Posts Tagged ‘Chinese intelligence services’

EU Worried About Huawei Sending Data Back To China

December 7, 2018
.
.
The EU’s technology commissioner has sounded the alarm over Huawei’s possible links to security services in China. The tech giant immediately expressed its disappointment over the allegations.

.

The European Union should be worried about technology giant Huawei cooperating with Chinese intelligence services to compromise the bloc’s security and industry, the EU’s technology commissioner advised on Friday.

.

Andrus Ansip warned Chinese tech companies could be cooperating with the state’s intelligence agencies or adding “back doors” to their systems to allow spies access to EU secrets.

“Do we have to be worried about Huawei or other Chinese companies? Yes I think we have to be worried,” he told a news conference in Brussels.

Ansip added Huawei-designed chips could be used by Chinese security services “to get our secrets.”

His remarks come 6 days after Huawei’s Chief Financial Officer Meng Wanzhou was arrested in Canada on suspicion of involvement in the evasion of sanctions.

The Chinese tech giant immediately rejected “any allegation” that it might pose a security threat.

“Huawei has never been asked by any government to build any backdoors or interrupt any networks, and we would never tolerate such behavior by any of our staff,” Huawei said in a statement.

EU Technology Commissioner Andrus Ansip speaks at an event in Hamburg, Germany

EU Technology Commissioner Andrus Ansip speaks at an event in Hamburg, Germany

https://www.dw.com/en/huawei-could-give-chinese-spies-our-secrets-eu-fears/a-46631615

*********************************************

 

EU commissioner: ‘We have to be worried’ about Huawei

Andrus Ansip talks tough on Chinese telecom vendors.

European Commission Vice President Andrus Ansip said on Friday that Europe should be worried about Chinese telecom vendors like Huawei due to growing concerns about cybersecurity risks.

“I think we have to be worried about these companies,” Ansip, who deals with digital issues at the Commission, said of Huawei and other Chinese telecom companies at a news conference, in unusually strong terms for a top EU official.

“They have to cooperate with their intelligence services. This is about mandatory backdoors. I was always against having those mandatory backdoors,” he said, adding: “[It is] about chips they can put somewhere to get our secrets.”

The Chinese company is under renewed scrutiny after its Chief Financial Officer Sabrina Meng was arrested in Canada Saturday.

“We don’t know exactly what the reason was to arrest somebody in Canada,” Ansip said, but added:” It’s not a good sign when companies have to open their systems for some kind of secret services.”

“As normal ordinary people, of course we have to be afraid,” he said.

European Commission officials think Huawei’s dominance of the telecom vendor space is threatening Europe’s strategic autonomy and long-term security, according to an internal document reported earlier by POLITICO.

“We categorically reject we are a threat to national security,” a spokesperson for Huawei said. “Can anyone in the U.S., in Canada, in Belgium or anywhere else show us any proof [of backdoors]?”

“Huawei has never been asked and would never provide … espionage to any government,” the spokesperson said.

“Let’s treat cybersecurity as a technical issue so we can work together to secure networks. Not politicize it,” the spokesperson added. “We don’t want to be singled out because we’re Chinese.”

https://www.politico.eu/article/ansip-we-have-to-be-worried-about-huawei/

Advertisements

China Put Hacked Software Inside Computers for Sale to The U.S. — Plus Hardware Implants

October 10, 2018

New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom

The discovery shows that China continues to sabotage critical technology components bound for America.

 Updated on 
Bloomberg
What Is Known So Far About China’s Cyber Attack on the U.S.

A major U.S. telecommunications company discovered manipulated hardware from Super Micro Computer Inc. in its network and removed it in August, fresh evidence of tampering in China of critical technology components bound for the U.S., according to a security expert working for the telecom company.

The security expert, Yossi Appleboum, provided documents, analysis and other evidence of the discovery following the publication of an investigative report in Bloomberg Businessweek that detailed how China’s intelligence services had ordered subcontractors to plant malicious chips in Supermicro server motherboards over a two-year period ending in 2015.

