US Visa Fraud and Instability of the Program Threatens America’s Critical Infrastructure

The Colorado Case Study

In the State of Colorado, what’s stopping these catastrophic security breaches from happening? The Corporate-State has effectively turned over the keys to America’s critical infrastructure to a foreign force larger than the entire U.S. Marine Corps—systematically replacing security-vetted American workers with indentured foreign servants whose privileged access is doled out by a federal bureaucracy that prioritizes corporate profits over national security.

Why is there not a larger sense of urgency that:

1. American Workers were systematically replaced, which alone should trigger immediate action, and
2. Our most precious data is now accessible to workers who, for myriad legitimate reasons, could access and dox every Colorado citizen, or worse.

The answer lies in a system designed to fail, where oversight is fragmented, accountability is nonexistent, and the very mechanisms meant to protect citizens have been compromised by corporate interests and regulatory capture. Colorado’s leadership operates in willful ignorance, preferring the illusion of cost savings over the reality of existential security threats.

The state’s legislative oversight committees focus on procurement rules and contract compliance while ignoring the fundamental question of who actually has administrative access to critical systems. The Office of Information Technology (OIT) maintains detailed procurement guidelines but has no obligation to monitor changes in visa status or to report when foreign workers are at risk of deportation. Whistleblower protection systems exist, but foreign workers fearing deportation cannot safely report security concerns without risking their ability to remain in the country.

Colorado’s major contractors, such as CGI Technologies and Solutions, which manage the state’s payroll system for 33,000 employees, are not required to report when their H-1B workforce faces visa uncertainty or when their employers are subject to fraud investigations. The state’s procurement manual contains detailed conflict-of-interest provisions but no security provisions addressing the insider threat created by foreign workers with privileged access whose legal status can change overnight.

This regulatory vacuum creates a perfect storm: displaced American workers who have every reason to be angry, foreign workers living in fear of deportation while maintaining system access, and a state government that has outsourced its security responsibilities to contractors with minimal oversight. The question isn’t whether this system will fail—it’s how much damage will be done before Colorado’s leadership acknowledges the threat they’ve created.

Foreign nationals with administrative access to critical infrastructure systems represent a documented security vulnerability. According to Department of Labor data, contractors managing state IT systems employ thousands of H-1B visa holders in roles that grant them privileged access. When visa enforcement actions increase or employers face fraud investigations, these workers may be subject to sudden deportation while still maintaining system access. This creates a situation in which workers with legitimate credentials but uncertain immigration status could pose an insider threat during periods of personal and professional instability.

This isn’t a hypothetical scenario. It’s happening across America, in every state, at defense contractors, cloud service providers, and IT staffing firms that manage our most sensitive infrastructure. And almost no one is discussing it.

The Workforce Nobody Sees

When Americans think about national security threats, they often imagine foreign hackers breaching firewalls or sophisticated nation-state cyber operations. What they don’t see is the army of foreign workers—many here through fraudulent visa schemes—who already have the keys to the kingdom. They don’t need to hack in. They’re already inside, managing the cloud infrastructure for state governments, maintaining systems for defense contractors, and administering the networks that run our military equipment.

The numbers tell a disturbing story. While historical USCIS data showed significant issues (a 2008 assessment found 13.4% confirmed fraud and 7.3% technical violations, totaling approximately 21%), current patterns are even more alarming. USCIS investigations in April 2023 revealed that 408,891 eligible H-1B registrations (53.9% of all eligible registrations) involved multiple submissions by different employers for the same beneficiaries—totaling over 400,000 registrations from nearly 100,000 individuals. This represented a dramatic increase from 165,180 multiple registrations in FY 2023. USCIS described the matter as involving “extensive fraud investigations” and initiated law-enforcement referrals for criminal prosecution. The Economic Policy Institute documents widespread wage theft and abuse in H-1B programs, though not all violations constitute outright fraud. Meanwhile, major IT staffing firms and consulting companies have built entire business models around placing foreign workers in critical infrastructure roles. Companies such as Tata Consultancy Services, Infosys, Cognizant, and numerous smaller “body shops” have become the invisible workforce managing the United States’ digital backbone.

