Kenya and go work on saving elephants, I’ll figure out what to do, because he deserves that time.”

Read in full here.


State/OIG Reviews IRM’s Vendor Management Office’s Role in Vanguard’s $3.5.B Contract

Posted: 12:11  am EDT

This is an excerpt from the State/OIG report on IRM’s new Vendor Management Office (VMO):

In a March 2013 action memorandum, the Chief Information Officer (CIO) established the Vendor Management Office (VMO) in the Bureau of Information Resource Management (IRM), Operations, to support the Vanguard Acquisition Strategy. The CIO created the VMO after determining that he needed dedicated staff to monitor the Vanguard contract and assist with the formulation of well-defined performance metrics. The Vanguard Acquisition Strategy, a Department initiative, consolidated existing IRM contracts under the umbrella of one performance-based contract with multiple firm fixed price1 task orders to provide better coordination and improve service delivery. The total Vanguard contract award was $3.5 billion over a period of 10 years and comprised 90 to 95 percent of IRM-wide contracting activity; IRM also has 50 contracts totaling $74 million that do not fall under the VMO or Vanguard.

Three functional support units comprise the VMO: Contract Management, Service Performance Management, and Enterprise Project Lifecycle Management. The VMO is separate from the Bureau of Administration, Office of Logistics Management, Office of Acquisitions Management (AQM), which is responsible for executing the Vanguard contract.
Since the VMO’s establishment, the CIO has tasked it with coordinating several priority projects that include Public Key Infrastructure deployment, the Virtual Desktop Initiative, the Foreign Affairs Network, and Cyber Security. These are listed objectives in the Department’s IT Strategic Plan. This has led to increased responsibilities for the VMO and the resources needed to support them.

Where is this on the FAM, again?

The language in 1 Foreign Affairs Manual (FAM), 270 Organizations and Functions for the VMO, drafted in August 2014, was still in the clearance process at the time of the inspection.

The VMO operates without authority to require compliance with its procedures. The Department has no guidelines on the operation of a vendor management office in the FAM, which defines authorities and responsibilities for each major component of the Department.

To date, the VMO has operated without a 1 FAM entry or IRM policy or guidance that specifies the office’s authority. On April 13, 2015, IRM circulated a draft 1 FAM, outlining the proposed role and responsibilities of the VMO. In the interim, the VMO has no mechanism beyond consensus building to enforce adherence to its policies, procedures, and processes.

More contractors than direct-hire employees?

At the start of the inspection, the VMO staff consisted of 9 full-time employees, 1 student- trainee, and 16 contract positions. During the inspection, the number of contract positions increased to 24. FY 2014 funding for VMO activities is $1.5 million from diplomatic and consular program funding. As of May 2015, the amount for FY 2015 had increased to $3.9 million because of resources needed to manage new projects.

$376K Performance Incentive Fees to Contractors

The VMO Service Performance Management unit has implemented performance metrics to review and analyze information generated through contractor performance assessments. The CORs and GTMs are required to review and validate performance metrics on a monthly basis. However, between April 2014 and March 2015, the OIG team found that Vanguard GTMs failed to validate, on average, 25 of the 268 performance metrics each month because of other priorities. Despite the lack of review and validation, the CORs and GTMs certify to the contracting officer that the contractor has provided all services as specified in the contract and met all the performance metrics and that the Department can pay contractors their incentive fees. For example, in January and February 2015, the Department paid $376,595 in incentive fees to contractors for superior performance without a review or verification of 20 performance metrics, which could lead to the Department paying for services that it did not receive.

The system the VMO uses to process performance metric data for contracts is inadequate for mission requirements. The unit currently uses Excel spreadsheets to track, monitor, and analyze contractor compliance with 475 active performance metrics.

What about iSchedule?

The Enterprise Lifecycle Project Management unit created the iSchedule Management System (iSchedule), which provides the framework for integrating information technology project schedules to enable IRM to assign and manage work, monitor and control progress toward milestones, and understand the relationships and dependencies among the information technology projects.
Despite the VMO’s deployment of the iSchedule application in September 2014, IRM directorates do not use iSchedule on a consistent basis because IRM has not yet made use of the system mandatory. This inconsistent use of iSchedule has resulted in inadequate bureau coordination and incomplete project data and limits visibility on projects, activities, and risk. According to 5 FAH-5 H212, projects may require the formal use of a project management tool.

Inadequate acquisition planning and sole source contracts

The OIG team found little evidence that the Messaging Systems Office and the VMO conducted acquisition planning within the timeframes suggested in the Federal Acquisition Regulation 7.104-General Procedures.

In order to award a new blanket purchase agreement, the Messaging Systems Office submitted a sole source justification based on an urgent and compelling need. The Department’s Office of the Legal Adviser denied the office’s request because of inadequate acquisition planning. Program offices issuing requirements without sufficient lead-time restricts competition and risks increased costs. It can also put a strain on the contracting and administrative staff.

Read the full report here:


CCD: Report Says Visa Processing Systems Pose Significant Challenges; Also Face User-Friendlessness?

Posted: 12:02 am EDT


According to Commerce, international travelers contributed $220.6 billion to the economy and supported 1.1 million jobs in 2014. Processing visas for such travelers as efficiently and effectively as possible without compromising our national security is critical to maintaining a competitive and secure travel and tourism industry in the United States. Although State has historically struggled with the task of maintaining reasonable wait times for NIV interviews, it has undertaken a number of efforts in recent years that have yielded substantial progress in reducing such waits.