Image result for Yossi Appleboum, photos
Yossi Applebaum (Inset)

Appleboum previously worked in the technology unit of the Israeli Army Intelligence Corps and is now co-chief executive officer of Sepio Systems in Gaithersburg, Maryland. His firm specializes in hardware security and was hired to scan several large data centers belonging to the telecommunications company. Bloomberg is not identifying the company due to Appleboum’s nondisclosure agreement with the client. Unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the server’s Ethernet connector, a component that’s used to attach network cables to the computer, Appleboum said.

The executive said he has seen similar manipulations of different vendors’ computer hardware made by contractors in China, not just products from Supermicro. “Supermicro is a victim — so is everyone else,” he said. Appleboum said his concern is that there are countless points in the supply chain in China where manipulations can be introduced, and deducing them can in many cases be impossible. “That’s the problem with the Chinese supply chain,” he said.

Supermicro, based in San Jose, California, gave this statement: “The security of our customers and the integrity of our products are core to our business and our company values. We take care to secure the integrity of our products throughout the manufacturing process, and supply chain security is an important topic of discussion for our industry. We still have no knowledge of any unauthorized components and have not been informed by any customer that such components have been found. We are dismayed that Bloomberg would give us only limited information, no documentation, and half a day to respond to these new allegations.”

Bloomberg News first contacted Supermicro for comment on this story on Monday at 9:23 a.m. Eastern time and gave the company 24 hours to respond.

Supermicro said after the earlier story that it “strongly refutes” reports that servers it sold to customers contained malicious microchips. China’s embassy in Washington did not return a request for comment Monday. In response to the earlier Bloomberg Businessweek investigation, China’s Ministry of Foreign Affairs didn’t directly address questions about the manipulation of Supermicro servers but said supply chain security is “an issue of common concern, and China is also a victim.”

Supermicro shares plunged 41 percent last Thursday, the most since it became a public company in 2007, following the Bloomberg Businessweek revelations about the hacked servers. They fell as much as 27 percent on Tuesday after the latest story.

The more recent manipulation is different from the one described in the Bloomberg Businessweek report last week, but it shares key characteristics: They’re both designed to give attackers invisible access to data on a computer network in which the server is installed; and the alterations were found to have been made at the factory as the motherboard was being produced by a Supermicro subcontractor in China.

Based on his inspection of the device, Appleboum determined that the telecom company’s server was modified at the factory where it was manufactured. He said that he was told by Western intelligence contacts that the device was made at a Supermicro subcontractor factory in Guangzhou, a port city in southeastern China. Guangzhou is 90 miles upstream from Shenzhen, dubbed the `Silicon Valley of Hardware,’ and home to giants such as Tencent Holdings Ltd. and Huawei Technologies Co. Ltd.

The tampered hardware was found in a facility that had large numbers of Supermicro servers, and the telecommunication company’s technicians couldn’t answer what kind of data was pulsing through the infected one, said Appleboum, who accompanied them for a visual inspection of the machine. It’s not clear if the telecommunications company contacted the FBI about the discovery. An FBI spokeswoman declined to comment on whether it was aware of the finding.

AT&T Inc. spokesman Fletcher Cook said, “These devices are not part of our network, and we are not affected.” A Verizon Communications Inc. spokesman said “we’re not affected.”

“Sprint does not have Supermicro equipment deployed in our network,” said Lisa Belot, a Sprint spokeswoman. T-Mobile U.S. Inc. didn’t respond to requests for comment.

Sepio Systems’ board includes Chairman Tamir Pardo, former director of the Israeli Mossad, the national defense agency of Israel, and its advisory board includes Robert Bigman, former chief information security officer of the U.S. Central Intelligence Agency.

