Between 2010 and 2012, according to the Department of Justice, a US citizen and an Indian resident—acting as contractors for the US Defense Department—took thousands of sensitive files, tried to use them to win business from military manufacturers in the Middle East and South Asia, and sold the Defense Department faulty plane parts that forced the grounding of 47 fighter jets.

They did so using a very simple trick: Set up shell companies based in the United States—which requires less personal information than obtaining a library card—and pretend you’re a domestic company in order to pick up lucrative Defense Department contracts intended for US manufacturers. It turns out this is common practice.

The case, which ultimately led to the jailing of a 53-year-old woman from New Jersey, is one of 32 cited in a Government Accountability Office (GAO) study released this week. The study details how dubious Defense contractors pose a national security risk by committing a litany of crimes using anonymous shell companies. The Defense Department, the study revealed, either paid or lost at least $875 million to fraudulent contractors in those cases alone.

Defense contracts make up about two-thirds of all gigs handed out by the federal government, according to the GAO. Last year, it gave out 570,000 new contracts worth $350 billion.

In the New Jersey example, shell companies masked the fact that the business was actually based in India. The US citizen, Hannah Roberts, passed the Defense documents she was able to obtain as an approved contractor to her accomplice by uploading the thousands of files onto the password-protected website of the church where she volunteered. Roberts then handed over the password to the Indian resident, identified only as P.R. in court documents. P.R. then set about merrily downloading drawings of parts used in nuclear submarines, military attack helicopters, and F-15 fighter aircraft.

They used this valuable data to pitch for work with a contractor who said they were working for the United Arab Emirates’ military, and another who procured equipment for someone in Pakistan. As part of their actual contract, Roberts and P.R. sent defective plane parts from India to the United States, forcing the grounding of the fighter jets and costing the Defense Department more than $150,000, according to court documents.

Roberts eventually pled guilty to violating the Arms Export Control Act. Hers was one of four cases cited in the GAO report in which foreign companies hid behind US shell companies to bid on defense contracts. In another case, a Turkish citizen fraudulently obtained 346 contracts worth about $7 million for parts made in Turkey, some of which were faulty and deemed unusable, the Justice Department said.

Government Accountability Office

Foreign firms weren’t the only ones defrauding the US government using shell companies. American crooks, too, found ways to use shell companies to game the Defense Department out of millions of dollars.

In one example, executives used fake companies to create “the appearance of competition” by submitting very high phony bids, making the real company’s expensive bid seem more reasonable, according to the report. The scheme lost the Defense Department almost $35 million. The GAO analyzed 2,700 other tenders to judge whether this was a one-off. It found 16 other bidders who were potentially related to someone else bidding on the same contract.

The report also cited a case where contractors pretended to buy goods from shell companies that they also owned, in order to inflate the final price. They ended up paying $434 million in criminal penalties.

There were 20 cases in which contractors used front companies to win contracts intended either for disabled veterans, women, minorities, or economically disadvantaged business owners. They would place someone who fit one of those categories as the figurehead of a shell company, and then make a fortune from the work while that person was barely involved. In one case, two contractors won more than $200 million in awards through this scheme, the GAO said.

Government Accountability Office

The problem with shell companies

It’s not just the Defense Department that is falling victim to shady shell companies. These fronts, which are now afforded a shocking degree of anonymity, are used for all manner of criminal activity, including human trafficking, terrorism financing, and arms smuggling.

This week’s GAO report further highlights the urgent need to crack down on these secretive shell companies, said Clark Gascoigne, deputy director of the Financial Accountability and Corporate Transparency (FACT) Coalition.

“The United States is currently the easiest place in the world to incorporate an anonymous shell company to launder the proceeds of crime and corruption with impunity,” Gascoigne wrote in an email to Quartz. “From examples of fraud to espionage threats, GAO’s report adds to the mountain of evidence demonstrating that corporate secrecy endangers our national security.”

A large bipartisan majority of the House of Representatives recently passed a bill that would help end corporate anonymity in the United States by forcing shell companies to disclose their real owners to law enforcement. Gascoigne, who is lobbying for the bill, called for senators “to step up and listen to the national security community” by passing a companion bill for the president to sign into law.