US Visa System Contains Security Flaws

Travellers to the United States are reportedly at risk of having their details stolen by hackers, after researchers discovered security flaws in a database belonging to the US State Department.

The crucial State Department database, known as the Consular Consolidated Database (CCD), is described as the “backbone” system for vetting travellers to and from the United States.

Data Risk

The news of the database flaws was first revealed by ABC News, which reported that the flaws had been uncovered several months ago after the US State Department commissioned an internal review of its cyber-defences.However, they say that no breach was detected.

The database itself is said to contain the personal data of over 500 million people, and is said to be one of the world’s largest biometric databases. It contains sensitive data for anyone who has applied for a US passport or visa in the past 20 years. Indeed, the CCD is said to contain information such as applicants’ photographs, fingerprints, social security or other identification numbers and even children’s schools.

“We are, and have been, working continuously … to detect and close any possible vulnerability,” State Department spokesman John Kirby said in a statement to ABC News. And state department officials have questioned whether terrorists or other attackers would have the capabilities to access and successfully exploit CCD data.

The department has reportedly already taken steps to address the vulnerabilities, but some unnamed government sources with insight into the matter were sceptical that CCD’s security gaps have actually been plugged.

“Vulnerabilities have not all been fixed,” and “there is no defined timeline for closing [them] out,” ABC news quoted a congressional source informed of the matter.

“I know the vulnerabilities discovered deserve a pretty darn quick [remedy],” but it took senior State Department officials months to start addressing the key issues, warned another concerned government source.

Ongoing Concern

Concern about the security of ageing American government computer systems has been growing for a while now.

In February a hacker released personal data on nearly 20,000 FBI agents, soon after the release of information on 9,000 staff of the US’ Department of Homeland Security (DHS). The FBI data included names, job descriptions, work email addresses and telephone numbers, with about 1,000 staff listed as dealing with intelligence analysis.

But potentially more serious was the major hack of a US government personnel agency, the Office of Personnel Management (OPM) last June. It was alleged that Chinese hackers gained access to more than 21.5 million staff records and more than five million fingerprint records.

The Russian government has also allegedly hacked into the White House’s computer systems in April 2015, after the hackers first penetrated the State Department’s email system in October 2014.

And in October 2015, a hacking group called Crackas With Attitude (CWA) broke into the email accounts of CIA director John Brennan and other prominent political figures, as well as gaining access to government personnel files.

Are you a security pro? Try our quiz!