A delayed response by Capitol Police after thousands of suspicious logins had been discovered on congressional systems left the data of at least 59 U.S. Representatives vulnerable for five months.
In September 2016, the House Office of Inspector General informed the House leadership and the Committee on House Administration (CHA) that five IT workers had made thousands of suspicious log ins to the Democratic Caucus server and three of its workstations.
The IT workers, who worked for a combined 44 House Democrats, also made unauthorized logins into the systems of 15 Democratic representatives they did not work for.
Four of the IT workers—Imran Awan, Abid Awan, Hina Alvi Awan, and Jamal Awan—belong to the same family, while the fifth IT worker, Rao Abbas, was someone to whom Abid Awan owed money.
In a second briefing, on Sept. 30, 2016, the inspector general warned the House leadership of “continuing unauthorized access.”
The next month, in October 2016, the investigation was moved by the House leadership from the inspector general to Capitol Police.
It was not until Feb. 2, 2017, however, that the House sergeant at arms banned the five IT workers from the House network, leaving congressional IT systems vulnerable for five months.
The files the IT aides had access to included all personal files of the representatives they worked for such as emails, documents, calendars, and information on constituents.
It also included files stored on the Democratic Caucus server.
A day after the House sergeant at arms banned the IT workers from the House network, most of the 44 House Democrats fired them, underscoring the significance of the issue.
In its initial presentation, the inspector general said that the IT workers had taken steps to conceal their suspected activity on the House IT network.
According to the IG, they were using Active Roles Servers to grant access on a temporary basis that could have been used to evade network monitoring.
“Excessive logons are an indication that the server is being used for nefarious purposes and elevated the risk that individuals could be reading and/or removing information,” the IG said in a presentation, which was not released publicly.
“Computers could be used as a launching point to access other systems for which access may be unauthorized.”
Imran Awan, who in 2004 was the first of the family to be hired as a congressional IT aide, is a Pakistani national who arrived in the United States in 1997 under the diversity lottery program. In 2004, he gained American citizenship.
Each of the 44 House Democrats the IT aides worked for had opted to forego background checks, despite at least one aide, Rabo Abbas, having filed for bankruptcy in 2012, which is normally considered a red flag, as having significant debts can make a person vulnerable to bribery.
Concerns remain that the data accessed by the IT aides was funneled out of Congress to other nation-states.
Some of the members who hired the IT aides served on committees that deal with matters of national security, such as the House Permanent Select Committee on Intelligence, the House Committee on Homeland Security, and the House Committee on Foreign Affairs.
The inspector general had found that on two computers the IT aides were using, Dropbox was installed, each having an account with thousands of files in them.
“We have not been permitted to view content of the files on these workstations. However, based on the file names, some of the information is likely sensitive,” the IG wrote in its presentation.
“While file sharing sites, such as Dropbox, have legitimate business purposes, use of such sites is also a classic method for insiders to exfiltrate data from an organization.”
Imran Awan was arrested at the airport by the FBI on July 24 as he tried to leave the country for Pakistan. Prosecutors say Awan was carrying a phone whose contents had recently been wiped and a laptop with only one notable file on it, a resume.
Awan was charged, alongside his wife, Hina Alvi Awan, with bank fraud. No charges have been filed related to the alleged hacking of congressional IT systems. A hearing in their case has been postponed seven times since November last year and is now scheduled for next month.
Months earlier, a key piece of evidence, the Democratic Caucus server, disappeared after being identified as evidence. Three senior government officials told The Daily Caller News Foundation (DCNF) that the server had been physically stolen in early January, just weeks before Rep. Xavier Becerra (D-Calif.), who served at the time as the head of the Democratic House Caucus, left to become California’s attorney general.
“They were using the House Democratic Caucus as their central service warehouse. … It was a breach. The data was completely out of [the members’] possession. Does it mean it was sold to the Russians? I don’t know,” a senior official told the DCNF.
The discovery by the inspector general took place during the heat of the 2016 presidential election.
Months earlier, the Democratic National Committee hired cybersecurity firm Crowdstrike, which said in a June 15, 2016, blog post that Russian actors were responsible for the alleged intrusion into the DNC’s servers.
Key parts of the investigation’s finding, however—including the hacking styles Crowdstrike attributed to the alleged Russian hacking groups—were discredited or disputed.
The DNC also never provided the FBI with access to the servers despite multiple requests, former FBI Director James Comey said under oath during his testimony before the Senate intelligence committee in June 2017.
Nevertheless, the alleged DNC hack became the core of the FBI’s investigation into alleged Russian meddling in the 2016 elections, and later the investigation conducted by special counsel Robert Mueller.
The investigation into the unauthorized access to congressional systems, however, appears to have been cut short. According to the DCNF, the Justice Department told Capitol Hill staff in June 2017 that they were not planning to conduct more interviews, despite several IT workers claiming to have knowledge of wrongdoing by the IT aides in question.
President Donald Trump weighed in on the issue in a tweet on June 7, saying: “Our Justice Department must not let Awan & Debbie Wasserman Schultz off the hook. The Democrat I.T. scandal is a key to much of the corruption we see today.”