U.S. communications networks are an important target of foreign intelligence agencies, because data from millions of mobile phones, computers, and other devices pass through their systems. Hardware implants are key tools used to create covert openings into those networks, perform reconnaissance and hunt for corporate intellectual property or government secrets.

The manipulation of the Ethernet connector appeared to be similar to a method also used by the U.S. National Security Agency, details of which were leaked in 2013. In e-mails, Appleboum and his team refer to the implant as their “old friend,” because he said they had previously seen several variations in investigations of hardware made by other companies manufacturing in China.

Image result for National Security Agency, photos

National Security Agency

In Bloomberg Businessweek’s report, one official said investigators found that the Chinese infiltration through Supermicro reached almost 30 companies, including Amazon.com Inc. and Apple Inc. Both Amazon and Apple also disputed the findings. The U.S. Department of Homeland Security said it has “no reason to doubt” the companies’ denials of Bloomberg Businessweek’s reporting.

People familiar with the federal investigation into the 2014-2015 attacks say that it is being led by the FBI’s cyber and counterintelligence teams, and that DHS may not have been involved. Counterintelligence investigations are among the FBI’s most closely held and few officials and agencies outside of those units are briefed on the existence of those investigations.

Appleboum said that he’s consulted with intelligence agencies outside the U.S. that have told him they’ve been tracking the manipulation of Supermicro hardware, and the hardware of other companies, for some time.

Image result for Norwegian National Security Authority, photos

In response to the Bloomberg Businessweek story, the Norwegian National Security Authority said last week that it had been “aware of an issue” connected to Supermicro products since June.  It couldn’t confirm the details of Bloomberg’s reporting, a statement from the authority said, but it has recently been in dialogue with partners over the issue.

Hardware manipulation is extremely difficult to detect, which is why intelligence agencies invest billions of dollars in such sabotage. The U.S. is known to have extensive programs to seed technology heading to foreign countries with spy implants, based on revelations from former CIA employee Edward Snowden. But China appears to be aggressively deploying its own versions, which take advantage of the grip the country has over global technology manufacturing.

Three security experts who have analyzed foreign hardware implants for the U.S. Department of Defense confirmed that the way Sepio’s software detected the implant is sound. One of the few ways to identify suspicious hardware is by looking at the lowest levels of network traffic. Those include not only normal network transmissions, but also analog signals — such as power consumption — that can indicate the presence of a covert piece of hardware.

In the case of the telecommunications company, Sepio’s technology detected that the tampered Supermicro server actually appeared on the network as two devices in one. The legitimate server was communicating one way, and the implant another, but all the traffic appeared to be coming from the same trusted server, which allowed it to pass through security filters.

Appleboum said one key sign of the implant is that the manipulated Ethernet connector has metal sides instead of the usual plastic ones. The metal is necessary to diffuse heat from the chip hidden inside, which acts like a mini computer. “The module looks really innocent, high quality and ‘original’ but it was added as part of a supply chain attack,” he said.

The goal of hardware implants is to establish a covert staging area within sensitive networks, and that’s what Appleboum and his team concluded in this case. They decided it represented a serious security breach, along with multiple rogue electronics also detected on the network, and alerted the client’s security team in August, which then removed them for analysis. Once the implant was identified and the server removed, Sepio’s team was not able to perform further analysis on the chip.

The threat from hardware implants “is very real,” said Sean Kanuck, who until 2016 was the top cyber official inside the Office of the Director of National Intelligence. He’s now director of future conflict and cyber security for the International Institute for Strategic Studies in Washington. Hardware implants can give attackers power that software attacks don’t.

“Manufacturers that overlook this concern are ignoring a potentially serious problem,” Kanuck said. “Capable cyber actors — like the Chinese intelligence and security services — can access the IT supply chain at multiple points to create advanced and persistent subversions.”

One of the keys to any successful hardware attack is altering components that have an ample power supply to them, a daunting challenge the deeper into a motherboard you go. That’s why peripherals such as keyboards and mice are also perennial favorites for intelligence agencies to target, Appleboum said.

