Every one of the 44 House Democrats who hired Pakistan-born IT aides who later allegedly made “unauthorized access” to congressional data appears to have chosen to exempt them from background checks, according to congressional documents.
All of them appear to have waived background checks on Imran Awan and his family members, even though the family of server administrators could collectively read all the emails and files of 1 in 5 House Democrats, and despite background checks being recommended for such positions, according to an inspector general’s report. The House security policy requires offices to fill out a form attesting that they’ve initiated background checks, but it also includes a loophole allowing them to simply say that another member vouched for them.
Among the red flags in Abid’s background were a $1.1 million bankruptcy; six lawsuits against him or a company he owned; and at least three misdemeanor convictions including for DUI and driving on a suspended license, according to Virginia court records. Public court records show that Imran and Abid operated a car dealership referred to as CIA that took $100,000 from an Iraqi government official who is a fugitive from U.S. authorities. Numerous members of the family were tied to cryptic LLCs such as New Dawn 2001, operated out of Imran’s residence, Virginia corporation records show. Imran was the subject of repeated calls to police by multiple women and had multiple misdemeanor convictions for driving offenses, according to court records.
If a screening had caught those, what officials say happened next might have been averted. The House inspector general reported on Sept. 20, 2016, that shortly before the election members of the group were logging into servers of members they didn’t work for, logging in using congressmen’s personal usernames, uploading data off the House network, and behaving in ways that suggested “nefarious purposes” and that “steps are being taken to conceal their activity.”
A pair of closely-held reports on Imran Awan, his brothers Abid and Jamal, his wife Hina Alvi, and his friend Rao Abbas, said, “the shared employees have not been vetted (e.g. background check).”
“Shared employees” means they were all hired as part-time, individual employees by individual members, cobbling together $165,000 salaries. Jamal began making that salary at only 20 years old, according to House payroll records; Abid never went to college, his stepmother said; and Rao Abbas’ most recent job experience was being fired from McDonald’s, according to his roommate. (“Whether they had formal training or not, they were trained on the job by Imran,” one of Imran’s lawyers said.)
Among the 44 employers, the primary advocate for the suspects has been Rep. Debbie Wasserman Schultz of Florida, who introduced a bill Monday that would require background checks on Americans purchasing ammunition. “Without bullets a gun is just a hunk of useless metal,” she said, calling ammunition the “loophole” in gun control policy.
Wasserman Schultz was also chair of the Democratic National Committee when Wikileaks published its emails. (The Wikileaks emails show that DNC aides called Imran when they needed the password to her device.) Since then, she and other Democrats have described cyber breaches in the strongest possible terms, such as “an act of war” and “an assault on our democracy.”
But there is no indication Democrats put those concerns into practice when they entrusted the Pakistani dual citizens with their data, nor when suspicious activity was detected. Police banned the suspects from the network after the IG report, but Wasserman Schultz kept Imran on staff anyway. He was in the building and in possession of a laptop with the username RepDWS months later, according to an April 6, 2017 police report.
The House security policy, HISPOL16, says “House Offices shall… Ensure background checks, as defined in this policy, have been conducted on Privileged Users.” It includes quarterly reviews of privileged accounts’ appropriateness. By the time the policy was enacted, some members had dropped the Awans for assorted reasons, including Kyrsten Sinema of Arizona in early 2015 for what her spokesperson called “incompetence.”
The $1.1 million bankruptcy in itself would be enough to stop many employers from giving access to sensitive data. “Excessive indebtedness increases the temptation to commit unethical or illegal acts in order to obtain funds to pay off the debts,” so “financial problems are the number one killer of security clearances,” according to ClearanceJobs.com.
For each server administrator, an “Authorizing Official” from the member’s office must fill out a form on which the office attests: “I have assessed the risk of the prospective Privileged Account holder via background check processes outlined in HISPOL 16.”
However, there is an alternative: “I have verified that a trustworthiness determination has been made on behalf of this shared resource by another Member.”
The option B does not ask the name of the member that vouched for the employee, and the language does not directly specify that vouching for an employee requires that the earlier member provided a background check.
The Daily Caller News Foundation reached out to all 44 members, and none disputed that they had not conducted a background check. Not a single one of the 44 would say which of their colleagues vouched for the Awans, nor stated what criteria they used to determine that it was prudent to give them access to all their data.
Besides Wasserman Schultz, Imran has longstanding personal relationships with Reps. Gregory Meeks and Marcia Fudge of New York, Politico reported. Employers also include Rep. Ted Lieu of California on the Foreign Affairs Committee and three members of the House Permanent Select Committee on Intelligence: Reps. Andre Carson of Indiana, Jackie Speier of California and Joaquin Castro of Texas.
The HISPOL16 policy was created in September 2015 and says “As privileged accounts have a greater potential impact on information and information systems than general user accounts, organizations must promote trustworthiness of users of privileged accounts. Authorization officials must check the backgrounds of users of privileged accounts for elements that might make trustworthiness of a user questionable… The Office of the CISO suggests that Hiring Officers and their designees use the rigorous criminal history records search services provided by the United States Capitol Police.”
The policy focuses on and encourages members to use the Capitol Police’s background check service, but it says private background check companies can also be used. The IG report does not specify whether it made the determination that the Awans had not received background checks by looking at the forms or by consulting with the Capitol Police, but it says that they “have not been vetted.”
The Shared Employee Handbook, published in 2009, says “Due to the sensitive nature of the information to which Shared Employees may be exposed during day-to-day job functions, it is recommended that Member and Committee offices request a Capitol Police Criminal History Records Check on potential Shared Employees.”
Eric McCracken, a spokesman for the Committee on House Administration, would not say why the screening policy provided the option B loophole that allowed another member to vouch for the aides in lieu of a background check. Despite the IG report addressing it, Gregg Harper, the Mississippi Republican who controls the committee, told The Daily Caller in 2017 that he did not know whether the Awans had background checks.
The Awans’ employers also included Rep. Yvette Clarke of New York, who saw $120,000 in computer equipment disappear under Abid Awan’s watch but “wrote off” the taxpayer funds rather than make an issue of it, according to the IG report and multiple senior government officials.
Xavier Becerra, now attorney general of California, ran the House Democratic Caucus, and his server was physically stolen shortly after the IG report named it as evidence in a hacking probe, three senior government officials said. A list of the members who did not conduct background checks is below.
Follow Luke on Twitter. Send tips to firstname.lastname@example.org. PGP key.
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact email@example.com.