In Colorado, major contractors managing state cloud infrastructure rely heavily on H-1B workers and foreign nationals. CGI Technologies and Solutions, which holds significant state contracts including a ten-year extension with Colorado Parks and Wildlife and the modernization of Colorado’s state payroll system serving 33,000 employees, exemplifies this industry-wide pattern. Nationally, CGI filed 2,503 labor condition applications for H-1B visas between 2022 and 2024, ranking 46th among all visa sponsors, with these workers placed on contracts across multiple states, including Colorado. This reflects a broader trend of IT outsourcing firms using H-1B workers for government contracts nationwide. Of the foreign workers that CGI has sponsored for permanent employment, 889 of 917 (97%) were from India. When state governments outsource their IT operations to save money, they often don’t realize they’re handing the keys to their entire digital infrastructure to a workforce that exists in legal limbo, vulnerable to sudden deportation, and in some cases, placed through fraudulent schemes.

The Fraud Foundation: Built on Lies

The H-1B visa program was designed to bring specialized talent to America when qualified U.S. workers couldn’t be found. In practice, it has become something far different—a pipeline for cheap labor that systematically displaces American workers while creating a shadow workforce with extraordinary access to sensitive systems.

The fraud isn’t subtle. Federal prosecutors have documented numerous cases of IT staffing companies engaging in systematic visa fraud. In Houston, consulting companies have admitted to conspiracies involving H-1B visa fraud. In Tracy, California, residents have been convicted on multiple counts of visa fraud. In San Jose, owners of technology staffing firms have been sentenced to prison for visa fraud schemes. The Department of Labor has recovered millions in stolen wages from companies that violated H-1B requirements.

These aren’t isolated incidents. They represent a systemic pattern of abuse that has created a workforce of vulnerable foreign nationals managing critical American infrastructure. The fraud typically works like this: staffing companies create fake job postings, fabricate client letters, place workers on “the bench” (keeping them idle while paying minimal wages), and shuffle them between projects to maintain visa status. Workers are instructed to misrepresent their qualifications, work locations, and job duties. They’re threatened with deportation if they complain about wage theft or working conditions.

The result is a workforce that exists in constant fear, dependent on employers who have already demonstrated their willingness to break the law, and managing systems that require the highest levels of trust and security clearance.

The Access Problem: Keys to the Kingdom

Understanding the security implications requires understanding what these workers actually do. They’re not just writing code or answering help desk tickets. They’re managing cloud infrastructure with root access. They’re administering Active Directory systems that control access to entire networks. They’re maintaining databases containing sensitive government information. They’re working on defense contracts with access to classified systems. They manage the infrastructure that supports military equipment and weapons systems.

Consider the typical access levels for cloud infrastructure administrators:

They can create, modify, and delete user accounts across entire systems. They can access databases containing sensitive personal information, financial records, and classified data. They can change security settings and disable monitoring systems. They can exfiltrate massive amounts of data without triggering immediate alarms. They can plant backdoors for future access. They can sabotage systems in ways that might not be discovered for months or years.

This isn’t theoretical. The Department of Defense’s guidance on insider threats acknowledges that individuals with privileged access pose the most significant risk to critical infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA) has repeatedly warned about insider threats to critical infrastructure, noting that trusted insiders with legitimate access can cause more damage than external attackers.

Yet despite these warnings, the government continues to allow contractors to staff critical infrastructure projects with foreign workers whose visa status is uncertain, whose background checks are minimal, and whose employers have documented histories of fraud.

The Instability Multiplier: When Desperation Meets Access

Here’s where the security threat becomes acute. A worker with stable employment and secure immigration status might be trustworthy. But what happens when that stability evaporates? What happens when visa programs face sudden crackdowns? What happens when employers face fraud investigations? What happens when workers receive deportation notices?

The insider threat literature is clear on this point: financial stress, job insecurity, and personal crises are among the strongest predictors of insider threat behavior. Workers facing deportation experience all three simultaneously. They’re about to lose their jobs, their homes, their children’s schools, and everything they’ve built in America. They’re desperate. And they still have access to the systems.

The Trump administration’s recent moves to crack down on H-1B visa abuse—including proposed fees of $100,000 per visa and increased fraud investigations—are necessary reforms. But they create a dangerous transition period. Thousands of workers who were placed through fraudulent schemes now face the prospect of sudden deportation. Their employers, facing massive fines and criminal prosecution, may collapse overnight. The workers themselves, many of whom were victims of the fraud schemes, are in an untenable situation.

