,
28 tweets,
12 min read
Read on Twitter
I hate when I find something so big that I know I'll never have time to research it properly. Fortunately, I am sure other people in this corner of Twitter may have already researched pieces of it. IT security issues with GSA leasing, you don't say... #ButNothingsHappening 
2 weeks ago I did a thread on a group that was investing in leasing of space to GSA contracts for office space for govt. agencies. Trading EB-5 permanent resident Visas for cash investments with ridiculously crooked return on investment terms.
My interest in this goes back to August when I found that the Trump Admin told CNN in August 2017 about their wonderful GSA provided carpet contractor working at the White House & other secure facilities.
But this IG report on IT security regarding their contracting system could go in so many different directions that I can't explore them all.
It exposes that there were 4 big brokers who actually handled the bids & leasing then 2 small businesses got invited to join this Swamp.
It exposes that there were 4 big brokers who actually handled the bids & leasing then 2 small businesses got invited to join this Swamp.
But the small businesses were not in compliance with FISMA IT security management requirements. Someone at GSA let them play anyway even though their contract stipulated that they had to gain compliance before they could get access & participate. oversight.gov/sites/default/…
The brokers were part of the program called GSA Leasing Support Services. So they served as middlemen in the leasing of federal office space. This 'modification' of the IT security rules was reported to GSA IG in May of 2017.
It's buried in contract change procedure violations...
It's buried in contract change procedure violations...
But it reveals that the GSA Federal office services & support systems were vulnerable to hacking & misuse of the data. Which is where this could get very interesting & there are a few clues in the report. Was it bid rigging, inflation of bids & overpayments? Or something worse?
Finding 1: They illegally modified the contracts in violation of bidding requirements.
FInding 2: The GSA data in the system was vulnerable to hacking, manipulation & exploitation by bad actors (which might include the contractors, investors, or hostile intel agencies)
FInding 2: The GSA data in the system was vulnerable to hacking, manipulation & exploitation by bad actors (which might include the contractors, investors, or hostile intel agencies)
GSA leases about $5.5B a year in real estate negotiated by a handful of brokers, who don't get paid by the federal govt.
The brokers get paid on commissions & for services to the lessee's their job is to determine fair market value & then negotiate the contracts. Seem Swampy yet?
The brokers get paid on commissions & for services to the lessee's their job is to determine fair market value & then negotiate the contracts. Seem Swampy yet?
So GSA played games to let these 2 small businesses muscle in in the 4 large established Swamp broker agencies. Games that allowed them access without complying with IT security requirements.
How, by outsourcing security to a Google system...
How, by outsourcing security to a Google system...
So starting in early 2016, the GSA system was vulnerable to exploitation due to this 'error' in allowing brokers access to the system without FISMA Certification of their IT security measures.
Convenient timing huh! January 2016-May 2017. If only that correlated with anything...
Convenient timing huh! January 2016-May 2017. If only that correlated with anything...
So who got the new 2015 bid contracts to serve as brokers for the GSA? It is a list with many players that diggers have probably seen before.
The 2 small businesses Public Properties LLC & Carpenter/Robbins Commercial Real Estate, Inc.
The 2 small businesses Public Properties LLC & Carpenter/Robbins Commercial Real Estate, Inc.
I don't have time to dig on them, but I know a few of these have very Swampy connections, like spouses of powerful politicians type connections...
I wonder if the brokers get commission on overpayments when errors are made even if the money is later refunded?
I wonder if the brokers get commission on overpayments when errors are made even if the money is later refunded?
But it lead me to another OIG report, on GSA overpayments for leases. I'm sure errors occur, but this group seems very error prone. oversight.gov/sites/default/…
In 1 example from the National Capitol Region, GSA's building services overpaid the landlord for a site called Mission Ridge for $3M in electric bills. They also overpaid an annual improvement bill twice for that site!
If you don't know, Mission Ridge is a facility full of intelligence operations including US governemnt & contractor personnel. They even feature in the Strzok/Page texts. Ironic that building was randomly selected for the audit & had $3+M in overpayments...
@nick_weil & others have done some interesting digging on Mission Ridge. Why might it be so interesting that people would have access to data on GSA systems about secure facilities like this? Because many intel agencies occupy leased space like this.
@nick_weil Which takes us to OIG Finding #2, the IT security failure...
1 of the small business contractors used it's insecure private server to store GSA data from the summer of 2016 until February of 2017.
1 of the small business contractors used it's insecure private server to store GSA data from the summer of 2016 until February of 2017.
In response, even the big boys stopped complying with FISMA security requirements.
Why is this so important? "These systems include sensitive government information such as market surveys with rental rates and information about the federal tenants. The information about federal tenants includes security needs and floorplans."
I'm sure that information would help rig rental rates to maximize profits & winning bids.
But I am more concerned about the other parts. Information about tenant agencies?
Want a map of where every intelligence shop is located in America?
How about every SCIF in rented space?
But I am more concerned about the other parts. Information about tenant agencies?
Want a map of where every intelligence shop is located in America?
How about every SCIF in rented space?
The floor plans of all of those office spaces?
List of all their security needs for the space to build it out?
Would you like a roadmap to penetrate every intelligence, defense, or law enforcement operation working in rented office space?
Well right there it was!
List of all their security needs for the space to build it out?
Would you like a roadmap to penetrate every intelligence, defense, or law enforcement operation working in rented office space?
Well right there it was!
Now of course, if you follow me, you tend to know where almost every scandal from the Swamp eventually leads. Democrats wanting to investigate a shady deal by Trump or one of his other FBI assets running stings on the Swamp creatures! GSA in this case...
thehill.com/regulation/adm…
thehill.com/regulation/adm…
Hook, line & sinker?
Always...
Always...
They take the bait every time, just like the marks of sting operations are supposed to! gsaig.gov/sites/default/…
So no collusion, no obstruction. I guess they will have to impeach Trump for Emoluments. As soon as they can figure out how to explain the word emoluments to their base...
gsaig.gov/sites/default/…
gsaig.gov/sites/default/…
Of course, controversy of Trump winning the bid to remodel the Old Post Office into a Trump Hotel have existed since the beginning. Even giving Michael Cohen a co-starring role! washingtonian.com/2012/06/19/its…
I forgot one other thread I was going to add to this at the top. A sting against one of the masters of GSA building lease fraud & graft. Started when Michael Cohen showed up unannounced when his yacht docked in Florida, dispatched by DJT. threadreaderapp.com/thread/1100504…
