Investigation reveals widespread insider hacking at immigration agency

Breaches at Texas Service Center before 2008 raise national security concerns and highlight vulnerability of citizenship data.

A yearlong probe into computer fraud at an immigration application processing center uncovered multiple incidents of internal hacking where staff accessed management-level emails and other confidential files, according to Homeland Security Department interviews, network analyses and internal emails obtained by Nextgov.

The investigation began in January 2008, when officials at U.S. Citizenship and Immigration Services, which is part of Homeland Security, reported to the department's inspector general that numerous personnel had violated federal security rules at the agency's Texas Service Center, one of four regional centers that handle a variety of immigration-related petitions and applications. According to the materials obtained, employees and supervisors abused system logon privileges, gained unauthorized access in some instances and then allegedly sabotaged audit logs to leave behind no traces of their illicit activities. IG papers list the redacted names of 17 subjects of the investigation, all of whom were information technology specialists.

The evidence of breaches at the center is the latest revelation of insider threats at USCIS. With their ill-gotten access rights, the Texas personnel were capable of, for example, granting citizenship rights, as well as reading files containing sensitive information on contract awards, immigration reform or other policy formulations, say former USCIS IT officials there at the time.

Federal agents located so-called hackware in several computer drives -- software that lets users intercept business information passing through the agency's network, according to one investigative analysis signed in March 2008.

In another instance, a staffer in a position of authority asked for the logins and passwords of all software and systems at the service center, which would have granted that person unauthorized access to all goings-on at the facility.

A Nov. 27, 2007, email from the manager with the subject line: "FW: TSC Logins and passwords." The body of the email stated: "I will need the administrator password for every piece of hardware in the TSC that requires a password. I will also need the administrator password for any enterprise type software that has an administrator password." The manager then said, "Please do not send them in e-mail unless you encrypt the text file" -- or scramble the data to render it unreadable. "You can call me to provide the encryption password."

Federal computer fraud laws prohibit the unauthorized use of administrator passwords, the former IT managers said.

Separately, an employee told agents that a few federal IT specialists had acquired prohibited codes for reading other center employees' emails -- authorizations dubbed "God rights," according to an interview report signed February 2008. The employee "related that [Texas Service Center] IT employees should not have had enterprisewide rights (commonly referred to as 'God' rights) because it was a restricted administrative status that was reserved for CIS [Office of Information Technology] upper management," the write-up stated.

The U.S. Attorney's Office for the Northern District of Texas declined to criminally prosecute the subjects of the investigation for computer fraud, according to the inspector general materials obtained.

An IG memo stamped Oct. 1, 2008, stated the final investigation was delivered to Jan Lane, chief of the USCIS Office of Security and Integrity, so the agency could take whatever disciplinary action it deemed appropriate.

Agency officials would not comment on the outcome of the case, and Lane no longer works there. They said in a statement, "USCIS demands that our employees maintain the highest ethical standards. When allegations of misconduct are made, USCIS takes immediate action to protect the integrity of the workplace and to ensure that the facts are investigated fully. USCIS is committed to taking full and appropriate disciplinary action against any employee who is found to have violated our standards."

In recent years, there have been a number of documented cases where employees or contractors tampered with secure IT systems. Government investigators have warned the agency could become more vulnerable to insider threats because designs for a current IT overhaul do not include protections against such activities.

For example, a 2008 serious incident report obtained by Nextgov shows USCIS officials discovered internal wrongdoing at a Vermont processing center. The records show that employees within the Fraud Detection and National Security Directorate -- hired to ensure dangerous individuals are not accorded legal status -- hooked up a nongovernment computer to an external Internet connection, potentially allowing them to import or export data for committing identity theft.

More recently, a former USCIS contractor was sentenced to five and a half years in jail for falsifying files to help illegal immigrants receive "legal" passports. Justice Department officials announced the punishment in late May, after Richard Abapo Quidilla, 39, of Pico Rivera, Calif., pled guilty to computer fraud, among other charges. He deleted the names, birth dates and other personal data of naturalized citizens in a secure database and substituted the corresponding information of illegal immigrants, according to federal district court papers.

The agency could open itself up to greater risk of insider wrongdoing due to poor planning for an ongoing $2.4 billion project to automate immigration paperwork, IG officials reported in January. USCIS Transformation, the online system that is supposed to improve fraud detection, is missing controls to prevent internal hacking, according to the audit.

Frank Deffer, assistant IG for information technology audits, wrote that based on a "review of the requirements for fraud detection and national security issues, it appears there are no requirements to address insider threats" to Transformation. "Insiders at USCIS have perpetrated fraud in the past" and internal staff "are capable of granting legal residency or citizenship status to someone who poses a national security risk to the United States," he added.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.