This is the perfect recipe for retaliatory data exfiltration. A worker who knows he’s about to be deported has every incentive to take valuable data with him—either to sell to competitors, to use in his next job overseas, or simply out of anger at the system that exploited and then discarded him. The data he can access might include state government databases, defense contractor intellectual property, healthcare records, financial information, or classified military systems.

And here’s the terrifying part: he doesn’t need to be a spy or a criminal to pose this threat. He needs to be human, desperate, and angry. The security establishment focuses on detecting sophisticated nation-state actors and trained espionage agents. They’re not prepared for the threat posed by thousands of ordinary workers who suddenly find themselves with nothing to lose.

The Perfect Storm: Fraud Plus Access Plus Instability

The convergence of these three factors creates a security nightmare that should keep every CISO and government security official awake at night.

First, you have workers placed through fraudulent schemes. They were recruited by body shops that misrepresented their qualifications and job duties to the government. They were told to falsify their resumes and lie in visa interviews. They’ve been living in fear of discovery for years. They know their entire presence in America is built on fraud—fraud they may have participated in willingly or been coerced into by unscrupulous employers.

Second, these same workers have extraordinary access to critical infrastructure. They’re not working on isolated systems or non-sensitive projects. They manage cloud infrastructure for state governments. They’re administering networks for defense contractors. They’re maintaining systems that control military equipment. They have root access, administrative privileges, and the ability to exfiltrate massive amounts of sensitive data.

Third, the entire system is now unstable. Visa programs face crackdowns. Employers face fraud investigations. Workers face deportation. The legal and financial foundation that kept this workforce in place is crumbling. And as it crumbles, thousands of workers with access to America’s most sensitive systems are making desperate calculations about their futures.

This isn’t just about individual bad actors. It’s about systemic vulnerability. Even if ninety-nine percent of these workers are honest and would never dream of stealing data or sabotaging systems, the one percent who do pose an enormous threat. And the current system makes it almost impossible to identify who that one percent might be until it’s too late.

The Foreign Influence Factor: Nation-State Opportunities

The security threat becomes even more acute when foreign intelligence services are considered. China, Russia, and other adversaries have sophisticated operations targeting individuals with access to sensitive U.S. systems. They don’t need to recruit spies or plant agents. They need to identify vulnerable workers who are already inside.

A worker facing deportation is an ideal recruitment target. He’s desperate for money to support his family. He’s angry at the American system that exploited and then discarded him. He has access to valuable data. And he’s about to return to his home country, where foreign intelligence services can approach him with impunity.

The Chinese government has been particularly aggressive in this area. Recent indictments have charged Chinese nationals with state-backed hacking operations targeting U.S. critical infrastructure. The “Salt Typhoon” campaign compromised telecommunications networks. Chinese state-sponsored actors have maintained persistent access to U.S. networks for years. These are only the operations we know about.

However, these sophisticated hacking operations are expensive and risky. They require significant resources, leave forensic traces, and risk exposure. It’s much easier to approach a desperate H-1B worker who already has access to the systems you want to compromise. Offer him money to copy some databases before he leaves. Promise him a job in his home country if he plants a backdoor. Threaten his family if he refuses to cooperate.

The current system makes this kind of recruitment trivially easy. We’ve created a workforce of vulnerable foreign nationals with access to critical systems, minimal background checks, no continuous monitoring, and no support system when their visa status becomes uncertain. From a foreign intelligence perspective, it’s a target-rich environment.

The Colorado Case Study: A Microcosm of National Vulnerability

Let’s return to Colorado, where this threat isn’t theoretical—it’s operational. The state has outsourced significant portions of its IT infrastructure to contractors who rely heavily on H-1B workers and foreign nationals. CGI Technologies and Solutions, a major contractor, manages critical state systems, including the payroll system for 33,000 state employees and services for Colorado Parks and Wildlife. Between 2022 and 2024, CGI filed more than 2,500 H-1B visa applications, with 97% of its permanent employment sponsorships granted to Indian nationals. Other contractors provide IT staffing and support services across the state government with similar workforce compositions.

