Luke Rosiak on September 26, 2017
Democratic congressional aides made unauthorized access to a House server 5,400 times and funneled “massive” amounts of data off of it. But there’s nothing to see here, Democrats told the Washington Post: They were just storing and then re-downloading homework assignments for Imran Awan’s elementary-school aged kids and family pictures.
A congressional source with direct knowledge of the incident contradicted the Post’s account, saying that now-indicted IT aide Imran Awan and his associates “were moving terabytes off-site so they could quote ‘work on the files’” and that they desperately tried to hide what was on the server when caught, providing police with what law enforcement immediately recognized as falsified evidence and an indication of criminal intent.
A terabyte is a million megabytes; a terabit is about one-tenth of that. Awan’s three children are in elementary school or younger. A book report in Word document format could clock in at under a megabyte, even if it were 100 pages long. To fill a terabyte with family photos, a person would need 250,000 photos.
Rules aside, there would be little reason for a staffer to upload his children’s homework and family photos to a congressman’s server. For one, cloud services such as Google Drive and Google Photos readily provide that functionality, with a web interface. The congressional computer was a server with no monitor, so you couldn’t view the photos on it, and they had to have been uploaded onto it by another computer. It makes little sense that Awan would upload personal data from a home computer onto a House server only to re-download it.
Awan’s wife, Hina Alvi, was the sole person that was supposed to be authorizing the Caucus server, and she could have uploaded pictures of her children without attracting attention.
Yet she accessed it only 300 times as part of her job, while other people — including Awan’s two brothers and his friend Rao Abbas — accessed it 5,400 times. It’s unclear why extended family and friends would be uploading Awan’s kids’ homework and pictures more than their own mother would.
The Post did not note the “massive” outgoing data and unauthorized access until the 40th and 42nd paragraphs of its story, after it had quoted multiple defense attorneys and ventured into a lengthy and seemingly irrelevant but humanizing backstory on Awan’s childhood.
Its print headline was “Evidence Far Exceeds Intrigue” in the probe, yet it quoted only a congressional staffer who, TheDCNF’s congressional source said, would not have been able to make assurances that there was nothing to the criminal investigation, because Congress has been fire walled from the criminal probe since it was turned over.
The Post also did not specify that data was also being backed up online via unofficial Dropbox accounts. Wasserman Schultz has acknowledged that the accounts were used for congressional data, and that she has used the service in violation of House rules “for years.”
The server was under the auspices of Xavier Becerra, who left Congress Jan. 24 to become California attorney general and asked for the server to be wiped at that time. Police first asked for a copy and received what they identified as an elaborately falsified image, leading police to ban them from the network immediately because they viewed it as an attempt to tamper with a criminal investigation and an indication of clear criminal intent, TheDCNF reported before the Post story ran. The Awans were banned from the House network Feb. 2.
The Post reported:
By midsummer , with the approval of the House Administration Committee, the Inspector General’s Office was tracking the five employees’ logins. In October, they found “massive” amounts of data flowing from the networks they were accessing, raising the possibility that an automated program was vacuuming up information, according to a senior House official familiar with the probe.
Initially, investigators could not see precisely what kind of data was moving off the server due to legal protections afforded by the Constitution’s “speech and debate” clause, which shields lawmakers’ deliberations from investigators’ eyes.
Investigators found that the five IT employees had logged on at one server for the Democratic Caucus more than 5,700 times over a seven-month period, according to documents reviewed by The Post. Alvi, the only one of the five who was authorized to access that server, accounted for fewer than 300 of those logins, documents show.
The invocation of “speech and debate” suggests that Democrats barred law enforcement from looking at the apparent data breach. The Post — which has highlighted the importance of cybersecurity and the intolerability of hacks on government — suggested finding any of this odd would be “unfounded conspiracy theories and intrigue.”
Yet, according to a senior congressional official familiar with the probe, criminal investigators have found no evidence that the IT workers had any connection to a foreign government. Investigators looking for clues about espionage instead found that the workers were using one congressional server as if it were their home computer, storing personal information such as children’s homework and family photos, the official said.
There are indications that Awan is less than a doting family man, and that he would use his congressional position for ill. Three women have called police on him in the last three years. One is his stepmother, Samina Gilani, who said she was kept “in captivity.” In court documents, she alleged: “Imran Awan threatened that he is very powerful and if I ever call the police [he] will do harm to me and my family members back in Pakistan and one of my cousins here in Baltimore … Imran Awan did admit to me that my phone is tapped and there are devices installed in my house to listen my all conversations … Imran Awan introduces himself as someone from U.S. Congress or someone from federal agencies.”
A second told police she felt “like a slave,” and a third said she “just wanted to leave.” The latter two were apparently in romantic relationships with Awan, who lived in small apartments in Alexandria, Va. that he paid for while he lived with his wife.
Awan began selling off many of the multiple houses that his family owns around the time he learned he was subject of the cybersecurity probe, and wired money to Pakistan, resulting in Awan and his wife being indicted for bank fraud.
The Post confirmed that Democratic IT aides had no experience, such as Rao Abbas, who worked at McDonald’s. But it did not mention that an Iraqi politician tied to Hezbollah sent $100,000 to a company the family set up while working for Congress, and that Awan had a secret account unknown to authorities, [email protected], that was tied to the name of an intelligence specialist working for Rep. Andre Carson of Indiana. The intelligence specialist denies knowing anything about the account.