d b schultz covered for them, remember

Inspector General: Awans Used “Unauthorized Access” To Transfer Congress’ Data To Stolen Server
Tyler Durden, Zero Hedge, Jan 17 2018

  • An internal House probe concluded that Pakistani IT aides Imran Awan along with four other individuals inappropriately accessed House servers and moved data
  • They impersonated at least 15 House members they did not work for and the Demagog Caucus, using their credentials to gain access to the system, a federal offense.
  • Data was migrated from several servers onto a single server, which disappeared while being monitored by police
  • The Awans engaged in a “pattern of login activity” which suggest steps were taken to conceal their activity
  • House Democrats in turn misrepresented the issue to their own members as solely a matter of theft
  • No criminal charges have been filed related to the data breaches or a number of other violations

 
In what must surely warrant a Special Counsel by now, an internal House investigation concluded that Pakistani IT aides Imran Awan and wife Hina Alvi, along with Imran’s brothers Abid and Jamal and a friend, impersonated at least 15 House members for whom they did not work, using their credentials to log into Congressional servers, before migrating data to a single server, which was stolen during the investigation, all while covering their tracks, reports Luke Rosiak of the Daily Caller. This and much more is detailed in a presentation assembled the House’s internal watchdog, the Office of the Inspector General, after a four-month internal probe.

The presentation, written by the House’s Office of the Inspector General, reported under the bold heading “UNAUTHORIZED ACCESS” : “5 shared employee system administrators have collectively logged into 15 member offices and the Demagog Caucus although they were not employed by the offices they accessed.” One systems administrator logged into a member’s office two months after he was terminated from that office. There are strong indications that many of the 44 members’ data, including personal information of constituents seeking help, was entirely out of those members’ possession, and instead was stored on the House Demagog Caucus server. The aggregation of multiple members’ data would mean all that data was absconded with, because authorities said that entire server physically disappeared while it was being monitored by police.

The OIG also concluded that the Awans’ behavior appeared to be a “classic method for insiders to exfiltrate data from an organization,” as well as indications that a House server was “being used for nefarious purposes and elevated the risk that individuals could be reading and/or removing information,” and “could be used to store documents taken from other offices,” the Caller reports. A House committee staffer close to the probe told the Daily Caller: “The data was always out of their possession. It was a breach.” The second presentation shows that shortly before the election, their alleged behavior got even worse. The internal document also shoots down any notion that the access was for some legitimate purpose. The presentation reads:

They were using the House Demagog Caucus as their central service warehouse. All 5 of the shared employee system administrators collectively logged onto the Caucus system 5,735 times, an average of 27 times per day… This is considered unusual since computers in other offices managed by these shared employees were accessed in total less than 60 times. There was possible storage of sensitive House information outside of the House. Dropbox is installed on two Caucus computers used by the shared employees. Their user accounts had thousands of files on each computer in their Dropbox folders. This pattern of login activity suggests steps were being taken to conceal their activity. During Sep 2016, shared employees continued to use Demagog Caucus computers in anomalous ways:

  • Logged onto laptops as system administrators;
  • Changed identity and logged onto Demagog Caucus servers using 17 other user account credentials;
  • Some credentials belonged to members;
  • The shared employees did not work for 9 of the 17 offices to which these user accounts belonged.

Under the Computer Fraud and Abuse Act, simply accessing a computer and obtaining information carries a sentence of up to 10 years for more than one conviction of the same abuse. Trespassing on a government computer also carries a 10-year sentence. While each violation above carries its own penalties, the punishment under 18 USC § 1030 is up to 20 years in prison for each violation. House Demagog leadership has been downplaying the alleged breach by pointing to recent bank fraud charges the Awans were slapped with after Imran Awan was arrested at Dulles International Airport attempting to flee the country.

Rep Ted Lieu of California, who employed Abid Awan and is a member of the foreign affairs committee, said as far as he was concerned it was a simple issue of bank fraudHe told a TV station: “The staffer that I used, there was no allegation. If you look at the charge of the brother, he was charged with bank fraud. That has nothing to do with natsec.”

The only Demagog who appears to have attempted to intervene with the Awans’ access is Rep Xavier Becerra, who ran the House Demagog Caucus server. He knew about the unauthorized access, and tried to stop them according to the OIG report. However “the suspect defied him.” That said, Bacerra does not appear to have warned other offices that might have been affected. The OIG report reads: “The Caucus Chief of Staff requested one of the shared employees to not provide IT services or access their computers. This shared employee continued.” Unfortunately, while police were keeping tabs on the server as a primary piece of evidence in their ongoing investigation, they discovered in January that it was taken from under their noses and replaced with a different computer.” To read more about the Awans, take a look at the extensive reporting below by Luke Rosiak’s Continuing DCNF Investigative Group Series:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s