Significant projected increases in NIV demand coupled with consular hiring constraints and other challenges could hinder State’s ability to sustain this progress in the future—especially in countries where the demand for visas is expected to rise the highest. These challenges heighten the importance of systematically evaluating the cost and impact of the multiple measures State has taken to reduce interview wait times in recent years and leveraging that knowledge in future decision making. Without this, State’s ability to direct resources to those activities that offer the greatest likelihood of success is limited. Moreover, State’s future capacity to cope with rising NIV demand will be challenged by inefficiencies in its visa processing technology; consular officers and management officials at the posts we visited pointed to cumbersome user procedures and frequent system failures as enormous obstacles to efficient NIV processing. State’s Bureau of Consular Affairs recognizes these problems and plans a number of system enhancements; however, the bureau does not systematically collect input from consular officers to help guide and prioritize these planned upgrades. Without a systematic effort to gain the input of those who employ these systems on a daily basis, State cannot be assured that it is investing its resources in a way that will optimize the performance of these systems for current and future users.


Consular officers and managers at posts we visited identified current information technology (IT) systems as one of the most significant challenges to the efficient processing of NIVs. Consular officers in all 11 focus groups we conducted across the four posts we visited stated that problems with the Consular Consolidated Database (CCD) and the NIV system create significant obstacles for consular officers in the processing of NIVs.26 Specifically, consular officers and managers at posts stated that frequent NIV system outages and failures (where the system stops working) at individual posts, worldwide system outages of CCD, and IT systems that are not user friendly, negatively affected their ability to process NIVs.

— NIV system outages and failures at posts: Consular officers we spoke with in Beijing, Mexico City, New Delhi, and São Paulo explained that the NIV system regularly stops working. This results in a reduced number of adjudications (whether being performed at the interview window or, for an IWP applicant, at an officer’s desk) in a day. Notably, consular officers in 4 of the 11 focus groups reported having to stop work or re-adjudicate NIV applications as a result of these NIV system failures. In fact, during our visit to the U.S. Embassy in New Delhi in March 2015, a local NIV outage occurred, affecting consular officers’ ability to conduct adjudications. In January 2015, officers in Bogotá, Guadalajara, Monterrey, and Moscow—among the top 15 posts with the highest NIV applicant volume in 2014— experienced severe NIV performance issues—specifically an inability to perform background check queries against databases.

— Worldwide outages and operational issues of CCD: Since July 2014, two worldwide outages of CCD have impaired the ability of posts to process NIV applications. On June 9, 2015, an outage affected the ability of posts to run checks of biometric data, thus halting most visa printing along with other services offered at posts.27 According to State officials, the outage affected every post worldwide for 10 days. The system was gradually repaired, but it was not fully restored at all posts until June 29, 2015, exacerbating already increased NIV interview wait times at some posts during the summer high demand season.According to State notices, another significant outage of CCD occurred on July 20, 2014, slowing NIV processing worldwide until September 5, 2014, when CCD returned to full operational capacity.28 State estimated that from the start of operational issues on July 20 through late July, State issued approximately 220,000 NIVs globally— about half of the NIVs State anticipated issuing during that period. According to officials in State’s Bureau of Consular Affairs, Office of Consular Systems and Technology (CST), who are responsible for operating and maintaining CCD and the NIV system, consular officers were still able to collect NIV applicant information during that period; however, processing of applications was significantly delayed with an almost 2-week backlog of NIVs. In the U.S. Consulate in São Paulo, a consular management official reported that due to this outage, the post had a backlog of about 30,000 NIV applications, or approximately 9 days’ worth of NIV interviews during peak season. Consular officers in 8 out of the 11 focus groups we conducted identified a lengthy CCD outage as a challenge to the efficient processing of NIVs.

— IT systems are not user friendly: In 9 out of 11 focus groups, consular officers described the IT systems for NIV processing as not user friendly. Officers in our focus groups explained that some aspects of the system hinder their ability to quickly and efficiently process NIVs. These aspects include a lack of integration among the databases needed for NIV adjudications, the need for manual scanning of documentation provided by an applicant, and an absence of standard keyboard shortcuts29 across all IT applications that would allow users to quickly copy information when processing NIV applications for related applicants, to avoid having to enter data multiple times. Some consular officers in our focus groups stated that they could adjudicate more NIVs in a day if the IT systems were less cumbersome and more user friendly.

— Consular officers in Beijing and Mexico City and consular management at one post indicated that the NIV system appeared to be designed without consideration for the needs of a high volume post, which include efficiently processing a large number of applications per adjudicator each day. According to consular officers, the system is poor at handling today’s high levels of demand because it was originally designed in the mid- 1990s. Consular officers in São Paulo stated that under current IT systems and programs, the post may not be able to process larger volumes that State projects it will have in the future.

— State, recognizing the limits of its current consular IT systems, initiated the development of a new IT platform. State is developing a new system referred to as “ConsularOne,” to modernize 92 applications that include systems such as CCD and the NIV system. According to State, ConsularOne will be implemented in six phases, starting with passport renewal systems and, in phase five, capabilities associated with adjudicating and issuing visas (referred to as non-citizen services). However, CST officials have yet to formally commit to when the capabilities associated with non-citizen services are to be implemented. According to a preliminary CST schedule, the enhanced capabilities associated with processing NIVs are not scheduled for completion until October 2019. Given this timeline, according to State officials, enhancements to existing IT systems are necessary and are being planned.

