Contents
- Purpose
- Methodology
- Governance & Sensitive Documents
- Personnel & PII Exposure
- Financial Documents
- Wayback Machine Archive
- Certificate Transparency
- Infrastructure & Technical Surface
- Funding & Contract Records
- Legal & Regulatory Records
- Disaster & Environmental
- Media & Public Narrative
- Risk Summary
- Recommendations
- What This Means
Purpose
This audit maps the publicly indexed digital footprint of the Crow Creek Sioux Tribe across federal agency databases (BIA, IHS, EPA, HHS, DOJ, DOI, FEMA, USDA), certificate transparency logs, the Wayback Machine, federal court records, USASpending, and the entity's own web properties.
What can anyone with a search engine learn about your organization in 30 minutes?
For a federally recognized tribe, the digital footprint extends far beyond the tribal website. Every federal grant, disaster declaration, gaming compact, court filing, and NAGPRA consultation creates a public record on a server the tribe does not control. This audit maps those records so the tribe can understand what picture they create when assembled.
Methodology
Data sources queried across 8 parallel research vectors:
| # | Vector | Sources |
|---|---|---|
| 1 | Advanced Search (Dorking) | Google operators across BIA, IHS, EPA, HHS, DOJ, DOI, Congress, Federal Register, tribal domains |
| 2 | Wayback Machine | CDX API for crow-creek.org, crowcreekwildlife.net, crowcreekenrollment.com, hunkpatioyate.org |
| 3 | Certificate Transparency | crt.sh queries for all four domains |
| 4 | Funding & Contracts | USASpending, HHS TAGGS, GovTribe, HigherGov, FPDS |
| 5 | Legal & Regulatory | NARF/NILL, Justia, CourtListener, JudyRecords, Federal Register |
| 6 | Infrastructure | DNS records, hosting detection, security headers |
| 7 | Disaster & Environmental | FEMA API, USGS stations, EPA facility registry, brownfields |
| 8 | Media & Narrative | News, tribal media (Indianz, ICT, Native News Online), Federal Register |
Governance & Sensitive Documents
| # | Document | Hosted On | Risk | Notes |
|---|---|---|---|---|
| 1 | hunkpatioyate.org (compromised) | hunkpatioyate.org | HIGH | Domain serving French-language spam; CMS hack or domain lapse; previously hosted enrollment pages and community directory |
| 2 | ContactOut employee scraping | contactout.com | MEDIUM | Tribal employee names, titles, and @crowcreekconnections.org emails aggregated without consent |
| 3 | Tribal Constitution PDF | sdtribalrelations.sd.gov | LOW | Full text hosted on South Dakota state server |
| 4 | IRA Constitution (OU Thorpe Collection) | thorpe.law.ou.edu | LOW | IRA-era constitution and bylaws at University of Oklahoma digital collection |
| 5 | Gaming Compact (2017) | bia.gov | MEDIUM | Full operational terms: 500 slot machines, wager limits, second location, 10-year term |
| 6 | COPS Law Enforcement MOU | cops.usdoj.gov | LOW | Law enforcement grant agreements and hiring terms |
| 7 | GAO Compensation Analysis | govinfo.gov | LOW | Federal analysis of Pick-Sloan dam compensation claims ($105.9M in 2003 dollars) |
Assessment: MEDIUM
Summary: The most critical finding is the apparent compromise of hunkpatioyate.org. Governance documents are distributed across servers the tribe does not control. No internal or confidential documents were found exposed.
Personnel & PII Exposure
| # | Document | Hosted On | Risk | Notes |
|---|---|---|---|---|
| 1 | ContactOut employee profiles | contactout.com | MEDIUM | Names, titles, and @crowcreekconnections.org emails scraped and resold |
| 2 | WordPress author page | Wayback Machine | LOW | Site administrator username (jmason) exposed |
Assessment: MEDIUM
Summary: No member enrollment data or salary schedules found. ContactOut scraping is the primary PII concern.
Financial Documents
| # | Document | Hosted On | Risk | Notes |
|---|---|---|---|---|
| 1 | USASpending Recipient Profile | usaspending.gov | MEDIUM | Complete federal award history; UEI W83DYN8U2A21 |
| 2 | IHBG Formula FY2025 | ihbgformula.com | MEDIUM | $2,159,982/yr; 198 Low Rent units across 9 projects |
| 3 | HigherGov Profile | highergov.com | MEDIUM | Registration, NAICS codes, award history aggregated |
| 4 | GovTribe Profile | govtribe.com | MEDIUM | Federal contracting history aggregated |
| 5 | Infrastructure Trust Fund Act | congress.gov | LOW | $27.5M congressional authorization |
Assessment: MEDIUM
Summary: No internal budgets or salary schedules found. Federal funding portfolio is substantially reconstructable through public databases.