These workers have access to systems containing:

Personal information for millions of Colorado residents, including Social Security numbers, addresses, and financial data. State employee records, including background checks, security clearances, and personnel files. Public safety databases used by law enforcement agencies. Healthcare information from state-run programs. Financial systems managing billions in state funds. Infrastructure control systems for utilities and transportation.

When visa programs are subject to enforcement actions, workers managing critical systems experience sudden uncertainty regarding their employment and immigration status. Historical precedent shows that immigration enforcement can create workforce instability. Employers facing fraud investigations may cease operations, leaving workers unemployed while still maintaining system credentials. This combination of employment precarity and immigration uncertainty creates conditions that security experts identify as increasing the risk of insider threats.

How many of these workers might decide to copy databases before they leave? How many might plant backdoors for future access? How many might be approached by foreign intelligence services offering money or jobs in exchange for data? How many might sabotage systems out of anger at the system that exploited them?

We don’t know. And that’s the problem. The state has no visibility into this threat. Contractors aren’t required to report changes in visa status or fraud investigations. There’s no continuous monitoring of workers with privileged access. There’s no plan for what happens when workers face sudden deportation. The entire system operates on trust—trust repeatedly violated by documented fraud.

Colorado isn’t unique. Every state faces similar vulnerabilities. Every state has outsourced critical infrastructure to contractors who rely on H-1B workers. Every state has workers with privileged access whose visa status is uncertain. Every state is vulnerable to the perfect storm of fraud, access, and instability.

Defense Contractors: The Military Dimension

The threat extends beyond state governments to defense contractors managing military systems. The Department of Defense has implemented the Cybersecurity Maturity Model Certification (CMMC) program to protect sensitive defense information. But CMMC focuses primarily on technical controls—firewalls, encryption, and access logs. It doesn’t adequately address the insider threat posed by foreign workers with uncertain visa status.

Defense contractors face the same pressures as other employers. They want to reduce costs. They rely on IT staffing firms to provide workers. Those staffing firms, in turn, rely heavily on H-1B workers. The result is that foreign nationals, many placed through fraudulent schemes, gain access to defense systems and classified information.

The security clearance process is supposed to prevent this. But security clearances take months or years to obtain. In the meantime, contractors need workers. So they use foreign nationals for unclassified work—work that still involves access to sensitive systems, proprietary technology, and information that could be valuable to foreign adversaries.

Even when security clearances are required, the process has significant gaps. Background checks are point-in-time assessments. They don’t account for changes in circumstances—such as sudden visa issues or employer fraud investigations. Continuous monitoring programs exist, but are often inadequate. And the entire system assumes that workers will report security concerns—an assumption that breaks down when workers fear deportation.

The result is that defense contractors managing military equipment, weapons systems, and classified networks rely on a workforce whose loyalty and reliability cannot be assured. When visa programs face crackdowns, these workers face the same desperate calculations as their counterparts in civilian infrastructure. And the data they can access—military technology, weapons specifications, operational plans—is even more valuable to foreign adversaries.

The Policy Failure: A System Designed to Fail

How did we get here? How did America end up with a critical infrastructure workforce built on fraud, managed by contractors with minimal oversight, and vulnerable to sudden collapse?

The answer lies in a series of policy failures that have accumulated over decades.

First, the H-1B visa program itself is fundamentally broken. It was designed to bring specialized talent to America, but has been misused by staffing companies as a cheap labor pipeline. The fraud rate of twenty-one percent isn’t a bug—it’s a feature of a system that incentivizes fraud and provides minimal enforcement.

Second, government agencies have failed to enforce existing laws. The Department of Labor has documented widespread wage theft and visa violations, but lacks the resources to prosecute more than a tiny fraction of cases. The Department of Homeland Security has identified thousands of fraudulent visa applications, but allows most violators to remain in the country. The result is a system where fraud is rational—the benefits far outweigh the minimal risk of prosecution.

Third, contractor oversight is virtually non-existent. When government agencies outsource IT operations, they rarely ask about the visa status of the workers who will have access to their systems. They don’t require background checks beyond the minimum. They don’t demand continuous monitoring. They don’t have plans for what happens when workers face deportation. They trust that contractors will handle security appropriately—a trust repeatedly violated.

Fourth, the security clearance system is inadequate for the modern threat environment. It was designed for a world in which U.S. citizens performed sensitive work in secure facilities. It hasn’t adapted to a world in which critical infrastructure is managed by foreign nationals working remotely, in which cloud systems can be accessed from anywhere, and in which visa status can change overnight.

