VISA-FRAUD SYSTEM 'BIT OF A JOKE', Security
didn't even bother to do anti-virus scanning, 9/8/18, WND.
America is relying on an old and
neglected computer system to ferret out terrorist threats that is “a bit
of a joke,” according Washington watchdog Judicial
Watch.
Citing a recent government oversight report, Judicial Watch said
the State Department branch “responsible for spotting visa and passport
fraud fails to practice basic security protocols, leaving the nation extremely
vulnerable to foreign threats,”
For example, the machines in the system
are outdated, monitor poorly and fail to protect data. Employees fail to
perform basic security scans, even though the “monstrous agency” has a $37 billion
annual budget.
Judicial Watch said the report
“documents the alarming inefficiencies in a decades-old system – Bureau of
Consular Affairs Fraud Prevention Program (CA/FPP) – used by the State
Department to determine if foreigners seeking U.S. visas are being candid about
their identity and where they have traveled.”
“The goal is to oversee and coordinate
the integrity of U.S. visa and citizenship processes by stopping fraud in the
visa and passport system, a crucial tool to protect national security.” But the
“incredible lapses” that the report from the Office of Inspector General
documented expose the security team as “a bit of a joke.”
“The team doesn’t even bother to patch
the system, scan it for computer viruses or audit for evidence of breaches or
compromises by hackers. In short, the State Department consular division
ignores basic information security practices in this essential program used to
screen potential threats,” Judicial Watch said.
“Nearly two decades after the worst
terrorist attack on American soil, this is incredibly disturbing.” The OIG
found deficiencies that included shared passwords and lack of access control
lists or visitor logs, and there’s no effort to “perform regular patch
management or anti-virus scanning.”
“It gets better, or rather, more
enraging,” Judicial Watch said. “The OIG found that no one monitors the server
and the State Department doesn’t keep adequate logs of who accesses the
information on the database. In fact, a SharePoint site established by the
agency a decade ago to track ‘possible consular malfeasance’ has never even
been examined.”
Further, no one ever had checked whether
the system contained information beyond that system’s security authorization.
And while there could have been breaches of the system, no one will ever know.
The OIG report was based on 178
interviews and 224 questionnaires from consular offices in the field as well as
54 from agency workers domestically. The primary goal, the report said, should
be for “the Bureau of Consular Affairs [to] implement a website content
management process for the Office of Fraud Prevention Programs that includes a
dedicated team responsible for the regular updating of website content.”
There also are federal standards for
security that should be used. “This is the same agency that allowed Hillary
Clinton to traffic highly classified information on an unsecure, personal email
server,” Judicial Watch pointed out.
Norb Leahy, Dunwoody
GA Tea Party Leader
No comments:
Post a Comment