As the debate over President Trump’s order suspending refugee admissions intensifies, Fox News has learned of another potential vulnerability in the system: the State Department refugee database has been susceptible to hacking for years.
The State Department internal watchdog, back in December 2016, sent a "classified management alert" regarding ongoing IT security vulnerabilities in the system. Two months later, the inspector general released a related unclassified report, "Inspection of the Bureau of Population, Refugees, and Migration."
"It's very unusual for action to be taken by the inspector general before the final report is reviewed by the bureau that's under investigation," former U.N. ambassador and Fox News contributor John Bolton explained. "The fact that an alert was sent before that was completed indicates that they believed it was very serious."
In the wake of the alert, the inspector general reported that the worldwide refugee admissions processing system, or "WRAPS," had been running -- for years -- without a clean bill of health for IT security, so there were no guarantees the data was reliable.
"This has been operating since 2011 without what's called an authority to operate," cyber security specialist Morgan Wright said. "That's like somebody driving not just without a license, but with a revoked suspended license."
A government source told Fox News investigators flagged security incidents in 2016 where a third party installed software, potentially exposing the refugee database to malware. A second 2013 incident is still under investigation. The database's security matters because it handles applications and shares vetting information with other government agencies.
This week on Capitol Hill, Homeland Security Secretary John Kelly said he's working closely with Secretary of State Rex Tillerson and CIA Director Mike Pompeo to get a handle on the refugee vetting system and its weaknesses. "Hope is not a course of action for people like me," he said.
Asked about the database vulnerabilities, the State Department did not dispute Fox News' reporting. Acting Spokesperson Mark Toner said "The Department recently completed two independent forensic audits of WRAPS to verify the integrity of the data over time. Those audits confirmed there is absolutely no evidence that WRAPS data has ever been manipulated or compromised."
Toner added, "We appreciate and respect the work of the Inspector General. We are working diligently to resolve the concerns that were raised in the OIG report, and have already implemented several of the recommendations...The refugee screening process has always included multiple, independent and redundant procedures and systems. These overlapping safeguards allow refugee admissions applications to be processed securely."
While there was no data breach, supporters of the president's strategy say State Department investigators found an IT security mess, and taking a pause on refugee applications still makes sense.
In a letter published by the Chicago Tribune February 7, former State Department employee Mary Doetsch wrote, “I have seen first-hand the abuses and fraud that permeate the refugee program and know about the entrenched interests that fight every effort to implement much-needed reform.
"Despite claims of enhanced vetting, the reality is that it is virtually impossible to vet an individual who has no type of an official record, particularly in countries compromised by terrorism. U.S. immigration officials simply rely on the person’s often rehearsed and fabricated “testimony.” I have personally seen this on hundreds of occasions.”
Critics of the executive order say there is no hard evidence terror suspects have successfully infiltrated the refugee stream in recent years to gain entry to the US.