Paul working for you.

Tuesday, December 12, 2017

Becerra Tried To Block Server Admin Over Red Flags, But Logins Continued, With Muted Reaction

Becerra Tried To Block Server Admin Over Red Flags, But Logins Continued, With Muted Reaction

Photo of Luke Rosiak
Luke Rosiak
Investigative Reporter


Xavier Becerra, the chairman of the House Democratic Caucus, barely reacted when he learned the caucus server had been infiltrated in 2016, although he loudly decried the hack of the Democratic National Committee that happened around that same time. No one has faced punishment for the caucus server infiltration.

The then-congressman, who is now California’s attorney general, refused to articulate even the barest details of the cyber breach at a press conference Wednesday, and would not say whether he’s seeking criminal charges against longtime IT aide Imran Awan and his family.

Members of the Awan family logged on to the Caucus server 7,000 times without authorization between October 2015 and August 2016, according to a House investigation. The logins suggested “the server is being used for nefarious purposes and elevated the risk that individuals could be reading and/or removed information,” it said.

Multiple sources said Sean McCluskie, who was Becerra’s chief of staff and is now chief deputy attorney general of California, knew of problems well before law enforcement was brought on board in October 2016.

Imran’s brother Abid Awan had no connection to either the caucus or Becerra’s congressional office and had no authorization or reason to log in, but he was doing so anyway, according to investigators. Becerra had paid Imran to manage his personal office server since 2004, adding in his wife Hina Alvi as a second IT aide in 2013. Hina Alvi was also the sole IT aide on the payroll of the caucus, which has its own staff and equipment. Other aides had no connection or authorization to access it.

McCluskie suspected Abid and quietly tried to address the issue by quietly blocking him. Abid defied him and continued to access the server, which should have raised urgent red flags, the sources said.
“The Caucus Chief of Staff requested one of the shared employees to not provide IT services or access their computers,” but “this shared employee continued,” the House report found. The logins continued for months, and eventually, police said the entire server with evidence on it disappeared and was replaced with a different one.

The Daily Caller News Foundation asked Becerra about the incident and his response to it on Wednesday.


“Go back and research your facts, you’ve got them wrong. I understand that this matter is still under investigation, and we have cooperated with the authorities both within Congress and with the federal government on this,” Becerra said. He refused four times to say what facts he was contesting or to elaborate on the incident in any way.

His reaction is odd given Democrats’ vocal abhorrence of the breach of the DNC resulting in the publication of its emails by Wikileaks, which Democrats have called an “assault on our democracy.” Early signs of that breach were treated casually by the DNC when first detected: A tech manager said he was too busy with other matters to chase down leads, the FBI’s calls weren’t returned, the DNC delayed a response to focus on the primaries, and Donna Brazile said when DNC Chairwoman Debbie Wasserman Schultz finally relayed the news of the breach to officers weeks later, her tone was “casual.”

But even after the Wikileaks publication of DNC emails, Becerra never publicly acknowledged nor demanded consequences for the cyber breach on the server of a group similar in nature to the DNC.
Eighteen months later, no one has been charged or disciplined for the breach, which is perhaps not surprising since the victims don’t appear to be asking for it.

The Awan family was logging in to Becerra’s Caucus server with 17 different accounts belonging to offices whose data should have had no connection to the caucus, according to the House investigative report. The patterns were consistent with data being funneled onto Becerra’s server from other members of Congress, but members said Becerra never alerted them of any aberrations.

When TheDCNF broke the story about the caucus server in September, neither a Becerra representative nor McCluskie acknowledged the breach occurred. A spokesman finally told Fox News a month later that “since he was first approached by the authorities, AG Becerra has worked with them to provide them the information requested.”

Along with Rep. Debbie Wasserman Schultz and Rep. Gregory Meeks of New York, Becerra was Awan’s most consistent and earliest backer. He hired him in 2004, and between his personal office and the caucus that he controlled, paid the Awan family more money than any other member, payroll data shows.

This means examining Awan’s activities in 2016 could have created problems for Becerra and raised questions about more than a decade of potentially-compromised data as well as his judgment for not acting on warning signs. After 2004, Imran’s entire family — and a friend whose most recent job experience was at McDonald’s –eventually joined the House payroll. The staffers were mostly paid chief-of-staff level salaries, and newly-elected members said other lawmakers encouraged them to put the on their payroll by other lawmakers.

A senior Republican official with direct knowledge of the probe told TheDCNF “they [the Awans] had access to all the data including all emails. Imran Awan is the walking example of an insider threat, a criminal actor who had access to everything.”

“They were using the House Democratic Caucus as their central service warehouse … It was a breach. The data was completely out of [the members’] possession. Does it mean it was sold to the Russians? I don’t know,” the official said.

On Jan. 24, 2017, Becerra vacated his congressional seat to become California’s attorney general and hoped to clear his data. “We asked for an image of the server, and [the Awans] deliberately turned over a fake server,” the senior official said.

It was only then that the Awans were banned from the network. Since that time, Democrats have claimed they have never been informed of any breach, and those who did know — including Becerra — have gone to lengths to avoid discussing it or even defended the Awans. Wasserman Schultz suggested Islamophobia fueled criticism of the Awans’ alleged behavior. IT colleagues said they have long sensed something untoward in members’ relationship with the Awans, and even suspected that the Awans might be blackmailing members with their own emails.

Investigators also suspected the Awans of falsifying invoices for computer equipment in the House, and their attorneys said members of Congress or their staffs told them to fudge the records.
After the Awans were banned, the reasons for concern only worsened:
  • Prosecutors have said both Imran Awan and his wife Hina Alvi tried to flee the country, with Awan using an alias.
  • Imran left a laptop with the username RepDWS in a phone booth with a letter to prosecutors in March 2017 after being banned from the House network, according to a Capitol Police report.
  • Imran’s stepmom said in a civil suit that “Imran Awan threatened that he is very powerful and if I ever call the police again, [he] will … kidnap my family members.” His wife Hina said in a Pakistani suit that he “threatened the complainant of dire consequences, he also threatened to harm the lives of family of [Hina] if she intervenes.” Another woman filed a police report in Virginia saying Imran was keeping her “like a slave.”
  • It emerged that Imran had a secret email address, 123@mail.house.gov, that was not turned off when he was banned, and it used name of an employee for Rep. Andre Carson who specialized in intelligence matters, according to court documents.
  • It emerged that the Awans own significant real estate holdings in Pakistan that locals say were the fruits of fraud, that charges there were dropped under political pressure, and that they sent money to a Pakistani police officer.


Imran Awan: A Continuing DCNF Investigative Group Series


No comments:

Post a Comment