Secret Service social engineering breach highlights both Security and Compliance concerns.
This week, Arian Taherzadeh, 40, and Haider Ali, 36, were both charged with falsely impersonating federal law enforcement officers, in a years-long scam where they befriended and scammed Secret Service agents, including one on the first lady’s security detail, into believing that they were fellow members of the Department of Homeland Security.
The US Attorney’s office has not yet made it clear whether this was an attempt at espionage or simply an act of criminal impersonation, but this case highlights another great example of the intersection between compliance and security. As all members of the US Secret Service are trained in agency policies regarding Operational Security (OPSEC), the question as to how Taherzadeh and Ali were able to conduct their activity from 2020 to 2022 without being challenged or reported by the Secret Service agents they scammed.
According to an affidavit from an FBI investigator, the pair’s bizarre con allegedly started in February 2020 and involved them trying to “ingratiate themselves with members of federal law enforcement and the defense community.”
Operations Security (OPSEC) are policies governing the process by which potential adversaries are denied information about capabilities and intentions by identifying, controlling and protecting the planning and execution of sensitive activities and in this case, duties of a government agency. From a compliance perspective, the process involves five steps: identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of appropriate countermeasures.
In looking at this case, there appeared to be OPSEC compliance violations here. More importantly, it appears as if the impersonators were alleged to have had agents commit other government policy violations in committing this breach. Reports indicate that Taherzadeh and Ali had given four Secret Service agents and at least one DHS employee gifts of iPhones, a drone, a flat-screen TV, a generator, a gun case, and rent-free apartments worth more than $40,000 per year, in violation of executive branch policies on gifts.
Per court documents, Taherzadeh and Ali also let the federal agents use a black SUV that they falsely said was an “official government vehicle.” Furthermore, Taherzadeh was said to have offered to purchase a $2,000 assault rifle for a Secret Service agent on Jill Biden’s security detail.
In considering how easily devices like drones or iphones are hacked and/or able to record sensitive information — this case highlights a significant OPSEC concern, tantamount to potential espionage.
Taherzadeh also sent selfies and photos of himself wearing police tactical gear to actual federal agents.
Instead of this case being discovered by a compliance report or security challenge by one of the USSS agents in question, this elaborate fraud only began to unravel when a US postal inspector began looking into the alleged assault of a mail carrier in Taherzadeh and Ali’s apartment complex last month. The two men allegedly identified themselves to the investigator as members of the “US Special Police Investigation Unit” — a nonexistent agency. Residents also told the investigator that the two men had set up security cameras throughout the apartment building and that they had told those living in the complex that they could access their cellphones at any time.
So the question remains; were the agents supposed to check the credentials of these supposed “task force” members? Were they supposed to report the gifts of equipment and free apartments? Likely so.
In a statement, a Secret Service spokesperson said all personnel involved in the matter had been placed on administrative leave. The AP reported that at least four employees were placed on leave.
“The Secret Service adheres to the highest levels of professional standards and conduct and will remain in active coordination with the Departments of Justice and Homeland Security,” the spokesperson said. The pair are set to make their first appearance in the US District Court for the District of Columbia on Thursday. An attorney for the men was not yet listed in court records.
Regardless of how this case is adjudicated in court; it is important to consider the implications on compliance and how a simple breakdown in reporting may have contributed to this serious potential breach in national security.
A. Benjamin , MA, CPP is a decorated former municipal and federal law enforcement officer and criminal justice reform advocate. He has served as a consultant and expert witness in security and safety and was the Director, Office of Investigations for the American Board of Internal Medicine from 2008–2017. Mannes is a public safety contributor to Philadelphia Weekly, Broad + Liberty and other publications and he currently serves on the Public Safety Advisory Board for Pennsylvania Gubernatorial candidate Lou Barletta.
Originally published at https://www.linkedin.com.