back to top

Audit Of Access To Classified Network Is A “Cover Up,” Treasury Officials Charge

An inspector general audit finds there was no “mass revocation” of access to classified networks critical to responding to terrorism, but some officials dismissed the audit as a “cover up.” The report also concludes there is a strained relationship between two feuding agencies within the Treasury Department.

Posted on

When knife-wielding terrorists killed eight people on London Bridge this summer, employees from a critical office in the US Treasury Department lept to their computers to answer urgent queries about how the terrorists got their money and who might have funded them. But, as a BuzzFeed News story revealed, they said they couldn’t do their jobs properly because they were shut out of critical classified computer networks.

Now, an audit of what went wrong has come out, and it blames bureaucracy and bad communication — infuriating some of the Treasury officers who were shut out on that bloody day and who are lambasting the report as “a cover up.”

Some employees at the Treasury Department’s Financial Crimes Enforcement Network, better known as FinCEN, say they were deliberately and suddenly locked out of the classified networks. But the audit by the Treasury Department’s Office of the Inspector General found that there had been no “mass revocation” of access. Rather, the audit concluded, a large number of employees lost their access in the spring of 2017 but were never notified because it occurred as part of a routine renewal process. FinCEN employees only discovered the problem when they rushed to respond to live terrorist attacks in Manchester and London and could not get on the networks to assist law enforcement with urgent questions about terrorist financing.

The audit also found that FinCEN officials had been able to respond to the attacks, and that most people had their access restored by late June of this year. Those that did not, the audit found, had not attended a required appointment.

Still, the audit noted that employees in one branch of Treasury — the Office of Intelligence and Analysis, or OIA — had been notified that their access was expiring in time to renew it, while employees at FinCEN, may not have been told. And the audit found that the “working relationship” between the two agencies, which both deal with fighting terrorism, is “strained” when it comes access to classified networks. If not addressed, the audit found, it could “hamper” the mission of the Office of Terrorism and Financial Intelligence, which oversees both FinCEN and OIA.

Indeed, FinCEN employees told BuzzFeed News that OIA cut them off from the classified networks as part of a bitter bureaucratic turf war. The internecine battle has been raging more than a year, ever since the Office of Terrorism and Financial Intelligence proposed transferring much of FinCEN’s work and budget to OIA. FinCEN’s officials have maintained such a transfer would not be legal without prior approval from Congress.

FinCEN officials have claimed that OIA shut them out of classified networks in retaliation for raising concerns about the legality of the move. Without such access, obtained through so-called public key infrastructure certificates, or PKIs, even officials with top secret security clearances are locked out of the computer networks on which classified information is shared.

As BuzzFeed reported, FinCEN officials have also accused OIA of engaging in domestic spying by illegally snooping on the banking records of American individuals and companies — an issue that the inspector general said will be addressed in a separate audit expected to be finished at the end of the year.

This week’s audit focused only on Treasury employees’ access to classified networks — but some officials within FinCEN, who spoke on condition of anonymity because they are not authorized to talk to the media, dismissed it as a “cover up” aimed at protecting Treasury and OIA. The audit’s finding that FinCEN was able to respond the London and Manchester attacks “cherry picks comments from us and distorts what was actually said,” according to a FinCEN official. To this day, he said, he is still shut out of the classified networks. And he said his PKI certificate was revoked on the day of the attacks — not months earlier — for reasons that are still unexplained.

“Yes, we were able to respond but it was difficult and slow,” the FinCEN official said. “It took longer than it should have. That’s what was actually told to the IG. They're saying no one is at fault, it's a resource issue. That's ridiculous.” He added, “They found what they wanted to find.”

Another official also found fault with the inspector general’s audit.

“The written record directly contradicts their findings, and I hope Congress has that information,” said this official. The person added that “Treasury has lied or misled Congress on several occasions.”

“We stand by our work product and have no other comment,” said Rich Delmar, a lawyer in the Treasury Department’s office of the Inspector General.

Advertisement

Jason Leopold is a senior investigative reporter for BuzzFeed News and is based in LA. Recipient: IRE 2016 FOI award; Newseum Institute National Freedom of Information Hall of Fame. PGP fingerprint 46DB 0712 284B 8C6E 40FF 7A1B D3CD 5720 694B 16F0. Contact this reporter at jason.leopold@buzzfeed.com

Contact Jason Leopold at jason.leopold@buzzfeed.com.

Jessica Garrison is a senior investigative editor for BuzzFeed News and is based in San Francisco.

Contact Jessica Garrison at jessica.garrison@buzzfeed.com.

Got a confidential tip? Submit it here.

Promoted