Wayback Machine Archive
| Metric | Value |
|---|---|
| Total unique pages archived | 531 (across 3 domains) |
| Total unique PDFs archived | 1 |
| Earliest snapshot | 2021-11-27 |
| Most recent snapshot | 2026-01-28 |
| Hosting platforms detected | WordPress, GoDaddy Website Builder, WordPress.com |
| # | Notable Path | Type | Notes |
|---|---|---|---|
| 1 | CCST Enrollment Application | Tribal enrollment application form | |
| 2 | Community Resource Directory | Directory | 30+ tribal service entries |
| 3 | Community Phonebook | Directory | 55+ entries including casino, hospitals, utilities |
| 4 | wp-admin login assets | Admin | WordPress 6.8.1 confirmed |
| 5 | crowcreekenrollment.com | Domain | Zero Wayback coverage — never archived |
Assessment: LOW
Summary: Modest archived footprint with only 1 PDF. Community directory and phonebook remain accessible in archive.
Certificate Transparency
| Property | Value |
|---|---|
| Total certificates found | ~55 across all domains |
| Certificate issuers | Let's Encrypt, GoDaddy Secure CA G2, Sectigo, Google Trust Services |
| Earliest certificate | 2020-07-17 |
| Most recent certificate | 2026-04-02 |
| Wildcard certs | Yes — *.hunkpatioyate.org |
| Renewal pattern | 90-day automated (Let's Encrypt) |
Subdomains Discovered
| # | Subdomain | Notes |
|---|---|---|
| 1 | mail.hunkpatioyate.org | Email server |
| 2 | webmail.hunkpatioyate.org | Webmail interface (cPanel) |
| 3 | cpanel.hunkpatioyate.org | cPanel admin interface exposed |
| 4 | autodiscover.hunkpatioyate.org | Email autodiscovery |
| 5 | webdisk.hunkpatioyate.org | cPanel WebDisk file manager |
| 6 | cpcalendars.hunkpatioyate.org | cPanel calendars |
| 7 | cpcontacts.hunkpatioyate.org | cPanel contacts |
| 8 | pay.crowcreekwildlife.net | Payment portal (GoDaddy/Poynt) |
Assessment: MEDIUM
Summary: Four domains across four hosting providers and three CAs. Exposed cPanel subdomains represent a notable attack surface.
Infrastructure & Technical Surface
| Property | crow-creek.org | crowcreekwildlife.net | crowcreekenrollment.com | hunkpatioyate.org |
|---|---|---|---|---|
| Hosting | HostGator (Apache) | GoDaddy Website Builder | WordPress.com | IONOS / Cloudflare |
| Domain type | .org | .net | .com | .org |
| None configured | Microsoft 365 | None configured | HostGator self-hosted | |
| CDN/Proxy | None | AWS Global Accelerator | Automattic CDN | Cloudflare |
| Security headers | None | HSTS + CSP | HSTS | None |
| Last updated | Dec 7, 2025 (stale) | Active | Active | Apr 9, 2026 |
Key findings:
- No .gov or .nsn.gov domain despite federal recognition eligibility
- No DKIM records on any domain
- Primary site stale since December 2025
- crowcreekenrollment.com appears to be a personal WordPress.com account
- 13 subdomains discovered across all domains
Assessment: MEDIUM-HIGH
Summary: Fragmented web presence across four hosting platforms with no centralized IT governance. Consistent with ad-hoc IT managed by multiple individuals.
Funding & Contract Records
USASpending Recipient Profile: CROW CREEK SIOUX TRIBE (UEI: W83DYN8U2A21 | CAGE: 1QN83)
| # | Record | Amount | Agency | Notes |
|---|---|---|---|---|
| 1 | IHBG Formula FY2025 | $2,159,982/yr | HUD | 198 Low Rent units across 9 projects |
| 2 | Infrastructure Trust Fund | $27,500,000 cap | Treasury/DOI | Pick-Sloan compensation; ~$1.4M annual interest |
| 3 | Big Bend Dam Reimbursement | $29,500,000 | Army Corps | Restricted account; interest-only access |
| 4 | HUD ICDBG | $2,000,000 | HUD | December 2024; Fort Thompson infrastructure |
| 5 | SAMHSA Suicide Prevention | $1,429,489 | HHS/SAMHSA | 3-year; youth ages 12-24 |
| 6 | BIA Fire Recovery | $1,400,000 | DOI/BIA | Crow Creek High School fire damage |
| 7 | SMSC Farm Grant | $650,000 | Private | Total SMSC support: ~$5.35M |
| 8 | DOJ COPS Grants | $621,914 | DOJ/COPS | OIG: $262,581 unsupported costs |
Subsidiary entities: Crow Creek Housing Authority, Lode Star Casino, Native American Telecom LLC, Big Bend Farm Corp, Hunkpati Processors, Hunkpati Investments (CDFI), Harvest Initiative, CCST Environmental Programs, Guided Hunting
Assessment: MEDIUM-HIGH
Summary: Federal funding portfolio reconstructable. Annual federal inflow likely $5-10M from formula programs alone, plus episodic discretionary awards. Nine subsidiary entities expand the footprint.
