Replies

HAT TIP LUKE ROSIAK, Daily Caller Investigative Reporter

House investigators concluded that Paki Democratic IT aides made unauthorized access to congressional servers in 2016, allegedly accessing the data of members for whom they did not work, logging in as members of Congress themselves, and covering their tracks, according to a presentation summarizing the findings of a four-month internal probe.

Their behavior mirrored a “classic method for insiders to exfiltrate data from an organization,” and they continued even after orders to stop, the briefing materials allege. There are indications that numerous members’ data may have been secretly residing not on their designated servers, but instead aggregated onto one server, according to the briefing and other sources. Authorities said that the entire server was then physically stolen.

When acting on the findings, Democratic leadership appear to have misrepresented the issue to their own members as solely a matter of theft, a comparison of the investigators’ findings with Democrats’ recollections and a committee’s public statement shows, leading 44 Democrats to not conduct protective measures typically taken after a breach — including informing constituents whose personal information may have been exposed. (A list of the involved members is below.)

The presentation, written by the House’s Office of the Inspector General, reported under the bold heading “UNAUTHORIZED ACCESS” that “5 shared employee system administrators have collectively logged into 15 member offices and the Democratic Caucus although they were not employed by the offices they accessed.”

It found indications that a House “server is being used for nefarious purposes and elevated the risk that individuals could be reading and/or removing information” and “could be used to store documents taken from other offices.” The server was that of the House Democratic Caucus, a sister group of the DNC that was run at the time by then-Rep. Xavier Becerra.

The aides named are Imran Awan, his wife Hina Alvi, his brothers Abid and Jamal, and his friend Rao Abbas, Pakistani-born aides whose lives are filled with reason for concern. Abid’s Ukranian wife Natalia Sova and Haseeb Rana were also involved in the Awans’ activities but departed the House payroll prior to the investigation.

One systems administrator “logged into a member’s office two months after he was terminated from that office,” the investigative summary says. While the rules could have been violated for some innocuous purpose, the presentation indicates that is unlikely: “This pattern of login activity suggests steps are being taken to conceal their activity.” A second presentation shows that shortly before the election, their alleged behavior got even worse. “

During September 2016, The Awans continued to use Democratic Caucus computers in anomalous ways:

<><> Logged onto laptop as system administrator
<><> Changes of identity
<><> logging onto Becerra’s Democratic Caucus server using 17 different user account credentials
<><> Some of the credentials belonged to Members
<><> The shared employee did not work for 9 of the 17 offices to which these user accounts belonged.”
<><> The investigation found “possible storage of sensitive House information outside the House
<><> Dropbox is installed on two Caucus computers used by the shared employees.
<><> Two user accounts had thousands of files in their Dropbox folder on each computer.”
<><> Using Dropbox is against House rules because it uploads files offsite.
<><> The Wash/Po reported “Based on the file names, some of the information is likely sensitive.”
<><> clean up post-Awans discovered many computers were set up to be nothing more than “thin clients” that were portals to an outside computer.
<><> The Awans were using terminal servers from a computer in a different location.
<><>Virtual Private Networks can also make a server’s hard drive appear to be local to a computer.
<><> remote sessions remained active for months at a time.
<><> data was always out of [the members’] possession
<><> the Awans were using the House Democratic Caucus as their central service warehouse.
<><> the Awan clan collectively logged onto Becerra’s Caucus system 5,735 times, some 27 times per day
<><> other Democrat offices were accessed in total less than 60 times.
<><> the pattern of login activity suggests steps were taken to conceal their activity
<><>aggregation of multiple members’ data would mean all that data was absconded with
<><> authorities said that Becerra’s entire Democratic Caucus server physically disappeared as it was being monitored by L/E.
<><> no scenario exists where the Awan clan’s access was appropriate
<><> House members are not allowed to accept services from people not on their payroll
<><> House employees are not permitted to log in to servers of members for whom they do not work.
<><> House policies are codified by law.

The House commonly uses Citrix remote sessions that allow someone’s computer screen to show the contents of a different computer, but its security precautions ordinarily cause them to disconnect after just a few minutes. A House committee staffer close to the probe told TheDCNF that “the data was always out of [the members’] possession. It was a breach. “ That may imply that dozens of members’ data was all in one place — on Becerra’s Democratic Caucus server instead of in House members’ possession. The apparently constant access by the entire crew, even their friend Rao Abbas, also doesn’t jive with The Washington Post’s claim that they were using it as a family computer for homework and photos.

In early February, House Sergeant-At-Arms Paul Irving, Chief Administrative Officer Phil Kiko, and Jamie Fleet, the Democratic staff director of the Committee on House Administration, summoned affected chiefs of staff to a meeting to announce that the family was being banned from the network. Republican staff was not present, and the briefers omitted all mention of the cybersecurity component that appears to comprise the most dangerous part of the findings, according to numerous Democrats’ accounts.

On Feb. 3, 2017, Committee on House Administration Chairman Gregg Harper and Ranking Member Robert Brady issued the sole official statement about what they called “the ongoing House theft investigation.” “House Officials became aware of suspicious activity and alleged theft committed by certain House IT support staff,” the statement read. “An internal investigation determined that a number of House policies and procedures had been violated. This information was turned over to the United States Capitol Police and their investigation is ongoing. These employees have also been blocked from accessing House systems. All offices impacted have been contacted. No further comment will be issued until the investigation is complete.”

But that internal investigation’s most notable findings — in fact, the second presentation didn’t even mention theft — concerned credible evidence of a cyber-breach, and at the time of the announcement, the most recent incident of theft consisted of the disappearance of Becerra’s House Democratic Caucus server that was evidence in a cybersecurity probe, several authorities said.