Thousands of inactive computer accounts officials haven’t disabled create security risks so serious they could keep the Department of State from functioning.
Officials there have for years either been slow to respond or have completely ignored federal investigators’ repeated calls to disable inactive government computer accounts, according to the department’s inspector general (IG).
“The risk of unauthorized access is significantly increased and may result in the submission of false transactions, improper access to and dissemination of confidential data, and other malicious activities that may impede the department’s ability to achieve its core mission,” the IG said.
A veritable hacker heaven in Foggy Bottom is the result. The department uses a Microsoft Windows active service directory to manage users and system information. All inactive accounts must be disabled within 90 days of their end of official use.
The independent accounting firm Williams, Adley & Company recently found 2,601 accounts had remained inactive for longer than 90 days, and 74 percent of those had been inactive for more than a year. The firm was retained by the IG for the review.
Similar results were found in 2014 and 2015, but department officials insist they addressed the problem.
A 2015 audit found system owners failed to disable 9,321 accounts after 90 days of inactivity. A 2014 audit faulted woes with the State Department’s poor handling of account closures, too. The State Department relies on administrators to disable access manually, rather than using an automated system, the IG said. (RELATED: Clinton Received Training On Classified Docs Just Once In Three Years At State)
Department officials rejected the IG’s recommendations for fixing the problem, claiming inactive accounts are scrubbed monthly by the department’s Bureau of Information Resource Management (IRM), but the IG responded that “this audit found that 74 percent of the inactive AD accounts identified had been inactive for more than one year, which does not align with IRM’s response that it ‘continues to routinely delete stale accounts.'”
Previous IGs issued eight scathing reports during former Secretary of State Hillary Clinton’s tenure, warning of worsening problems and growing security weaknesses within IRM, The Daily Caller News Foundation previously reported.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.