Grassley, Tillis Press Biden Admin on DHS Data Breach at Jordanian, Russian Embassies

WASHINGTON – Sens. Chuck Grassley (R-Iowa) and Thom Tillis (R-N.C.) are pressing the Department of Homeland Security (DHS) about a recently uncovered data breach and fraud case involving foreign nationals employed at U.S. embassies in Jordan and Russia stealing refugee case information and selling it for profit.

 

The employees were hired as “foreign service nationals” by the U.S. Citizenship and Immigration Service (USCIS) to help process asylum requests. For years, these individuals flew beneath the radar of federal authorities, accessing, stealing and selling hundreds of case files involving applicants for U.S. refugee status. The stolen material was then used to help other potential refugee applicants game the application system. They hid their activities by tapping into an older, less secure version of a State Department database that was not removed when newer systems with enhanced security features were installed in 2013. Their fraud was exposed when the database was finally updated in 2019. The years-long security breach leaves significant questions about what steps DHS has taken to remedy these vulnerabilities and assess any related security threats that may arise from the sale of stolen information.

 

In a letter to DHS Secretary Alejandro Mayorkas, Grassley and Tillis ask what steps the agency has taken to prevent this from happening again, and what assessments or investigations have been conducted to determine the risk to both the U.S. immigration system and those whose sensitive data was stolen.

 

Full text of the letter from Grassley and Tillis follows or can be found HERE.

 

March 1, 2021

 

The Honorable Alejandro Mayorkas

Secretary

Department of Homeland Security

 

Dear Secretary Mayorkas:

 

We write to request details regarding the Department of Homeland Security’s response to a recently uncovered fraud case and data breach involving U.S. Citizenship and Immigration Services (USCIS) personnel at embassies in Jordan and Russia. 

 

According to the Department of Justice, on January 26, 2021, Haitham Sad, a Jordanian citizen who formerly worked as an Immigration Assistant for USCIS at the U.S. Embassy in Amman, Jordan, pleaded guilty to conspiracy to steal U.S. government records and defraud the U.S. refugee program.[1]  Mr. Sad admitted that his crimes were part of a broader fraud scheme that involved Aws Abduljabbar, an Iraqi living in Amman, and Olesya Krasilova, a Russian citizen formerly employed as an Immigration Assistant at the USCIS field office in the U.S. Embassy in Moscow.[2]

 

Sad and Krasilova, both of whom were employed as “foreign service nationals” or “locally employed staff” of USCIS, used their access to a State Department database called the Worldwide Refugee Admissions Processing System (WRAPS) to steal highly confidential information about U.S. refugee applicants.[3]  They then sent the information to Abduljabbar in Jordan, who used the information to assist applicants who were seeking admission to the United States under the U.S. Refugee Admissions Program.[4]  According to news reports, “[h]aving access to the case files from successful applications gave the fraudsters a template to help others craft their own applications, cutting out information that had sunk others and highlighting the factors that had worked in previous cases.”[5]  As a former chief of policy at USCIS put it, the narratives of successful applicants were repurposed for other applicants.[6]

 

These data breaches appear to have continued undetected for nearly a decade.  Sad stated that he worked to obtain the information from the WRAPS database for “around eight years.”[7]  He also admitted that he was able to access information on at least 270 Iraq cases after his employment by USCIS ended in January 2016.[8]  Between 2016 and 2019, Krasilova allegedly accessed nearly 600 unique cases through the WRAPS system.[9]  Furthermore, during a four month span between October 2018 and February 2019, Krasilova took more than 700 pieces of confidential information.[10]  She emailed screenshots from her USCIS email account to her personal email account and, from there, sent them to Sad, who forwarded them to Abduljabbar.  In all, Krasilova received more than $20,000 in compensation for providing the information to Sad and Abduljabbar.[11]  In 2019, Krasilova also attempted to recruit other foreign service nationals working for USCIS to participate in the conspiracy, though it is unclear whether those efforts were successful.[12]