In the wake of Bloomberg’s reporting on the attack against Supermicro products, security experts say that teams around the world, from large banks and cloud computing providers to small research labs and startups, are analyzing their servers and other hardware for modifications, a stark change from normal practices. Their findings won’t necessarily be made public, since hardware manipulation is typically designed to access government and corporate secrets, rather than consumer data.

National security experts say a key problem is that, in a cybersecurity industry approaching $100 billion in revenue annually, very little of that has been spent on inspecting hardware for tampering. That’s allowed intelligence agencies around the world to work relatively unimpeded, with China holding a key advantage.

“For China, these efforts are all-encompassing,” said Tony Lawrence, CEO of VOR Technology, a Columbia, Maryland-based contractor to the intelligence community. “There is no way for us to identify the gravity or the size of these exploits — we don’t know until we find some. It could be all over the place — it could be anything coming out of China. The unknown is what gets you and that’s where we are now. We don’t know the level of exploits within our own systems.”

— With assistance by Scott Moritz, and Gwen Ackerman

https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom

Related:

Stop buying computer hardware from China

October 10, 2018

In light of escalating evidence that China continues to bug computer software destined for America, U.S. companies should diversify away from the Chinese market.

The threat is both significant and under-appreciated. As Bloomberg reported on Tuesday, a security firm working for a major U.S. telecommunications company has found “malicious chips” in hardware the company purchased from Super Micro Computers Inc. Super Micro Computers built the hardware in China where, according to Bloomberg, Chinese intelligence services ordered Super Micro subcontractors to plant the malware in their products.

This news should anger but not surprise you.

By Tom Rogan
The Washington Examiner
Opinion

Supermicro computersBy planting hardware inside computers, the Chinese give themselves the means to target some future interest that has the misfortune of using its bugged hardware.

(Chris Stowers/Bloomberg)
.

The Chinese government has long operated an incredibly aggressive and scaled effort to steal U.S. information of value. Sometimes that’s the personal information of government workers, sometimes it’s the communications of U.S. leaders, sometimes it’s intellectual property, and sometimes that information is unknown even to the Chinese when they first pursue it. After all, by planting hardware inside computers, the Chinese give themselves the means to target some future interest that has the misfortune of using its bugged hardware. Still, the simple point here is that China has absolutely no regard for things that American citizens or American companies want to keep secret. That disdain for privacy is motivated not by immorality, but simply by China’s much broader effort to displace the U.S.-led international order with one of its own making.

Of course, it is nonsensical for Americans to continue dancing to the Chinese tune by purchasing its hardware or software. And fortunately, because Chinese hardware tends to be of low value and cost, there are alternative suppliers that U.S. companies could rely upon without major long-term cost increases. Moving to those suppliers makes long-term cost sense for a simple reason: it prevents information from being stolen and used against its users at some future point.

But we must wake up. The Chinese threat is vested in a long-term strategic effort and no amount of complaining is going to make it go away. We must thus build up our defenses and respond with greater attention to the threat we face.

Virginia’s Terry McAuliffe tied to executive of Chinese firm accused of spying; senator demands answers on visas

July 25, 2013

Terry McAuliffe, the Democratic nominee for governor of Virginia, has ties to a company dragged into a federal investigation involving a program that grants visas in exchange for foreign investments. (The Washington Times)

A businessman seeking to invest in the sister firm of Virginia gubernatorial  candidate Terry McAuliffe’s former green  car company in exchange for U.S. legal status is a top official at Huawei  Technologies Co., a Chinese telecommunications giant recently accused of  spying.

The disclosure came in documents released Wednesday by Sen.  Chuck Grassley, Iowa Republican, who is demanding answers about the federal  EB-5 program, under which people can invest $500,000 to $1 million in certain  U.S. companies are rewarded with visas and, potentially, citizenship.