State Does Not Systematically Obtain End User Input to Prioritize Improvement Efforts for Current IT Systems

Although consular officers and managers we spoke with identified CCD and the NIV system as one of the most significant challenges to the efficient processing of NIVs, State does not systematically measure end user (i.e., consular officers) satisfaction. We have previously reported that in order for IT organizations to be successful, they should measure the satisfaction of their users and take steps to improve it.30 The Software Engineering Institute’s IDEALSM model is a recognized approach for managing efforts to make system improvements.31 According to this model, user satisfaction should be collected and used to help guide improvement efforts through a written plan. With such an approach, IT improvement resources can be invested in a manner that provides optimal results.

Although State is in the process of upgrading and enhancing CCD and the NIV system, State officials told us that they do not systematically measure user satisfaction with their IT systems and do not have a written plan for improving satisfaction. According to CST officials, consular officers may voluntarily submit requests to CST for proposed IT system enhancements. Additionally, State officials noted that an IT stakeholder group comprising officials in State’s Bureau of Consular Affairs regularly meets to identify and prioritize IT resources and can convey end user concerns for the system.32 However, State has not collected comprehensive data regarding end user satisfaction and developed a plan to help guide its current improvement efforts. Furthermore, consular officers continued to express concerns with the functionality of the IT systems, and some officers noted that enhancements to date have not been sufficient to address the largest problems they encounter with the systems.

Given consular officers’ reliance on IT services provided by CST, as well as the feedback we received from focus groups, it is critical that State identify and implement feedback from end users in a disciplined and structured fashion for current and any future IT upgrades. Without a systematic approach to measure end user satisfaction, CST may not be able to adequately ensure that it is investing its resources on improvement efforts that will improve performance of its current and future IT systems for end users.


Snapshot: Consular Staffing Levels in Brazil & China — FY 2011 to 2014

Posted: 12:41 pm EDT


According to State’s Bureau of Consular Affairs, the past hiring of additional staff through various authorities and temporary assignments of consular officers during periods of high NIV demand contributed to meeting E.O. 13597’s goals of expanding NIV processing capacity and reducing worldwide wait times, particularly at U.S. posts in Brazil, China, India, and Mexico.16

• Increase in consular officers: According to State officials, from fiscal year 2012 through 2014, State “surged” the number of consular officers deployed worldwide from 1,636 to 1,883 to help address increasing demand for NIVs, an increase of 15 percent over 3 years. In response to E.O. 13597, State increased the number of deployed consular officers between January 19, 2012 (the date of E.O. 13597), and January 19, 2013, from 50 to 111 in Brazil, and 103 to 150 in China, a 122 and 46 percent increase, respectively (see fig. 2 for additional information on consular staffing increases in Brazil and China). As a result, State met its goal of increasing its NIV processing capacity in Brazil and China by 40 percent within a year of the issuance of E.O. 13597.

Screen Shot 2015-10-27

• Limited noncareer appointments: In fiscal year 2012, State’s Bureau of Consular Affairs launched the limited noncareer appointment (LNA) pilot program to quickly deploy language-qualified staff to posts facing an increase in NIV demand and workload. The first cohort of LNAs—who are hired on a temporary basis for up to 5 years for specific, time-bound purposes—included 19 Portuguese speakers for Brazil and 24 Mandarin speakers for China who were part of the increased number of consular officers deployed to posts noted above. In fiscal year 2013, State expanded the LNA program to include Spanish speakers. As of August 2015, State had hired 95 LNAs for Brazil, China, Colombia, the Dominican Republic, Ecuador, and Mexico.

• Temporary assignment of consular officers: State utilizes the temporary redeployment of Foreign Service officers and LNAs to address staffing gaps and increases in NIV demand. Between October 2011 and July 2012, State assigned, on temporary duty, 220 consular officers to Brazil and 48 consular officers to China as part of its effort to reallocate resources to posts experiencing high NIV demand. State continues to use this method to respond to increases in NIV demand. For example, during the first quarter of fiscal year 2015, India experienced a surge in NIV demand that pushed NIV interview wait times over 21 days at three posts. To alleviate the situation, consular managers in India sent officers to the U.S. Consulate in Mumbai, which was experiencing higher wait times, from other posts, allowing the U.S. Mission in India to reduce average wait times to approximately 10 days by the end of December 2014.


Snapshot: Nonimmigrant Visa (NIV) Forecast Through Fiscal Year 2019-18 Million

Posted: 12:56 am EDT

Via GAO:

Since 2012, the Department of State (State) has undertaken several efforts to increase nonimmigrant visa (NIV) processing capacity and decrease applicant interview wait times. Specifically, it has increased consular staffing levels and implemented policy and management changes, such as contracting out administrative support services. According to State officials, these efforts have allowed State to meet the goals of Executive Order (E.O.) 13597 of increasing its NIV processing capacity by 40 percent in Brazil and China within 1 year and ensuring that 80 percent of worldwide NIV applicants are able to schedule an interview within 3 weeks of State receiving their application. Specifically, State increased the number of consular officers in Brazil and China by 122 and 46 percent, respectively, within a year of the issuance of E.O. 13597. Additionally, according to State data, since July 2012, at least 80 percent of worldwide applicants seeking a tourist visa have been able to schedule an interview within 3 weeks.

Two key challenges—rising NIV demand and problems with NIV information technology (IT) systems—could affect State’s ability to sustain the lower NIV interview wait times. First, State projects the number of NIV applicants to rise worldwide from 12.4 million in fiscal year 2014 to 18.0 million in fiscal year 2019, an increase of 45 percent (see figure).