Legal & Regulatory Records
Legal Code
| # | Resource | Source | Scope | Notes |
|---|---|---|---|---|
| 1 | Tribal Law Gateway | narf.org | Full index | Main portal for all CCST legal materials |
| 2 | Tribal Code Index | narf.org | 18 chapters | Full text withheld by tribal decision |
| 3 | Tribal Constitution | sdtribalrelations.sd.gov | Full text | Constitution and bylaws (PDF) |
| 4 | USDA Tribal Hemp Plan | ams.usda.gov | Regulatory | USDA-approved hemp production plan |
Key Litigation
| # | Case | Type | Notes |
|---|---|---|---|
| 1 | CCST v. United States (2017) | Takings/water rights | Sought $200M; dismissed |
| 2 | CCST v. Brownlee (2003) | Land transfer | Pick-Sloan lands challenge |
| 3 | CCST v. BIA-OJS (2025) | FOIA | Won $26,674 attorney's fees |
Assessment: LOW
Summary: Tribal code withheld by choice — a deliberate exercise of data sovereignty. Litigation is typical of a Missouri River tribe. No adverse regulatory findings.
Disaster & Environmental
FEMA Declarations (Tribal-Specific)
| # | Declaration | Date | Type | Notes |
|---|---|---|---|---|
| 1 | FEMA-4527-DR | 2020-04-05 | COVID-19 | Still open |
| 2 | FEMA-4233-DR | 2015-07-30 | Storms/flooding | Closed 2020 |
| 3 | FEMA-1774-DR | 2008-07-09 | Storms/flooding | Closed 2013 |
| 4 | FEMA-1702-DR | 2007-05-22 | Tornadoes/flooding | Tornado damage |
| 5 | FEMA-3475-EM | 2020-03-13 | COVID-19 emergency | Closed 2021 |
County-level: 15+ additional declarations for Buffalo County (1969–2024), including 2024 1,000-year flood (FEMA-4807-DR).
Tribal environmental monitoring: 2 water quality stations (STORET), 10 real-time air quality sensors, active brownfield program with EPA Region 8.
Assessment: MEDIUM-HIGH
Summary: Substantial disaster history dominated by flooding and storms. Nearly all declarations provide only PA (not IA). Tribe operates own environmental monitoring, more sophisticated than many comparable tribes.
Media & Public Narrative
| # | Story | Date | Publication |
|---|---|---|---|
| 1 | Chairman opposes USDA SNAP/WIC cuts | 2025-10 | SDPB |
| 2 | MMIP walk raises gun violence awareness | 2025-08 | SD Searchlight |
| 3 | Bishop apologizes for boarding schools | 2025-10 | Episcopal News |
| 4 | State-tribal relations shift post-Noem | 2026-01 | SD News Watch |
| 5 | Tribe bans Gov. Noem | 2024-05 | Dakota News Now |
| 6 | Security task force disbanded | 2024-07 | SD Searchlight |
| 7 | Highway Patrol partnership expanded | 2024-08 | SD Searchlight |
| 8 | Broadband initiative ($25M) | 2024-03 | KXLG |
Leadership: Chairman Peter Lengkeek (since 2020; DV/SA Prevention Specialist, NIWRC speaker)
Assessment: MEDIUM
Summary: Public safety crisis plus economic diversification. Chairman Lengkeek is the sole consistent public voice. No council minutes published online.
Risk Summary
Scorecard
| Category | Assessment |
|---|---|
| Governance & Documents | MEDIUM |
| Personnel & PII | MEDIUM |
| Financial Documents | MEDIUM |
| Wayback Archive | LOW |
| Certificate Transparency | MEDIUM |
| Infrastructure | MEDIUM-HIGH |
| Funding & Contracts | MEDIUM-HIGH |
| Legal & Regulatory | LOW |
| Disaster & Environmental | MEDIUM-HIGH |
| Media & Narrative | MEDIUM |
Recommendations
Immediate Actions
- Investigate hunkpatioyate.org — The domain appears compromised. Audit the WordPress database for exposed enrollment data and community directory records. Secure or reclaim immediately.
- Request removal from ContactOut — Tribal employee data is being scraped and resold. Submit a removal request and harden DMARC/SPF.
- Add DKIM records — No domain currently has DKIM. This enables email spoofing.
- Secure cPanel subdomains — cpanel., webmail., and webdisk. on hunkpatioyate.org are publicly exposed.
Ongoing Monitoring
- Set up Google Alerts for "Crow Creek Sioux Tribe" to track new third-party documents
- Monitor crt.sh for unexpected certificate issuance
- Periodically check Wayback Machine for newly archived sensitive content
Strategic Considerations
- Apply for a .gov domain — Eligible as a federally recognized tribe; significantly higher trust authority
- Consolidate web infrastructure — Four domains on four platforms creates unnecessary attack surface
- Understand USASpending exposure — The entire federal funding portfolio is publicly reconstructable
What This Means
Data sovereignty is not only about what data you collect. It is about knowing where your data already lives, who else can find it, and what decisions it enables them to make.
The Crow Creek Sioux Tribe's digital footprint is primarily written by federal agencies — BIA, HUD, FEMA, EPA, USDA, DOJ — on servers the tribe does not control. Every grant award, disaster declaration, gaming compact, and court filing adds to a publicly readable profile that reveals the tribe's budget, infrastructure vulnerabilities, legal framework, and organizational structure.
Understanding this footprint is the first step toward managing it.