Fifth, there’s no coordination between immigration enforcement and security operations. When ICE launches a crackdown on visa fraud, nobody alerts the security teams at the agencies whose systems might be compromised by desperate workers facing deportation. When the Department of Labor investigates wage theft, no one considers the security implications for workers who have been exploited and might seek revenge. The left hand doesn’t know what the right hand is doing, and critical infrastructure security falls through the gap.

Real-World Implications: What’s at Stake

The consequences of this vulnerability extend far beyond abstract security concerns. Real systems, serving real people, are at risk.

State government systems contain personal information for hundreds of millions of Americans. A single disgruntled employee with database access could exfiltrate Social Security numbers, addresses, financial records, and health care information for entire states. This data could be sold on dark web markets, used for identity theft, or weaponized for blackmail and extortion.

Military systems managed by defense contractors contain specifications for weapons systems, operational plans, and classified information about capabilities and vulnerabilities. A worker facing deportation could copy this information and sell it to foreign governments, giving adversaries insights into American military technology that could take decades and billions of dollars to develop independently.

Healthcare systems managed by contractors contain medical records, insurance information, and personal health data for millions of Americans. This information is valuable not only for preventing identity theft but also for combating targeted influence operations. Foreign intelligence services could use healthcare data to identify individuals with medical conditions that make them vulnerable to recruitment or blackmail.

Financial systems managed by IT contractors control billions of dollars in transactions. A worker with access to these systems could manipulate transactions, steal funds, or sabotage the systems to create chaos. The 2008 financial crisis demonstrated how quickly financial system failures can cascade into broader economic disasters.

Infrastructure control systems for utilities, transportation, and communications are increasingly managed through cloud platforms administered by contractors. A worker with access to these systems could potentially disrupt power grids, transportation networks, or communications infrastructure. These aren’t hypothetical scenarios—they’re capabilities that exist today in the hands of workers whose visa status is uncertain.

The Human Element: Workers as Victims and Threats

It’s essential to recognize that many of the workers in this system are themselves victims. They were recruited by unscrupulous staffing companies that promised them the American dream. They were told to lie on their visa applications and falsify their qualifications. They were paid below-market wages and threatened with deportation if they complained. They’ve lived in fear for years, knowing that their entire presence in America is built on fraud.

These workers aren’t criminals or spies. They’re ordinary people trying to build better lives for themselves and their families. They accepted the offered positions, signed the provided contracts, and completed the assigned work. Many of them didn’t fully understand the fraud they were participating in until it was too late.

But victimhood doesn’t eliminate the security threat. A desperate victim with access to sensitive systems is still a security risk. A worker who has been exploited and faces deportation is still capable of retaliatory data exfiltration. Understanding the human dimension of this problem is vital for crafting solutions, but it doesn’t change the fundamental security calculus.

The current system creates a lose-lose situation. Workers are exploited and live in fear. American workers are displaced by cheaper foreign labor. Government agencies and contractors get unreliable security. And the American people are left vulnerable to data breaches, system sabotage, and foreign espionage.

Solutions: A Path Forward

Addressing this threat requires comprehensive reform across multiple dimensions.

First, immediate security measures must be implemented for critical infrastructure. Any worker with privileged access to sensitive systems should undergo continuous monitoring, not just point-in-time background checks. Visa status should be tracked in real time, with automatic alerts when workers face deportation or employers face fraud investigations. Access should be immediately revoked when visa status becomes uncertain. There should be mandatory transition plans for employees’ departures, ensuring that access is terminated and systems are secured.

Second, the H-1B visa program needs fundamental reform. The fraud rate of twenty-one percent is unacceptable. Enforcement must be dramatically increased, with mandatory prison sentences for visa fraud and immediate deportation for workers placed through fraudulent schemes. However, enforcement alone isn’t sufficient—the program itself must be restructured to eliminate incentives for fraud. This means higher wages for H-1B workers (eliminating the cheap-labor incentive), direct hiring rather than staffing company placement (eliminating the body-shop model), and portable visas that aren’t tied to specific employers (eliminating the coercive power that makes workers vulnerable).