By David Sherfinski

The Washington Times

President Obama’s nominee for the No. 2  post at the Department of  Homeland Security was accused this week of ramming through a Chinese  investor’s visa application on behalf of a company owned by Anthony  Rodham, brother of former Secretary of State Hillary  Rodham Clinton.

Alejandro Mayorkas, currently head  of U.S. Citizenship and Immigration Services, is scheduled for a Thursday  confirmation hearing in the Senate.

The documents released Wednesday said that as recently as March, 21 pending  visa applications associated with Mr.  Rodham’s company, Gulf  Coast Funds Management LLC, were being scrutinized by the federal government  because of fraud or national security concerns.

Gulf Coast is the fundraising arm of Mr.  McAuliffe’s GreenTech Automotive Inc., and  the companies share the same McLean, Va., address. Mr.  McAuliffe founded GreenTech in 2009 and  revealed in April that he had resigned from his role as company chairman at the  beginning of December.

In a letter dated July 23 and addressed to FBI Director Robert S. Mueller III, Mr. Grassley tied the Chinese technology  company, Huawei Technologies Co.,  to Gulf Coast.

“I have obtained e-mails which indicate that one of the investors in Gulf  Coast is a vice president of Huawei  Technologies Co., whose connections to Chinese  intelligence have been documented by the House  Intelligence Committee,” Mr. Grassley wrote.

The investor was identified in an email attachment to Mr.  Grassley’s report as Zhejun (Richard) Zhang.

According to an October report by the House  Permanent Select Committee on Intelligence, Huawei failed to cooperate with a yearlong investigation and to adequately explain its  U.S. business interests and relationship with the Chinese  government, and cautions the U.S.  government and private companies in the U.S. from doing business with Huawei.

The report found Huawei “cannot  be trusted to be free of foreign state influence and thus pose[s] a security  threat to the United States and to our systems.” It also warned private  companies “to consider the long-term security risks associated with doing  business” with the company.

Huawei has denied such  charges.

More seriously, former Central Intelligence Agency Director Michael V. Hayden  earlier this month accused Huawei of providing sensitive information about foreign communication systems to  Beijing.

“These tired, unsubstantiated, defamatory remarks are sad distractions from  real-world concerns related to espionage, industrial and otherwise,” Huawei spokesman Scott Sykes said in an email reported by Bloomberg News.

Mr. Grassley also wrote a letter to  Homeland Security Secretary Janet A. Napolitano this week asking her to explain  in detail “the actions taken by you and your office in response to the inquiry  submitted by Terry McAuliffe related to  any USCIS appeal filed by Gulf Coast,” among other questions.

“There is a long history with these cases which included an inquiry from Terry McAuliffe to the Secretary of Homeland  Security when USCIS  denied an amendment for Gulf  Coast Funds Management, LLC a few years back,” reads an internal e-mail  obtained by Mr. Grassley’s office.

“According to the DHS OIG, its investigation revolves around allegations that Director Mayorkas allegedly assisted with the approval of Gulf Coast’s Regional Center application after it  was denied by both the USCIS California Service Center and the USCIS  Administrative Appeals Office,” Mr.  Grassley wrote.

A McAuliffe spokesman on Tuesday  issued a statement in response to reports that Homeland Security’s inspector  general was investigating Mr. Mayorkas and his involvement securing a EB-5 visa on behalf of Gulf Coast.

“The investigation does not involve Terry and we hope that it is completed in a  timely matter,” Josh Schwerin said.

In letters to Mr. Rodham and GreenTech CEO Charles Wang last week, Mr. Grassley asked for information to be provided by July 24, including a copy of Gulf  Coast’s narrative and business plan  provided to USCIS and the total amount of foreign capital invested with Gulf  Coast.

Gulf Coast, founded in 2008 and described by officials as a federally  approved EB-5 regional center that supports job-creation programs in Louisiana  and Mississippi, issued a statement of its own Tuesday when the investigation  was first reported.

