Report: Pakistani IT aides hired by 44 House Dems had infiltrated other servers

BY TRACY MATHESON / JANUARY 17, 2018 /

GET the DML NEWS APP (FREE) Click Here

A new report from House investigators concluded that Pakistani Democratic IT aides assumed unauthorized access to congressional servers in 2016, logging in as members of Congress, allegedly accessing data belonging to members for whom they did not work and actively hiding evidence of their actions.

Following a four-month investigation, the House’s Office of the Inspector General released a report headlined, “UNAUTHORIZED ACCESS” which revealed that “5 shared employee system administrators have collectively logged into 15 member offices and the Democratic Caucus although they were not employed by the offices they accessed,” according to The Daily Caller.

The report stated that the tactics uses by the IT aides mirrored a “classic method for insiders to exfiltrate data from an organization,” which they continued employing even after receiving orders to stop. Investigators also discovered indications that a House server was “being used for nefarious purposes, and elevated the risk that individuals could be reading and/or removing information” and “used to store documents taken from other offices.”

The investigation found “possible storage of sensitive House information outside the House … Dropbox is installed on two Caucus computers used by the shared employees. Two user accounts had thousands of files in their Dropbox folder on each computer.” Using Dropbox is against House rules because it uploads files offsite.

The Daily Caller reported, “When acting on the findings, Democratic leadership appear to have misrepresented the issue to their own members as solely a matter of theft, a comparison of the investigators’ findings with Democrats’ recollections and a committee’s public statement shows, leading 44 Democrats to not conduct protective measures typically taken after a breach — including informing constituents whose personal information may have been exposed.”

“This is the first I’ve heard about that,” said Missouri Democratic Rep. Emmanuel Cleaver — who employed almost every member of the Awan group — of cybersecurity issues.

“The only thing I’m aware of is that he’s being charged with bank fraud,” Democratic Rep. Joaquin Castro, who employed Jamal and is a member of the intelligence committee, told TheDCNF. “Do you have evidence that there’s anything more than a bank investigation? If someone’s given you a document to that effect, please give it to me.”

The Pakistani-born aides, Imran Awan, his wife Hina Alvi, his brothers Abid and Jamal, and his friend Rao Abbas, are alleged to have perpetrated the following:

  • Logged onto laptop as system administrator
  • Changed identity and logged onto Democratic Caucus server using 17 other user account credentials, some belonging to House members
  • Not employed by 9 of the 17 offices to which these user accounts belonged
  • “Possible storage of sensitive House information outside the House.”

Democratic House members involved in the case include former DNC Chairwoman Debbie Wasserman-Schultz of Florida, Tim Ryan of Ohio, Jackie Speier of California and Frederica Wilson of Florida. A full list of lawmakers involved can be viewed here, as well as links to many related articles on the case.