Screen Shot 2015-10-27

Given this projected NIV demand and budgetary limits on State’s ability to hire more consular officers at posts, State must find ways to achieve additional NIV processing efficiencies or risk being unable to meet the goals of E.O. 13597 in the future. Though State’s evaluation policy stresses that it is important for bureaus to evaluate management processes to improve their effectiveness and inform planning, State has not evaluated the relative effectiveness of its various efforts to improve NIV processing. Without conducting a systematic evaluation, State cannot determine which of its efforts have had the greatest impact on NIV processing efficiency. Second, consular officers in focus groups expressed concern about their ability to efficiently conduct adjudications given State’s current IT systems. While State is currently enhancing its IT systems, it does not systematically collect information on end user (i.e., consular officer) satisfaction to help plan and guide its improvements, as leading practices would recommend. Without this information, it is unclear if these enhancements will address consular officers’ concerns, such as having to enter the same data multiple times, and enable them to achieve increased NIV processing efficiency in the future.


@StateDept’s Problematic Information Security Program and Colin Powell’s Wired Diplomatic Corps

Posted: 2:10 am EDT



Via the AP:

Clinton approved significant increases in the State Department’ information technology budgets while she was secretary, but senior State Department officials say she did not spend much time on the department’s cyber vulnerabilities. Her emails show she was aware of State’s technological shortcomings, but was focused more on diplomacy.
Emails released by the State Department from her private server show Clinton and her top aides viewed the department’s information technology systems as substandard and worked to avoid them.

Screen Shot 2015-10-20

click here to view pdf file

The report does not include specific details on the “significant increases” in the IT budget. Where did it go? Why did the Clinton senior staff suffer through the State Department’s antiquated technology without any fixes?

In contrast, here is Colin Powell’s Wired Diplomatic Corps:

Another disturbing aspect of State Department life prior to 2001 was the poor condition of its information technology (IT). Independent commissions warned the organization’s computer networks were “perilously close to the point of system failure” and “the weakest in the U.S. government.” Inadequate funding, concerns over IT security, and simple bureaucratic inertia were all contributing factors. Powell came to an institution in which his employees relied on an antiquated cable messaging system, slow, outdated computers and as many as three separate networks to do their daily work. At several posts diplomats did not enjoy full access to the Internet or the department’s classified network. Such realities were troubling for a new secretary of state, who had served on American Online’s board of directors and considered Internet access an indispensable resource in his own daily life. Powell believed effective twenty-first diplomacy necessitated a modern communications system at State and made its establishment a top priority.

As with embassy construction and security, Powell successfully garnered the financial resources to make substantial quantitative and qualitative improvements in the organization’s information technology. For instance, a secure unclassified computer network with full Internet access was extended to 43,500 desktops during his tenure, making the State Department a fully wired bureaucracy for the first time in its history. This goal was reached in May 2003, under budget and ahead of schedule. Shortly thereafter a modernized classified network was installed at 224 embassies and consulates — every post that the Bureau of Diplomatic Security deemed eligible for such technology. In addition, a Global IT Modernization (GIT-M) program was launched to ensure that all computer hardware is kept state-of-the-art through an aggressive, four-year replacement cycle. Other changes equipped the institution with cutting-edge mainframes, updated secure telephones, and wireless emergency communication systems. Most recently, the State Department began under Powell’s leadership to replace its decades old cable and e-mail systems with one modern, secure, and fully integrated messaging and retrieval system.

These impressive technological changes were complemented by the creation of a new 10-person office for e-Diplomacy in 2002. The unit was established to support State’s information revolution by finding ways to increase organizational efficiency through information technology, making the newly installed systems user-friendly, and continuing to identify new ways to send, store and access information. Furthermore, IT security was enhanced considerably. One department report indicated that by August 2004, 90.4 percent of State’s operational systems had been fully authorized and certified, earning the department OMB’s highest rating for IT improvement under the President’s Management Agenda (PMA). In part, achievements of this type were facilitated through Powell’s hiring of 530 new IT specialists (while controlling for attrition). Through an aggressive recruitment and retention program based on incentives and bonuses, the department’s vacancy rate for such positions, which was “over 30 percent five years ago, [was] essentially eliminated.” As with congressional relations and embassy construction and security, State’s information technology was enhanced significantly under Powell’s leadership.

Read in full here via American Diplomacy — The Other Side of Powell’s Record by Christopher Jones.

So, among the more recent secretaries of state, one stayed home more than most. Secretary Powell knew the IT systems were substandard and he went about making the fixes a priority; he did not hand it off to “H” to lobby Congress or simply talked about the State Department’s “woeful state of civilian technology.” 

Below is a clip from OIG Steve Linick’s Management Alert for recurring information system weaknesses spanning FY2011-FY2013.  The actual FISMA reports do not seem to be publicly available at this time:

Screen Shot 2015-10-20

The FISMA audit dated October 2014 says:

[T]he Chief Information Security Officer stated that the Bureau of Information Resource Management, Office of Information Assurance (IRM/IA), received a budget of $14 million in FY 2014, an increase from $7 million in FY 2013.6 A majority of the budget was used for contractor support to improve FISMA compliance efforts.

We identified control deficiencies in all [Redacted] (b) (5)  of the information security program areas used to evaluate the Department’s information security program. Although we recognize that the Department has made progress in the areas of risk management, configuration management, and POA&M since FY 2013, we concluded that the Department is not in compliance with FISMA, OMB, and NIST requirements. Collectively, the control deficiencies we identified during this audit represent a significant deficiency to enterprise-wide security, as defined by OMB Memorandum M-14-04.

