Luke Rosiak – Investigative Reporter on 9/12/17
A secret server is behind law enforcement’s decision to ban a former IT aide to Democratic Rep. Debbie Wasserman Schultz from the House network.
Now-indicted former congressional IT aide Imran Awan allegedly routed data from numerous House Democrats to a secret server. Police grew suspicious and requested a copy of the server early this year, but they were provided with an elaborate falsified image designed to hide the massive violations. The falsified image is what ultimately triggered their ban from the House network Feb. 2, according to a senior House official with direct knowledge of the investigation.
The secret server was connected to the House Democratic Caucus, an organization chaired by then-Rep. Xavier Becerra. Police informed Becerra that the server was the subject of an investigation and requested a copy of it. Authorities considered the false image they received to be interference in a criminal investigation, the senior official said.
Data was also backed up to Dropbox in huge quantities, the official said. Congressional offices are prohibited from using Dropbox, so an unofficial account was used, meaning Awan could have still had access to the data even though he was banned from the congressional network.
Awan had access to all emails and office computer files of 45 members of Congress who are listed below. Fear among members that Awan could release embarrassing information if they cooperated with prosecutors could explain why the Democrats have refused to acknowledge the cybersecurity breach publicly or criticize the suspects.
House Democrats employed Awan and four family members for years as IT aides. After learning of the House probe, Awan and his wife, Hina Alvi, frantically transferred money to accounts in their native Pakistan.
Awan and Alvi were indicted in August on fraud charges related to the transfers, but they have not yet been charged with criminal cybersecurity violations partly because some of the 45 Democrats have been passive about helping build the case, the House official said.
Each House member’s data is supposed to be stored on his own server, but Imran moved files to a computer that was only supposed to hold the files of the administrative office of the Democratic Caucus, the senior official said.
In the spring of 2016, House administrators became aware that the Awans were allegedly falsifying purchase orders. They followed the trail and found that the misconduct extended to a major cybersecurity breach.
On Jan. 24, 2017, Becerra vacated his congressional seat to become California’s attorney general. “He wanted to wipe his server, and we brought to his attention it was under investigation. The light-off was we asked for an image of the server, and they deliberately turned over a fake server,” the senior official said.
“They were using the House Democratic Caucus as their central service warehouse … It was a breach. The data was completely out of [the members’] possession. Does it mean it was sold to the Russians? I don’t know,” the senior official said.
Capitol Police considered the image a sign that the Awans knew exactly what they were doing and were going to great lengths to try to cover it up, the senior official said. The House Sergeant-at-Arms banned them from the network as a result.
The senior official said the data was also funneled offsite via a Dropbox account, from which copies could easily be downloaded. Authorities could not immediately shut down the account when the Awans were banned from the network because it was not an official account.
“For members to say their data was not compromised is simply inaccurate. They had access to all the data including all emails. Imran Awan is the walking example of an insider threat, a criminal actor who had access to everything,” the senior official said.
The executive director of the Democratic Caucus was Sean McCluskie, who was Becerra’s chief of staff and is now chief deputy attorney general of California. McCluskie did not return TheDCNF’s repeated requests for comment.
Despite Democrats’ acute awareness of the importance of cybersecurity after the Democratic National Committee’s emails appeared on Wikileaks in July 2016, the employing members have gone to great lengths to avoid condemning Awan or have said nothing about whether they checked their office data’s security following the breach.
“After being notified by the House Administration Committee, this individual was removed from our payroll. We are confident that everything in our office is secure,” a spokesman for Michigan Democratic Rep. Sander Levin told TheDCNF in February. Levin’s chief of staff Nick Gwyn refused this week to square the assessment with the secret server and Dropbox arrangement.
A spokesman for Ohio Democratic Rep. Marcia Fudge said in August that she terminated Awan after learning of the criminal investigation but claimed “there’s no indication that he stole information or did anything inappropriate.” Fudge’s spokesman would not clarify the August statement this week.
Since Fudge and other members have not acknowledged that the breach occurred, there is no reason to think they took action to investigate where their data might have gone and mitigate any harm to constituents and others.
Wasserman Schultz has acknowledged that chiefs of staff were informed that the Awans were under investigation for what she characterized as “data transfer violations.” She refused to fire Awan even after he was banned from touching official computers, and she used a May 17, 2017, budget hearing with the House Chief Administrative Officer to attack authorities for not stopping her from breaking the Dropbox rule.
“I am more than happy to admit that I use Dropbox. I have used it for years and years and years. It is not blocked. I am fully able to use it,” she said. Administrators told her they had clearly communicated the rules to IT aides, but instead of faulting Awan for not following them, Wasserman Schultz lashed out at the House for “just lobbing e-mail into a tech person’s inbox.”
The senior official said the Awans’ enterprise-scale use of Dropbox was not the casual use of a popular consumer application, but the funneling of huge quantities of data offsite where it could not be taken back by House authorities.
Becerra was one of five members who first hired Awan in 2004, his first year on the Hill. Only two of the five — Rep. Gregory Meeks of New York and Becerra — remained in office through 2016, and each of them later put two of Awan’s relatives on their payrolls as well, including his wife Alvi and brother Abid.
When Becerra became chairman of the Democratic Caucus in 2013, that office began paying Alvi $25,000 to $30,000 a year in addition to the payments from Becerra’s personal office, meaning he was responsible for far more of the payments to the Awan family than any other member.