 

According to reports, Sad and Krasilova were able to fly beneath the radar and avoid detection for an extended period of time because, when a new version of the WRAPS system with enhanced tracking and security features was installed in 2013, the older system that did not have the security features remained active.  The WRAPS system is managed by the State Department’s Refugee Processing Center.[13]  Sad and Krasilova continued to use the older system to access the sensitive data, and as a result, they successfully avoided detection until the older system was updated in mid-2019 with new features that exposed their illegal activities.  That was approximately six years after the newer system had first been installed.[14]

 

            This fact pattern raises many serious questions, not only because of the sensitive nature of the data stolen, but also because the theft could have seemingly been prevented by simple, common sense measures such as checking for security vulnerabilities.  As members of the Judiciary Committee, we are responsible for ensuring that U.S. immigration laws, including U.S. refugee laws, are properly enforced.  We must also ensure that proper safeguards are in place to prevent foreign adversaries from obtaining access to confidential government records.  Accordingly, please answer the following no later than March 15, 2021.

 

1.      Please describe the steps DHS has taken to identify individuals with ties to Mr. Aws Abduljabbar who have also applied for U.S. refugee status.

 

2.      If DHS has identified any such individuals, please describe the steps taken to re-evaluate those individuals’ refugee applications and hold anyone accountable who knowingly provided false information or knowingly relied on stolen information when preparing their applications.

 

3.      Please describe all steps DHS has taken to identify and notify individuals in the U.S. immigration system whose personal information may have been breached and disseminated without their consent as a result of this fraud scheme.

 

4.      Does DHS believe there is a security risk for individuals whose information may have been breached and disseminated without their consent?

 

5.      How many foreign service nationals or locally employed staff are currently employed by USCIS at U.S. embassies?

 

6.      Please describe the procedures that USCIS uses to vet these individuals and ensure that they do not pose a security risk prior to making offers of employment.

 

7.      Please describe the levels and types of access provided to foreign service nationals or locally employed staff employed by USCIS at U.S. embassies.

 

8.      Has USCIS re-evaluated the level of access granted to foreign services nationals or locally employed staff in light of this case?  Please describe any policy changes that have been considered and/or implemented as a result.

 

9.      Were the procedures outlined in response to question 6 followed for Mr. Sad and Ms. Krasilova when they first applied to work for USCIS?  Please provide copies of their original applications and records of all background checks completed prior to their offers of employment.

 

10.  Has USCIS conducted an investigation to determine whether any other embassy personnel were involved in or aware of the fraud scheme orchestrated by Mr. Abduljabbar?  If yes, please describe the results of the investigation and describe any employment actions taken as a result.  If USCIS has not undertaken such an investigation, please explain why not.

 

11.  Has USCIS conducted an investigation to determine why the original WRAPS system was not deactivated when a new system was installed in 2013? 

 

12.  Has USCIS undertaken an investigation to determine how Mr. Sad was able to continue to access the WRAPS system after he was no longer associated with USCIS?  What steps has USCIS taken to ensure that former embassy employees who do not have a need for access are unable to access USCIS and State Department computer systems?

 

We anticipate that your written reply and most responsive documents will be unclassified. Please send all unclassified material directly to the committee. In keeping with the requirements of Executive Order 13526, if any of the responsive documents do contain classified information, please segregate all unclassified material within the classified documents, provide all unclassified information directly to the committee, and provide a classified addendum to the Office of Senate Security. Although the committee complies with all laws and regulations governing the handling of classified information, it is not bound, absent its prior agreement, by any handling restrictions. 

 

Should you have questions, please contact Daniel Parker or Drew Robinson of Ranking Member Grassley’s staff at 202-224-5225 or Seth Williford of Senator Tillis’s staff at 202-224-6342.  Thank you for your attention to this important matter. 

 

Sincerely,

 

-30-

---