We have been unable to find the FISMA reports during all of Rice, Clinton and Kerry tenures. We’ll keep looking.



Was the Consular Consolidated Database (CCD) the main target of the twin hackers?

Posted: 1:27 am EDT


In May 2015, a federal grand jury indicted twin brothers Muneeb and Sohaib Akhter, 23, of Springfield, Virginia, on charges of aggravated identity theft, conspiracy to commit wire fraud, conspiracy to access a protected computer without authorization, access of a protected computer without authorization, conspiracy to access a government computer without authorization, false statements, and obstruction of justice.  According to USDOJ, the brothers and coconspirators also devised a scheme to hack into computer systems at the U.S.  Department of State to access network traffic and to obtain passport information.  (See Twin Brothers and Co-Conspirators on Alleged Scheme to Hack State Dept to Obtain Passport Information).

The bothers pleaded guilty on June 26, 2015.   On October 2, the USDOJ announced that Muneeb Akhter was sentenced for accessing a protected computer without authorization, making a false statement and obstructing justice.  Muneeb Akhter was sentenced to 39 months in prison and Sohaib Akhter was sentenced to 24 months in prison.  Each man was also sentenced to three years of supervised release. Case title: USA v. Akhter et al.  Below is an excerpt from the announcement:

[T]he Akhter brothers and co-conspirators engaged in a series of computer intrusions and attempted computer intrusions against the U.S. Department of State to obtain sensitive passport and visa information and other related and valuable information about State Department computer systems.  In or around February 2015, Sohaib Akhter used his contract position at the State Department to access sensitive computer systems containing personally identifiable information belonging to dozens of co-workers, acquaintances, a former employer and a federal law enforcement agent investigating his crimes.

Sohaib Akhter later devised a scheme to ensure that he could maintain perpetual access to desired State Department systems.  Sohaib Akhter, with the help of Muneeb Akhter and co-conspirators, attempted to secretly install an electronic collection device inside a State Department building.  Once installed, the device could have enabled Sohaib Akhter and co-conspirators to remotely access and collect data from State Department computer systems.  Sohaib Akhter was forced to abandon the plan during its execution when he broke the device while attempting to install it behind a wall at a State Department facility in Washington, D.C.

Furthermore, beginning in or about November 2013, Muneeb Akhter was performing contract work for a private data aggregation company located in Rockville, Maryland.  He hacked into the company’s database of federal contract information so that he and his brother could use the information to tailor successful bids to win contracts and clients for their own technology company.  Muneeb Akhter also inserted codes onto the victim company’s servers that caused them to vote for Akhter in an online contest and send more than 10,000 mass emails to students at George Mason University, also for the purpose of garnering contest votes.

In or about October 2014, Muneeb Akhter lied about his hacking activities and employment history on a government background investigation form while successfully obtaining a position with a defense contractor.  Furthermore, in or about March 2015, after his arrest and release pending trial, Muneeb Akhter obstructed justice by endeavoring to isolate a key co-conspirator from law enforcement officers investigating the conspirators’ crimes.  Among other acts, Muneeb Akhter drove the co-conspirator to the airport and purchased a boarding pass, which the co-conspirator used to travel out of the country to the Republic of Malta.  When the co-conspirator returned to the United States, Muneeb Akhter continued to encourage the co-conspirator to avoid law enforcement agents.

One of the brothers was profiled by WaPo in 2014. Both brothers started college at 16 and they were George Mason’s youngest graduates in 2011. In 2012, the brothers received a $200,000 grant from the Defense Advanced Research Project Agency, or DARPA.

The details of this case are even more disturbing.  Under Count Eight  (Conspiracy to Access a Government Computer without Authorization).

60. The Bureau of Consular Affairs (hereinafter “Bureau”) is a division of the State Department, which administers laws, formulates regulations, and implements policies relating to consular services and immigration. It has physical offices in Washington, DC.

61. Passport Lockbox (hereinafter “Lockbox”) is a Bureau program that performs payment processing, scarming of applications, and initial data entry for US. passport applications. Lockbox has a computer database containing imaged passport applications associated with real individuals. The imaged passport applications in Lockbox’s database contain, among other things, a photograph of the passport applicant, as well as certain personal information including the applicant’s full name, date and place of birth, current address, telephone numbers, parent information, spouse’s name, and emergency contact information.

62. ActioNet, Inc. (hereinafter “ActioNet”) is a contractor that provided information technology support to the State Department. It has physical offices in Falls Church, Virginia, located in the Eastern District of Virginia.

63. From in or about October 2014 to in or about February 2015, SOHAIB AKHTER was a contract employee at ActioNet assigned to a position at the State Department as a Tier II Application Support Resource in the Data Engineering and Data Management Program within the Bureau.

64. Prior to accessing the Lockbox database, and throughout his tenure as a contractor with the State Department, SOHAIB AKHTER was made aware of and indicated he understood: (a) the confidential nature of the Lockbox database and the confidential personal data contained therein; (b) the information contained in the passport records maintained by the State Department pursuant to Lockbox is protected from unauthorized disclosure by the Privacy Act of 1974, 5 U.S.C. § 552a; and (c) passport applications maintained by the State Department in the Lockbox database should be accessed only in connection with an employee’s official government duties and not the employee’s interest or curiosity.

69. MUNEEB AKHTER and SOHAIB AKHTER, UCC-l, and other coconspirators known and unknown to the Grand Jury, engaged in a series of computer intrusions and attempted computer intrusions against the State Department to obtain sensitive passport and visa information and other related and valuable information about State Department computer systems.