“Our management abides by all regulations under USCIS, and [Gulf Coast’s]  contact with USCIS has been limited to procedural inquiries. [Gulf Coast] has  not sought assistance from USCIS to resolve a rejected appeal. In fact, we are  not aware of any investor visa applications associated with our Regional Center being denied. [Gulf Coast] is not part of  any investigation by Department of Homeland  Security,” the company said in a statement Tuesday

Read more: http://www.washingtontimes.com/news/2013/jul/2
4/mcauliffe-is-tied-to-executive-of-chinese-firm-acc/?page=2
#ixzz2a504SDKG

Follow us: @washtimes on Twitter

Obama nominee faces investigation involving company run by brother of Hillary Clinton

July 25, 2013
 

Immigration Services Director Alejandro Mayorkas is seen in a 2010 image.  Photo: Harry Hamburg / AP

By Michael Isikoff
NBC News National Investigative Correspondent

President Barack Obama’s nominee to be the Homeland Security Department’s No. 2 official is under investigation over alleged intervention to obtain approval for a company run by a brother of Hillary Clinton to participate in a program that provides U.S. visas for foreign investors, according to an email the department’s inspector general sent to lawmakers Monday night and obtained by NBC News.

The investigation into Alejandro Mayorkas – who currently serves as director of U.S. Citizenship and Immigration Services (UCIS), an agency within Homeland Security – was opened in September 2012 based on a referral from an FBI counterintelligence analyst, according to the email. The inspector general probe was first reported by The Associated Press.

“At this point in our investigation, we do not have any findings of criminal misconduct,” the email from the Homeland Security inspector general states. “We are unaware of whether Mayorkas is aware that we have an investigation.”

The probe is based on allegations that Mayorkas personally intervened to win an approval for Gulf Coast Funds Management, a financing company headed by Clinton’s brother Anthony Rodham, after USCIS officials rejected its application, according to an aide to GOP Sen. Charles Grassley, who had received internal USCIS emails about the matter from a department whistleblower.

Gulf Coast has received media attention in recent months over its partnership with Greentech, an electric car company run by Terry McAuliffe, the Democratic nominee for governor of Virginia.

In a letter to Homeland Secretary Janet Napolitano released Tuesday night, Grassley asked for details about the department’s handling of the company’s application and quoted from an internal agency email about Gulf Coast describing it as a “politically…well connected company” and noting the involvement of Rodham and McAuliffe. However, the author of the email — who is not identified — added after noting the firm’s political connections, “not that I think it matters because it shouldn’t impact how we do our job.”

Grassley, a foe of Obama’s immigration policies, had asked the inspector general for a report on the probe after getting tipped off by the whistleblower, the aide said.

The emails obtained by Grassley’s office, which were shared with NBC News, show that, after winning approval to participate in the foreign visa program, at least one of the visas sought by Rodham’s firm was for a vice president of Huawei Technologies, a Chinese telecommunications firm that has been investigated by the House Intelligence Committee over claims that it is closely tied to the Chinese intelligence services. Huawei Technologies has denied such charges.

A spokesman for Homeland Security had no comment. The disclosure of the probe comes barely a week after Napolitano announced her resignation as Homeland Security secretary and just before a Thursday hearing before the Senate Homeland Security and Governmental Affairs Committee on Mayorkas’ nomination to be deputy secretary.

GOP aides said Republican senators will now attempt to postpone the hearing and block his confirmation until the inspector general probe is resolved. “We do not want this to go forward,” said an aide to Sen. Tom Coburn, the ranking Republcan on the panel.

The email from the Homeland Security inspector general’s office states it initially included allegations that USCIS lawyers sought to obstruct an audit of the agency’s EB-5 visa program that was being conducted by the Securities and Exchange Commission. The E-5 program, which has been authorized by Congress, provides visas to foreigners who invest $500,000 in job-creating development projects by U.S. companies that are approved by UCIS for designated “regional centers.”

