Key Evidence in House Hacking Probe Mysteriously Disappeared

Trump says server connected 'to much of the corruption we see today'
June 7, 2018 Updated: June 8, 2018    

A server belonging to the House Democratic Caucus went missing in early 2017 after it had been identified by the inspector general as a key piece of evidence in a hacking probe.

The Office of Inspector General had found months earlier that a group of House IT workers had logged in to the server 5,735 times during the surveyed period between October 2015 and April 2016.

The IT workers, most of whom were members of the Awan family, were working at that time for dozens of House Democrats, earning an estimated $7 million since 2004.

Imran Awan was first hired by House Democrats in 2004, after which two of his brothers, his wife, and his sister-in-law were added to the congressional payroll despite having little to no IT experience.

In a behind-closed-door briefing to the House leadership in September 2016, the inspector general said their activity was suspicious in part because the IT workers had taken steps to conceal their identities.

“Excessive logons are an indication that the server is being used for nefarious purposes and elevated the risk that individuals could be reading and/or removing information,” reads a presentation by the inspector general that was not released to the public.

The inspector general also warned of the risk that the server could be used as a repository to store documents “taken from other offices or evidence of other illicit activity.”

The investigation had uncovered Dropbox accounts installed on at least two Democratic Caucus computers used by the IT workers, against House IT policy.

The two accounts associated with the Dropbox accounts on the computers each contained thousands of files.

“We have not been permitted to view content of the files on these workstations. However, based on the file names, some of the information is likely sensitive,” the presentation says.

The inspector general also warned House leadership that the accounts could have been used to exfiltrate information.

“While file-sharing sites, such as Dropbox, have legitimate business purposes, use of such sites is also a classic method for insiders to exfiltrate data from an organization.”

Server Goes Missing

Following a second briefing in late September 2016, in which the House inspector warned the House leadership of “continuing unauthorized access,” the investigation was moved to the Capitol Police in October.

It was not until months later, on Feb. 2, 2017, that the House sergeant at arms banned the IT workers from the House network.

The Democratic Caucus server, which had been identified by the inspector general as ground zero of the suspicious activity, had disappeared at that time.

Three senior government officials with knowledge of the situation told the Daily Caller News Foundation last year that it had been physically stolen.

The server had disappeared just weeks before Rep. Xavier Becerra (D-Calif.), who was the chairman of the House Democratic Caucus, left his position to become California’s attorney general.

Police had informed Becerra that the server was the subject of an investigation and had requested a copy of it, the Daily Caller News Foundation reported last year, based on an account from a senior official.

The official also said that the police were provided with an elaborate falsified image of the server.

Sensitive Information on Server

According to the inspector general, the Awans made numerous unauthorized log ins to systems of House members. Besides the members they worked for, they also accessed servers of 15 House representatives they didn’t work for.

Information stored on the servers is considered extremely sensitive in nature and contains representatives’ personal data, calendars, emails, and information provided by constituents, such as personal and medical problems as well as their contact information and, in some cases, Social Security numbers.

Click on timeline to enlarge.

“We know that there are countries and companies, entities around the world, who would pay a lot of money to have access to some members’ calendars, to their e-mails, see who they are meeting with, see what they’re saying about those meetings, that could be very valuable information,” said Rep. Louie Gohmert (R-Texas), during an informal hearing on the issue in Congress on Oct. 10, 2017.

There are concerns that the data was exfiltrated from Congress using the Dropbox accounts after it had been stored on the Democratic Caucus server.

A congressional source told Circa that the amount of data being transferred was in the terabits. A terabit equals 1,000 gigabytes of data.

The Pakistan Connection

The data may have been exfiltrated from Congress to Pakistan and other countries. Awan’s father allegedly transferred a USB drive to a Pakistani senator and former head of a Pakistani intelligence agency, the Daily Caller News Foundation reported in April this year, based on interviews with an ex-business partner of the father.

“After Imran’s father deliver [sic] USB to Rehman Malik, four Pakistani [government intelligence] agents were with his father 24-hour on duty to protect him,” Rashid Minhas said.

He also said that Awan allegedly had bragged that he had the power to “change the U.S. president.”

Awan himself accessed congressional servers from Pakistan while he stayed there for months at a time.

Ongoing Investigation

Awan and his wife, Hina Alvi Awan, were charged in July 2017 on bank fraud charges.

So far there have been no charges yet related to the alleged hacking and exfiltrating of data uncovered by the House Office of Inspector General and subsequent Capitol Police investigation.

President Donald Trump on June 7 called on the Justice Department not to let Awan and his former employer Debbie Wasserman Schultz (D-Fla.) off the hook.

“The Democrat I.T. scandal is a key to much of the corruption we see today. They want to make a ‘plea deal’ to hide what is on their Server. Where is Server? Really bad!” Trump said in a tweet.

Wasserman Schultz was among the first to employ Awan in 2005.

Part of the federal court case involving the bank fraud charges involves a laptop Awan left in a decommissioned phone booth in a House building on April 6. The laptop bore a username with Wasserman Schultz’s initials, “RepDWS,” and was accompanied by several copies of ID cards belonging to Awan as well as a letter to prosecutors.

Awan’s lawyer, Chris Gowen, has argued that the laptop should not be used in the court case, citing attorney-client privilege.

Wasserman Schultz tried for months to have the laptop returned to her and hired an outside lawyer to block prosecutors from looking at it.

Earlier this week, a hearing in the court case was delayed for a seventh time until July 3. Court documents indicate that Awan’s lawyer has been considering a plea deal.

“The parties are currently exploring a possible resolution of this matter,” prosecutors wrote in court documents last month.