70. SOHAIB AKHTER used his contract position at the State Department to search for and access sensitive passport information belonging to coworkers, acquaintances, a former employer, and federal agents investigating him for crimes alleged in this Indictment. After accessing sensitive passport information from State Department computers, SOHAIB AKHTER copied, saved, and shared this information with coconspirators.

71. SOHAIB AKHTER also attempted to use his access to State Department computer systems to create an unauthorized account that would enable him to access State Department computer systems undetected. SOHAIB AKHTER surreptitiously installed malicious programs onto State Department computer systems in order to execute his plan to create the backdoor login account.

72. SOHAIB AKHTER orchestrated a scheme to secretly install a physical device at a State Department building known as SA-17. Once installed, the device would enable SOHAIB AKHTER and coconspirators to collect data from and remotely access State Department computer systems.

73. SOHAIB AKHTER led the conspiracy, organized the intrusion to install the physical device, recruited coconspirators to assist in execution of the intrusion, and managed the execution of the intrusion.

74. MUNEEB AKHTER provided technical assistance to SOHAIB AKHTER for the unauthorized access. MUNEEB AKHTER programmed the physical device, known as a “gumstix,” so that it would collect data from State Department computers and transmit it wirelessly to computers controlled by MUNEEB AKHTER and SOHAIB AKHTER and coconspirators.

75. On the day the scheme was executed, UCC-1 transported materials, including the gumstix, from MUNEEB AKHTER, located at the AKHTER residence, to SOHAIB AKHTER, located at SA-17.
78. In or about October 2014, SOHAIB AKHTER was hired by ActioNet to perform contract work for the State Department at both ActioNet offices in Falls Church, Virginia, and Bureau offices in Washington, DC.

79. Beginning on or about February 12, 2015, and continuing thereafter until on or about February 19, 2015, in Falls Church, Virginia, in the Eastern District of Virginia, and elsewhere, SOHAIB AKHTER, while employed at ActioNet, accessed the Lockbox database without authorization. .

80. Between on or about February 12, 2015, and on or about February 19, 2015, SOHAIB AKHTER conducted approximately 119 searches for U.S. passport records using the Passport Lockbox Lookup report. He accessed personal passport information for approximately 62 different individuals, including: G.R., a DHS special agent investigating the crimes alleged in this Indictment; UCC-1; A.I.; A.M., the CEO of Victim Company 2; and himself. In addition, SOHAIB AKHTER attempted to access passport information for S.T., a DHS special agent investigating the crimes alleged in this Indictment.

82. In or about February 2015, SOHAIB AKHTER viewed and copied from State Department computer systems the personal passport information associated with several individuals, including DHS Special Agent G.R.

83. In or about March 2015, MUNEEB AKHTER told UCC-1 that he and SOHAIB AKHTER stored the personal passport information that SOHIAB AKHTER removed from State Department systems on an external hard drive. MUNEEB AKHTER told UCC-1 that Special Agent G.R.’s information would be valuable to criminals on the “dark net” and that he was considering selling the information.

84. In or about February 2015, SOHAIB AKHTER downloaded several programs to a State Department computer. These programs included malicious software, or malware, which SOHAIB AKHTER hoped would enable him to access State Department computers remotely.

85. In or about February 2015, SOHAIB AKHTER told UCC-1 that if he was able to gain remote access to State Department computer systems, he could: access information on individuals’ passport applications; access and unilaterally approve visa applications without State Department authorization in exchange for payment; and create passports and visas and sell them on the “dark net.”

86. On or about February 15, 2015, SOHAIB AKHTER called UCC-1 and asked him to buy a drill. UCC-1 purchased the drill and then, pursuant to SOHAIB AKHTER’s request, drove to the AKHTER residence to pick up additional items from MUNEEB AKHTER. At the AKHTER residence, in Springfield, Virginia, in the Eastern District of Virginia, MUNEEB AKHTER told UCC-1 that he was programming a SD card, which was later to be inserted into the gumstix. MUNEEB AKHTER gave UCC-1 a bag containing a screwdriver, tape, glue, and the gumstix. Pursuant to SOHAIB AKHTER’s request, UCC—l drove to SA-17, in Washington, DC, and delivered the bag and items to SOHAIB AKHTER outside SA-17. Later that day, MUNEEB AKHTER drove separately to Washington, DC, and delivered the SD card to SOHAIB AKHTER.

87. On or about the evening of February 15, 2015, SOHAIB AKHTER called MUNEEB AKHTER and told him that he attempted to install the gumstix behind a wall inside SA-17 but was ultimately unsuccessful.

88. On or about February 19, 2015, SOHAIB AKHTER sent an email from his State Department email account to the email address containing lines of code and headers for State Department servers.


We’re not sure reading this if the intrusion was done on the State Department’s Travel Document Issuance System (TDIS) which includes information from U.S. citizens and nationals applying for passports, other Department of State computer systems, passport acceptance agents, the Social Security Administration, the lockbox provider (CITIBANK), passport specialists, and fraud prevention managers, or, if the intrusion occurred on the Passport Information Electronic Records Systems (PIERS), or wait … the motherload, the Consular Consolidated Database (CCD) The Passport Lockbox program cited in the indictment is vague; it’s not a system of record according to the State Department’s System of Records Notices.  But the indictment identifies it as a State Department database. Could this be in reference to the Citibank® Lockbox Services? That is a high-speed processing environment and image-based platform for receivables management, advanced reporting and image inquiry used by the State Department to enable the scanning of applications, extraction of applicant photos received at lockbox locations and storing and batching of images.

