May 22, 2017

In March 2017, KrebsOnSecurity warned that thieves who perpetrate tax refund fraud with the U.S. Internal Revenue Service were leveraging a widely-used online student loan tool to find critical data on consumers that allows them to claim huge refunds with the IRS in someone else’s name. This week, it emerged that a Louisiana-based private investigator is being charged with using the same online tool to glean tax data on then-presidential candidate Donald J. Trump.

A story today at points to court filings in the U.S. District Court for the Middle District of Louisiana, in which local private eye Jordan Hamlett is accused by federal prosecutors of abusing an automated tool at the U.S. Department of Education website that is designed to make it easier for families to complete the Education Department’s Free Application for Federal Student Aid (FAFSA) — a lengthy form that serves as the starting point for students seeking federal financial assistance to pay for college or career school.

Grand jury findings in a sealed case against Louisiana private investigator Jordan Hamlett.

Grand jury findings in a sealed case against Louisiana private investigator Jordan Hamlett.

In November 2016, Hamlett — the owner of Baton Rouge-based Averlock Investigations — was indicted on felony charges of trying to glean then President-Elect Trump’s “adjusted gross income,” or AGI, using the FAFSA online tool. In the United States, the AGI is an individual’s total gross income minus specific deductions. Diverse Education’s Jamaal Abdul-Alim cites sources saying the accused may have been trying to get Trump’s tax records.

In any event, he failed, according to prosecutors. Last month, the IRS announced that the Education Department was disabling the FAFSA lookup tool because it was being abused by tax fraudsters.

According to Diverse Education, hints about the case against Hamlett came out earlier this month in an IRS oversight hearing before the U.S. House committee on oversight and government reform. At that hearing, “Timothy P. Camus, deputy inspector general for investigations at the Treasury Inspector General for Tax Administration, or TIGTA, alluded to the Hamlett case but did not mention Hamlett by name, nor did he indicate that then-presidential candidate Trump was the target,” Abdul-Alim writes. “Instead, Camus only mentioned that TIGTA ‘detected an attempted access to the AGI of a prominent individual.'”

Attempts to reach Hamlett for comment have been unsuccessful so far, and the complaint against him remains sealed. However, KrebsOnSecurity obtained a response on Nov. 10, 2016 from U.S. Attorney J. Walter Green that lays out the basic facts in the case. A copy of that document is here (PDF).

It’s interesting to note that this wasn’t the only time U.S. government authorities detected someone trying to access Trump’s AGI information. According to the government’s response, the alleged unauthorized attempt at Trump’s AGI data being attributed to Hamlett occurred on Sept. 13, 2016.

In TIGTA Deputy Inspector General Camus’ testimony to the House committee (PDF), he said his office detected a second attempt to access the same “prominent individual’s” AGI data via the FAFSA online lookup in November 2016, although the testimony doesn’t say whether that attempt was successful.

Amazingly, it wasn’t until an IRS employee on February 27, 2017 complained that his personal data was stolen via the FAFSA tool that the IRS moved to restrict online access to the service, according to response to committee questioning from IRS Chief Information Officer S. Gina Garza.

The government doesn’t say in its pleadings why the accused was allegedly unsuccessful in obtaining President Trump’s AGI data. It could be that the Social Security number he had for Trump wasn’t correct; or, the account may have been flagged prior to the alleged attempt.

In any event, I want to take this opportunity to remind readers to assume that the static facts about who you are — including your income, date of birth, Social Security number, and a whole host of other information you may consider private — are likely at risk thanks to well-intentioned but nonetheless poorly secured third-party services that leak this data if the impersonator has but a few data points with which to work.

And of course these data points are for sale via a myriad places in the Dark Web for less than the Bitcoin equivalent of a regular coffee at Starbucks. On this front I’m reminded of the case of ssndob[dot]ru, a now-defunct identity theft service that held this data on more than 200 million Americans.

That service was used to look up the name, address, previous address, phone number, Social Security number and date of birth on some of America’s top public figures and celebrities — data that was later published on a doxing site called exposed[dot]su. The victims of exposed[dot]su included then First Lady Michelle Obama; then-director of the FBI Robert Mueller; and former U.S. Attorney General Eric Holder.

Exposed[dot]su was built with the help of identity information obtained and/or stolen from ssndob[dot]ru.

Exposed[dot]su was built with the help of identity information obtained and/or stolen from ssndob[dot]ru.

21 thoughts on “Private Eye Allegedly Used Leaky Goverment Tool in Bid to Find Tax Data on Trump

  1. Anonymous

    His major mistake was agreeing to go talk with the two FBl agents by himself with no lawyer. He should not have agreed to talk with them and lawyered up immediately. That will be his major downfall as he incriminated himself.

    1. Godel

      I thought his major mistake was not using Tails and someone else’s Wi-Fi.

    2. Jane

      Never ever talk to any federal investigator ever, in no circumstance can it ever help you in anyway. “Anything you say can and will be used against you in a court of law,” your Miranda rights can only be used against you. You cannot compel a cop to give testimony positively on your behalf so anything you say to cops can ONLY be used against you:

    3. Gnecht

      “…and he even sounded proud of what he had done,” says the linked article. Much media attention headed his way if the case proceeds, I expect.

    4. Garvin

      His mistake was engaging in criminal behavior.

  2. IRS iTunes Card

    This is nothing new, President Trump’s real social security number was put online years ago on a now defunct doxxing website.

  3. Catwhisperer

    What astounds me is that as a private investigator he didn’t use some kind of anonymization software or IP address obfuscation. To go to the tool and enter what is in legal terms fraudulent information from a traceable IP address boggles the mind…

    1. SeymourB

      He could have. It’s not like any service you get for free is actually worth a damn.

      He’d need to have paid for services from company in a nation state w/o any incentive to cooperate with the FBI (the list is quite small, at least for states with sufficient bandwidth to host services that won’t time out) to avoid complying with a completely legal warrant.

      Though even then since you’re an American the company can decide to cooperate with the FBI just to screw over an American citizen.

      1. Mike

        A visit to the local coffee shop solves every one of those problems

        1. O2sec

          Not really. Cameras, receipts, witnesses, logs from isp. Best bet would be vpn into Switzerland from a encrypted vm. Wipe vm when done.

  4. zeon

    If i read all comments,i see 98% got no idea even about notjing.
    so many uneducated

  5. somguy

    Typo in last bit of article before Eric Holder.

  6. J. Tate

    This is clearly an example of someone who was seeking 5Minutes of fame without a clear and concise understanding of the lanes between Grey and Fray.

  7. Stephen Northcutt

    I would vote for opt-in. In my experience as an executive in the cybersecurity business, some companies wanted to advertise the fact they used our services, others said mentioning them was forbidden. Let the customer decide.

  8. JCitizen

    As far as I’ve know, every since the FBI was created, the President has had free and open access to the Director for any reason. So I find it curious that simply talking to him is considered an impeachable offense. I realize of course that asking him to lay off a personal investigation is a no-no; but we will see. When you see what the FBI was doing to people like Dr. King in the past – this latest news is lame indeed. Just my opinion.

    Since Trump kept asking Comey if he was under investigation, I assume this was because he wanted to know this before asking any more questions. as continuing would be considered interference. It just makes sense despite the news media hype.

  9. Joshua

    Sounds like he was working for Rachael M. to me.

  10. Liam

    You’d think a private eye would have been a little more careful. That’s just crazy for someone in the profession to make a mistake like that.

  11. Liam

    Can’t believe a PI would make such a simple mistake. Hilarious.

Comments are closed.