Tony Rodham in 1999.  Credit William Philpott / Reuters file

As the probe continued, “preliminary investigative findings” refocused the investigation in part  on whether Mayorkas had “allegedly assisted with the approval” of an application by Gulf Coast Funds Management after the application had been denied by his agency’s officials in California and the denial had been upheld by an appeals office.

During the course of the probe, the email states, the inspector general learned of other allegations “involving alleged conflicts of interest, misuse of position, mismanagement of the EB-5 program, and an appearance of impropriety by Mayorkas and other” officials within the UCSIS.

D. Simone Williams, a lawyer for Gulf Coast Funds Management, said in an email response for comment that the company “was not aware of any investigation by Department of Homeland Security. Our management abides by all regulations under USCIS and GCFM’s contact with USCIS has been limited to procedural inquiries. We are not aware of an investor visa application denial associated with our Regional Center. In fact, none of the investor visa applications associated with our Regional Center, sought the assistance of USCIS, after being denied and an appeal was rejected.”

The inspector general’s position within Homeland Security is vacant and the office is headed by deputy inspector general Charles K. Edwards. His office did not immediately respond to a request for comment.

The email indicates that the FBI’s Washington field office, which was conducting a background investigation of Mayorkas on behalf of the White House, was informed of the probe by the inspector general in June. The White House announced the president’s intent to nominate Mayorkas on June 27. The aide to Grassley said GOP senators want to know why the White House moved forward with the nomination when a probe into his conduct was under way.

At Tuesday’s White House press briefing, press secretary Jay Carney was asked about the initial AP report of the investigation. Carney reponded: “Well, it’s an investigation, as I understand it. I’ve just seen the report. I would refer you to the IG, which apparently, according to this report, is conducting an investigation into DHS.”

Below is a full text of the email:

The DHS OIG is investigating Director Mayorkas.  Director Mayorkas was not specifically named in the initial complaint; however, the DHS OIG is now investigating allegations concerning the actions/conduct of Director Mayorkas and other USCIS management officials.

This investigation has been open since September 2012.  DHS OIG’s investigation was initiated based on an investigative referral submitted by a FBI Analyst, Counterintelligence Unit, Washington, DC.  The complaint was forwarded to a DHS-OIG employee who subsequently referred it to the DHS OIG Hotline.

Initial allegations were that (1) USCIS managers and counsel directed employees to obstruct an OIG audit and (2) a (unnamed) USCIS Director personally facilitated and assisted an applicant/petitioner with an EB-5 visa approval after the petitioner was initially found to be ineligible for the program.

Preliminary investigative findings determined that the alleged obstruction was by the USCIS Office of General Counsel and related to an audit/investigation of the EB-5 program being conducted by the U.S. Securities and Exchange Commission (SEC), rather than a DHS OIG audit; and clarified that Director Mayorkas allegedly assisted with the approval of an application submitted on behalf of Gulf Coast Funds Management (GCFM), a Regional Center applicant under the Immigrant Investor Pilot Program, after GCFM’s application was denied by the USCIS California Service Center and the denial was upheld by the USCIS Administrative Appeals Office (AAO).

During the course of the DHS-OIG investigation, subsequent allegations have been indentified involving alleged conflicts of interest, misuse of position, mismanagement of the EB-5 program, and an appearance of impropriety by Mayorkas and other USCIS management officials.

At this point in our investigation, we do not have any findings of criminal misconduct.

We are unaware of whether Mayorkas is aware that we have an investigation.

In response to a June 2013 inquiry from the FBI Washington Field Office, Investigative Operations (reportedly conducting a background investigation on behalf of the White House), the DHS OIG advised of the investigation involving alleged misconduct by Mayorkas.

The DHS OIG also has an ongoing audit regarding the EB-5 program.  The audit was started in August of last year and is in its final stages of field work.