Note that #69 of the indictment also alleges “a series of computer intrusions and attempted computer intrusions against the State Department to obtain sensitive passport and visa information;” does that mean the targeted system was the CCD?  The CCD provides access to passport data in Travel Document Issuance System (TDIS), Passport Lookout Tracking System (PLOTS), and Passport Information Electronic Records System (PIERS).  As of December 2009, the CCD also contains over 100 million visa cases and 75 million photographs, utilizing billions of rows of data, and has a current growth rate of approximately 35 thousand visa cases every day.

By the way, one of the brothers was a contract employee assigned to a position at the State Department as a Tier II Application Support Resource in the Data Engineering and Data Management Program within the CA Bureau from October 2014 to in or about February 2015 (#63).  In November 2014, the State Department suffered some “technical difficulties.” See State Dept Re-attached to the Internet, and About Those “Unrelated” Embassy Outages; State Department’s “Technical Difficulties” Continue Worldwide, So What About the CCD?

Was it just a coincidence that a master of the universe hacker was working at the State Department at the time when the agency’s systems were having technical difficulties?

Or were the Akhter twins the “technical difficulties”?





When the Boss Is Last to Know: Chaffetz Snoops at the Secret Service

Posted: 1:06 pm EDT


The Department of Homeland Security Inspector General has completed its independent investigation into allegations that one or more Secret Service agents improperly accessed internal databases to look up the 2003 employment application of Congressman Jason Chaffetz, Chairman of the House Committee on Oversight and Government Reform. The Inspector General has confirmed that between March 24 and April 2, 2015, on approximately 60 different occasions, 45 Secret Service employees accessed Chaffetz’ sensitive personal information. The OIG concluded that only 4 of the 45 employees had an arguable legitimate need to access the information.

Here is the IG’s conclusion:

This episode reflects an obvious lack of care on the part of Secret Service personnel as to the sensitivity of the information entrusted to them. It also reflects a failure by the Secret Service management and leadership to understand the potential risk to the agency as events unfolded and react to and prevent or mitigate the damage caused by their workforce’s actions.

Screen Shot 2015-09-30

via dhs/oig

All personnel involved – the agents who inappropriately accessed the information, the mid-level supervisors who understood what was occurring, and the senior leadership of the Service – bear responsibility for what occurred. Better and more frequent training is only part of the solution. Ultimately, while the responsibility for this activity can be fairly placed on the shoulders of the agents who casually disregarded important privacy rules, the Secret Service leadership must do a better job of controlling the actions of its personnel. The Secret Service leadership must demonstrate a commitment to integrity. This includes setting an appropriate tone at the top, but more importantly requires a commitment to establishing and adhering to standards of conduct and ethical and reasonable behavior. Standards of conduct and ethics are meaningful only if they are enforced and if deviations from such standards are dealt with appropriately.

It doesn’t take a lawyer explaining the nuances of the Privacy Act to know that the conduct that occurred here – by dozens of agents in every part of the agency – was simply wrong. The agents should have known better. Those who engaged in this behavior should be made to understand how destructive and corrosive to the agency their actions were. These agents work for an agency whose motto – “worthy of trust and confidence” – is engraved in marble in the lobby of their headquarters building. Few could credibly argue that the agents involved in this episode lived up to that motto. Given the sensitivity of the information with which these agents are entrusted, particularly with regard to their protective function, this episode is deeply disturbing.

Additionally, it is especially ironic, and troubling, that the Director of the Secret Service was apparently the only one in the Secret Service who was unaware of the issue until it reached the media. At the March 24th hearing, he testified that he was “infuriated” that he was not made aware of the March 4th drinking incident. He testified that he was “working furiously to try to break down these barriers where people feel that they can’t talk up the chain.” In the days after this testimony, 18 supervisors, including his Chief of Staff and the Deputy Director, were aware of what was occurring. Yet, the Director himself did not know. When he became aware, he took swift and decisive action, but too late to prevent his agency from again being subject to justified criticism.

Read the full report here. Check out Appendix 1 for the chronological access to the Chaffetz record which includes multiple field offices, including the London office. Appendix 2 is the timeline of record access.

We can’t remember anything like this happening in the recent past.  There was the 1992 passportgate, of course, which involves a presidential candidate, but that’s not quite the same. In 2009, the DOJ said that a ninth individual pleaded guilty for illegally accessing numerous confidential passport application files, although it was for what’s considered “idle curiosity.”

Whether the intent of the Chaffetz record breach was to embarrass a sitting congressman or curiosity (not everyone who looked at the files leak it to the media), the files are protected by the Privacy Act of 1974, and access by employees is strictly limited to official government duties. Only 4 of the 45 employees who did access the Chaffetz records had a legitimate reason to access the protected information. If the DOJ pursued 9 State Department employees for peeking at the passport records of politicians and celebrities, we can’t imagine that it could simply look away in this case. Particularly in this case.  Winter is definitely coming to the Secret Service.



Federal Employees With Stolen Fingerprints From OPM Breach – Now Up to 5.6 Million

Posted: 12:05 pm EDT
Updated: 6:39 pm PDT



Here is the official statement from OPM dated September 23, 2015:

As part of the government’s ongoing work to notify individuals affected by the theft of background investigation records, the Office of Personnel Management and the Department of Defense have been analyzing impacted data to verify its quality and completeness.  During that process, OPM and DoD identified archived records containing additional fingerprint data not previously analyzed.  Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million.  This does not increase the overall estimate of 21.5 million individuals impacted by the incident.  An interagency team will continue to analyze and refine the data as it prepares to mail notification letters to impacted individuals.

