— Domani Spero
[twitter-follow screen_name=’Diplopundit’ ]
We’ve blogged about the outages at overseas posts yesterday (see State Department’s “Technical Difficulties” Continue Worldwide, So What About the CCD?). On November 17, US Embassy Albania’s internet connection was down and US Embassy London could not accept credit card payments and its online forms for visa and passport inquiries were not working. US embassies in Moscow, Madrid, Manila, Beirut, Ankara, Cameroon, Oslo and Astana tweeted that they were “experiencing technical difficulties that may result in delays in visa processing.”
Unofficial sources tell us that State Department employees are now able to send email outside the Dept but still no Internet access. The Department’s mobile access site GO (go.state.gov) and Web PASS (Web Post Administrative Software Suite Explorer) are both still offline.
What’s WebPASS? via WebPASS Privacy Impact Assessment (2009):
WebPASS Explorer (“WebPASS”) is a suite of business applications used by overseas posts to administer a variety of internal activities. Some but not all applications under WebPASS collect and maintain personally identifiable information (PII) about post employees, their family members, and visitors. WebPASS is web-enabled and operates within the confines of OpenNet, the Department’s sensitive but unclassified (SBU) network.
The main application is Web Post Personnel (Web.PS), which is a database of the American employees (AEs), their dependents, and Locally Employed Staff (LES). Whereas the official record for an AE employee is maintained in Washington, DC, the Web.PS database supports local personnel-related tasks. Its LES-related features support personnel actions for LES staff directly hired at the post such as intake, assignments, transfers, grade increases, and terminations.
After an AE or LES staff is established in Web.PS, some of their basic identifiers (e.g., name, employee type, office) may be pulled electronically into other WebPASS applications that support separate functions such as motor pool operations, residency in government-held real property, and distribution of pharmaceutical medications.
The most sensitive unique identifier in WebPASS is the record subject’s SSN, which is stored in Web.PS.
Hey, if Professor Boyd, the American ambassador’s husband in Homeland had access to WebPASS, he could have saved himself some sneaking around just to discover (and tamper) with Carrie’s medication!
In any case, on November 18, the State Department spokesman Jeff Rathke was asked about the recent reported hacking and the outages at our embassies. The official word seems to be that these outages at ten posts (maybe more, but those posts have not tweeted their technical difficulties) are separate, unconnected, unrelated or [insert preferred synonym] to the “technical difficulties” at Main State. Simply put, you folks stop racking your brains with suspicions, these outages are simply, and purely coincidental.
Of course, coincidences happen every day, but the more I watch these official press briefings, the less I trust coincidences.
MR. RATHKE: Yes, Lara, please.
QUESTION: Everybody’s favorite topic. You had talked yesterday from the podium about how the – it’s only the unclassified email systems at the State Department that was affected by this most recent data breach that prompted the suspension of – sorry, I’ve got suspended on my mind – (laughter) – but that prompted the shutdown over the weekend. But there’s been some suggestions that some of the missions and embassies and consulates have had some problems or could have some problems with processing passports or visas.
MR. RATHKE: No.
QUESTION: No? Not at all?
MR. RATHKE: No, no. These are unconnected. I mean, we have a separate system that deals with those types of consular issues – passports, visas, and so forth. Now there may be other technical issues that have arisen in one place or another. Is there a specific —
QUESTION: Yeah. Embassy Beirut, I think, had to —
MR. RATHKE: Yeah. No, that’s unrelated to the outage that we’ve had here.
QUESTION: Well, what’s going on in Embassy Beirut, then?
MR. RATHKE: Well, I don’t have the specifics, but it’s a separate issue. And I – from what I understand, they were able to continue doing their operations today, so it was not any major impediment.
I can give you an update, though, on the outage. I can report that our external email services from our main unclassified system are now operating normally, and for those who feel they are tethered to their Blackberries, they are once again, because the Blackberry service is working. So our unclassified external email traffic is now normal, so we’ve had some progress since yesterday’s discussion. So much of it is now operational. Much of our systems that had connectivity to the internet are now operational. We have a few more steps that’ll be taken soon to reach full restoration of our connectivity.
QUESTION: But just to clarify, no consular services, no client-based services —
MR. RATHKE: That’s a separate —
QUESTION: — have been affected by this outage?
MR. RATHKE: No, not to my knowledge. That’s – those are separate.
QUESTION: Do you have internet access from the unclassified system now?
MR. RATHKE: No, we are not – we do not have internet access at this stage. That will be restored soon, we expect. Sorry, yes?
QUESTION: Anything else major that you don’t have now?
MR. RATHKE: No. No, I think that’s mainly it. But it – this has not stopped us from doing our work, so —
QUESTION: The classified system never went down, correct?
MR. RATHKE: No, it was never affected at any point. So as mentioned yesterday, that hasn’t changed. It was not affected.
Congress remains more than interested:
The State Department’s Reluctance To Disclose Hacking Unsettles Lawmakers http://t.co/U7aMBQm3Ky via @Aliya_NextGov
— Defense One (@DefenseOne) November 18, 2014
And now the FBI is wading into the breaches:
FBI probes State and USPS computer breaches said to bear signs of spying http://t.co/TKIOwhc9ms
— Diplopundit (@Diplopundit) November 18, 2014
* * *