Inspector General: Awans Used “Unauthorized Access” To Transfer Congress’ Data To Stolen Server

awan brothers scandel

  • An internal House probe concluded that Pakistani IT aides Imran Awan along with four other individuals inappropriately accessed House servers and moved data
  • They impersonated at least 15 U.S. House members they did not work for and the Democratic Caucus, using their credentials to gain access to the system – a federal offense.
  • Data was migrated from several servers onto a single server, which disappeared while being monitored by police
  • The Awans engaged in a “pattern of login activity” which suggest steps were taken to conceal their activity
  • House Democrats in turn misrepresented the issue to their own members as solely a matter of theft
  • No criminal charges have been filed related to the data breaches or a number of other violations

In what must surely warrant a Special Counsel by now, an internal House investigation concluded that Pakistani IT aides Imran Awan and wife Hina Alvi, along with Imran’s brothers Abid and Jamal and a friend, impersonated at least 15 U.S. House members for whom they did not work – using their credentials to log into Congressional servers, before migrating data to a single server, which was stolen during the investigation, all while covering their tracks – reports Luke Rosiak of the Daily Caller.

This, and much more is detailed in a presentation assembled the House’s internal watchdog – the Office of the Inspector General, after a four-month internal probe.

The presentation, written by the House’s Office of the Inspector General, reported under the bold heading “UNAUTHORIZED ACCESS” that “5 shared employee system administrators have collectively logged into 15 member offices and the Democratic Caucus although they were not employed by the offices they accessed.” –DC

One systems administrator “logged into a member’s office two months after he was terminated from that office,” reads the investigative summary.

There are strong indications that many of the 44 members’ data — including personal information of constituents seeking help — was entirely out of those members’ possession, and instead was stored on the House Democratic Caucus server. The aggregation of multiple members’ data would mean all that data was absconded with, because authorities said that entire server physically disappeared while it was being monitored by police. –DC

The OIG also concluded that the Awans’ behavior appeared to be a “classic method for insiders to exfiltrate data from an organization,” as well as indications that a House server was “being used for nefarious purposes and elevated the risk that individuals could be reading and/or removing information,” and “could be used to store documents taken from other offices,” the Caller reports.

A House committee staffer close to the probe told The Daily Caller that “the data was always out of [the members’] possession. It was a breach. They were using the House Democratic Caucus as their central service warehouse.

All 5 of the shared employee system administrators collectively logged onto the Caucus system 5,735 times, an average of 27 times per day… This is considered unusual since computers in other offices managed by these shared employees were accessed in total less than 60 times,” the presentation reads.

The internal document also shoots down any notion that the access was for some legitimate purpose – indicating “This pattern of login activity suggests steps are being taken to conceal their activity.” 

A second presentation shows that shortly before the election, their alleged behavior got even worse. “During September 2016, shared employee continued to use Democratic Caucus computers in anomalous ways:

  • Logged onto laptop as system administrator
  • Changed identity and logged onto Democratic Caucus server using 17 other user account credentials
  • Some credentials belonged to Members
  • The shared employee did not work for 9 of the 17 offices to which these user accounts belonged.”

The second presentation found “possible storage of sensitive House information outside of the House … Dropbox is installed on two Caucus computers used by the shared employees. Two user accounts had thousands of files in their Dropbox folder on each computer,” which is strictly against House rules due to fact that Dropbox is offsite.

Without delving into espionage, let’s look at the statutes on computer crimes from the Department of Justice;

Under the Computer Fraud and Abuse Act (CFAA), simply accessing a computer and obtaining information carries a sentence of up to 10 years for more than one conviction of the same abuse. Trespassing on a government computer also carries a 10 year sentence. You can see the rest of the CFAA penalties below, many of which appear to fit the Awan case:

sdf

While each violation above carries its own penalties, let’s look at the first one; National Security violations Under the CFAA, a felony:

asd

Whoever— (1) having knowingly accessed a computer without authorization or exceeding authorized access,and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it . . . shall be punished as provided in subsection (c) of this section.

The punishment under 18 U.S. Code § 1030 is up to 20 years in prison for each violation.

Meanwhile, House Democratic leadership has been downplaying the alleged breach by pointing to recent bank fraud charges the Awans were slapped with after Imran Awan was arrested at Dulles International Airport attempting to flee the country.

Rep. Ted Lieu of California, who employed Abid Awan and is a member of the foreign affairs committee, said as far as he was concerned it was a simple issue of bank fraud.

“The staffer that I used, there was no allegation,” he told a TV station. “If you look at the charge of the brother, he was charged with bank fraud… that has nothing to do with national security.” –DC

The only Democrat who appears to have attempted to intervene with the Awans’ access is Rep. Xavier Becerra who ran the House Democratic Caucus server, knew about the unauthorized access, and tried to stop them according to the OIG report – however “the suspect defied him.” That said, Bacerra does not appear to have warned other offices that might have been affected.

“The Caucus Chief of Staff requested one of the shared employees to not provide IT services or access their computers,” the OIG report reads, adding “This shared employee continued.” Unfortunately, while police were keeping tabs on the server as a primary piece of evidence in their ongoing investigation, they discovered in January that it was taken from under their noses and replaced with a different computer

To read more about the Awans, take a look at the extensive reporting below by Luke Rosiak:

Imran Awan: A Continuing DCNF Investigative Group Series