Federal experts believe that, as of now, the ability to misuse fingerprint data is limited.  However, this probability could change over time as technology evolves.  Therefore, an interagency working group with expertise in this area – including the FBI, DHS, DOD, and other members of the Intelligence Community – will review the potential ways adversaries could misuse fingerprint data now and in the future.  This group will also seek to develop potential ways to prevent such misuse.  If, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach.

As we have stated previously, all individuals impacted by this intrusion and their minor dependent children (as of July 1, 2015) are eligible for identify theft and fraud protection services, at no cost to them.  In conjunction with the Department of Defense, OPM is working to begin mailing notifications to impacted individuals, and these notifications will proceed on a rolling basis.

OPM and our partners across government are working to protect the safety and security of the information of Federal employees, service-members, contractors, and others who provide their information to us. Together with our interagency partners, OPM is committed to delivering high-quality identity protection services to impacted individuals. The interagency team will continue to review the impacted data to enhance its quality and completeness, and to monitor for any misuse of the data. The U.S. Government will continue to evaluate the coverage being provided and whether any adjustments are needed in association with this incident.

Sigh. Grrr. Sigh. Grrr. Sigh. Grrr. Sigh. Grrr.






@StateDept Officials on Clinton Private Email Debacle: Yo! Had Been Caught Off Guard? Ay, Caramba!

Posted: 11:25 am EDT



Excerpt below with annotation:

“When we were asked to help the State Department make sure they had everything from other secretaries of state, not just me, I’m the one who said, ‘Okay, great, I will go through them again,’ ” Clinton said Sunday on CBS’s “Face the Nation.” “And we provided all of them.”

But State Department officials provided new information Tuesday that undercuts Clinton’s characterization. They said the request was not simply about general rec­ord-keeping but was prompted entirely by the discovery that Clinton had exclusively used a private e-mail system. They also said they *first contacted her in the summer of 2014, at least three months before **the agency asked Clinton and three of her predecessors to provide their e-mails.
She has said repeatedly that it was “permitted” by the State Department and widely known in the Obama administration.

But the early call from the State Department is a sign that, at the least, officials in the agency she led from 2009 to 2013 were concerned by the practice — and that they had been caught off guard upon discovering her exclusive use of a private account.

***In the spring and summer of 2014, while it was in the process of trying to find records sought by the newly formed House Select Committee on Benghazi, the State Department’s congressional affairs office found Clinton’s personal e-mail address listed on a few records in a batch of Benghazi documents but no government e-mail account for her.

“We realized there was a problem,” said a State Department official who until that moment had not been aware of Clinton’s private e-mail setup. The official, like some others interviewed for this story, spoke on the condition of anonymity because of the sensitive nature of the case.

The agency is releasing those e-mails in batches, in accordance with a court order stemming from a public-records lawsuit.

The issue has led to frustrations within the State Department in recent months, as some officials have grown tired of having to answer for a political controversy not of their making, according to three senior officials.


Ay, caramba!

If the State Department had first contacted her in the summer of 2014, we have yet to see that correspondence. It was potentially sent sometime in August 2014, three months before the letters to Clinton and predecessors went out in November 12, 2014 from “M” (see below).  Three months is an early call?  C’mon! Secretary Clinton left State in February 2013.

As to the notion that officials had been “caught off guard” upon discovering her exclusive use of a private account, do spin doctors seriously expect us to buy this on a double discount?

The NYT broke the news that Secretary Clinton exclusively used a personal email account to conduct government business as secretary of state on March 2, 2015.

It took six months for three senior State Department officials to tell WaPo that they “had been caught off guard” by the secretary of state’s exclusive use of a private account?  These officials “were concerned by the practice”, so much so that they issued a three month-“early call” in the summer of 2014, 1 year and 6 months after the end of the Clinton tenure.  And we’re only hearing about this concern now, 2 years and 7 months after Secretary Clinton left office? Yeah.

Dates of note:

December 11, 2012: NARA Chief Records Officer Paul M. Wester Jr. Email to NARA’s Margaret Hawkins and Lisa Clavelli on how they “should delicately go about learning more” about the transition plans for Secretary Clinton’s departure from State. Concerns that “there are or maybe plans afoot to taking her records from State to Little Rock.” Invokes the specter of the Henry Kissinger experience vis-a-vis Hillary Clinton (view email in pdf). So there were discussions within NARA about the Clinton records as early as December 2012. It appears that NARA’s main contact (pdf) at State is Margaret P. Grafeld, the Deputy Assistant Secretary for Global Information Services (A/GIS).It should be interesting to see how or when the Clinton federal records were discussed between NARA and State.

* August 28, 2014: State Department U/S for Management sends memo to department principals on Senior Officials’ Records Management Responsibilities (view memo pdf). See State Department issued instructions for Preserving Email of Departing Senior Officials (view memo p.13 pdf)

** November 12, 2014Letter to Hilary Clinton’s representative, Cheryl Mills re: the Federal Records Act of 1950, November 12, 2014; to Colin Powell, to Condoleezza Rice; to Madeleine Albright;

*** August 11, 2014: The State Department sends its first group of documents to the new Select Benghazi committee, a partial response to a previous subpoena. The production contains a few — less than 10 — emails either to or from Clinton. Committee staffers notice immediately that the emails are from a previously unseen address, Meanwhile, the committee presses State to meet its legal obligation to fully respond to the pair of subpoenas originally issued in August 2013. (Via Washington Examiner)