Third, contractor oversight must be strengthened. Government agencies that outsource IT operations should be required to know who has access to their systems, the visa status of those individuals, and what happens when that status changes. Contractors should be required to report changes in visa status, fraud investigations, and any circumstances that could affect workers’ reliability. And there should be financial penalties for contractors who fail to maintain adequate security.

Fourth, the security clearance system must be modernized for the cloud era. Point-in-time background checks are insufficient when circumstances can change overnight. Continuous vetting programs should be expanded to cover all workers with privileged access to critical systems, not just those with formal security clearances. There should be better coordination between immigration enforcement and security operations to ensure security teams are alerted when workers face visa uncertainty.

Fifth, there must be a path forward for workers who were victims of fraud schemes. Many of these workers were recruited through deceptive practices and didn’t fully understand the fraud they were participating in. Simply deporting them all creates the maximum security risk—thousands of desperate workers with access to sensitive systems and nothing to lose. Instead, there should be a process for workers to come forward, report the fraud they experienced, and potentially obtain legal status in exchange for cooperation. This reduces the security threat while also providing justice for workers who were exploited.

Sixth, American workers must be protected and prioritized. The displacement of American workers by cheaper foreign labor isn’t just an economic issue—it’s a security issue. American workers with stable employment and no visa uncertainty pose far less security risk than foreign workers in legal limbo. Reforms should include more vigorous enforcement of the requirement to recruit American workers first, higher wages for H-1B positions (eliminating the cost advantage), and support for American workers to develop the skills needed for critical infrastructure roles.

The Urgency of Action

This isn’t a problem we can afford to ignore or defer. Each day, thousands of workers with uncertain visa status continue to have access to America’s most critical systems. Every day, more fraud is committed, more workers are placed in vulnerable positions, and more security risks accumulate. Every day, foreign intelligence services have opportunities to recruit desperate workers with access to sensitive data.

The recent moves to crack down on H-1B visa abuse are necessary and overdue. But they must be accompanied by immediate security measures to address the transition period. We cannot simply deport thousands of workers with access to critical systems without first securing those systems and ensuring that access is terminated correctly.

The stakes are enormous. We’re discussing the security of state government systems that serve hundreds of millions of Americans. We’re talking about defense contractors managing military equipment and weapons systems. We’re talking about healthcare data, financial systems, and infrastructure control systems. We’re talking about the digital backbone of American society.

The current system is a time bomb. It’s built on fraud, managed by contractors with minimal oversight, and vulnerable to sudden collapse. The question isn’t whether this vulnerability will be exploited—it’s when, and how much damage will be done before we act.

Conclusion: Protecting Workers and National Security

The intersection of immigration policy and national security creates complex challenges that don’t have simple solutions. But the current situation is untenable. We cannot continue to build our critical infrastructure on a foundation of fraud, exploitation, and legal uncertainty.

The path forward requires recognizing that protecting American workers and protecting national security are complementary, not competing, goals. A workforce of American citizens with stable employment and no visa uncertainty is inherently more secure than a workforce of foreign nationals in legal limbo. Reforms that prioritize American workers also enhance security.

Similarly, protecting foreign workers from exploitation isn’t just a matter of justice—it’s a security imperative. Workers who are treated fairly, appropriately paid, and have stable legal status are far less likely to pose security threats than workers who are exploited, underpaid, and face deportation.

The reforms outlined above would create a system that is more secure, more just, and more sustainable. They would protect American workers from displacement, foreign workers from exploitation, and critical infrastructure from the insider threats created by the current broken system.

But reform requires political will. It requires acknowledging that the current system has failed. It requires standing up to powerful corporate interests that profit from cheap foreign labor. It requires coordination across multiple government agencies that currently operate in silos. It requires acting with urgency before the time bomb explodes.

The invisible workforce managing America’s critical infrastructure won’t remain invisible forever. The question is whether we’ll address this vulnerability proactively through comprehensive reform or reactively after a catastrophic breach forces us to confront the consequences of our policy failures.

The choice is ours. But the clock is ticking.

---

Randell S. Hynes is a 33-year technology veteran, U.S. Army Veteran, and founder of the U.S. Workers Alliance. After being laid off at 63 and forced to train his foreign replacement, he has dedicated himself to exposing the exploitation of American workers while advocating for reforms that protect workers’ rights and keep Americans safe.