The Daily Caller logo
Investigative Group

Congress And Wasserman Schultz Negligent For Allowing Hacking Suspects Continued Access, Expert Says

WILTON MANORS, FL - MAY 26: House Minority Leader Rep. Nancy Pelosi (D-CA) and Rep. Debbie Wasserman Schultz (D-FL) attend a discussion about LGBT rights at the Pride Center on May 26, 2017 in Wilton Manors, Florida. The discussion centered around the Equality Act, a bill that hopes to amend the Civil Rights Act of 1964 to guarantee protections to LGBT individuals. (Photo by Joe Raedle/Getty Images) | Congress, DWS Violated Cyber Protocol

Joe Raedle/Getty Images

Luke Rosiak Investigative Reporter
Font Size:
  • Congress didn’t take away IT aides’ network access until nearly a year after it learned of suspicious activity
  • A cybersecurity expert said the House was negligent and violated basic cybersecurity practices
  • He said  he has investigated many cases in which IT aides have stolen sensitive information

A publication for IT security professionals says House leaders of both parties were negligent and in violation of basic IT protocol by allowing Imran Awan and his family to continue in their roles as server administrators for four months despite knowing they were suspected of serious misconduct by the House Inspector General.

“The lack of concern and perspective on the potential risks posed by Imran Awan is alarming,” an article in SearchSecurity says. “This case is an example of negligence trumping security and, worse yet, common sense. Awan’s alleged activities and the way many handled themselves, from the hiring to the response in the wake of the investigation, should concern us all.”

Forty-four House Democrats employed the Pakistani-born Imran Awan and his family in a position where they could read all the emails and files of one in five Democratic congressmen.

The author, cybersecurity expert Kevin McDonald of Alvaka Networks, especially faults the judgement of Democratic Rep. Debbie Wasserman Schultz, who kept Imran on her payroll for an additional six months after House leadership banned him from the network. He also questions her claim the IT aide was somehow providing tech services without ever connecting to the House network.

“When challenged about why she allowed a person under criminal investigation to continue to access the building — where computers are stored and used — to assist with IT issues, Wasserman Schultz defended her actions by telling reporters that IT admins could assist with issues without having network access, and that IT support included other elements besides the network, such as phones, printers and software,” the article reads.

Imran did, in fact, use his continued access to the building to to leave a laptop apparently purchased by Wasserman Schultz’s office, which he left in a phone booth April 6, 2017, according to a Capitol Police report.

Committee on House Administration leaders Republican Gregg Harper and Democrat Bob Brady learned the Awan family was suspected of equipment-theft in April 2016 but did not suspend their network access, instead tasking the House Office of Inspector General (IG) with an investigation, according to an IG presentation.

The misconduct extended beyond potential theft of equipment to cybersecurity issues, according to the IG. It presented a briefing in September 2016 that alleged Imran and family members were logging into servers of offices they did not work for thousands of times and warned of indications a “server is being used for nefarious purposes and elevated the risk that individuals could be reading and/or removing information.” The briefing went to Speaker of the House Paul Ryan, House Minority Leader Nancy Pelosi, Harper and Brady.

“Despite an ongoing investigation into potential misconduct, these members of the House IT staff were allowed to continue working as administrators for nearly a year,” McDonald wrote.

The aides should have immediately been placed on a paid suspension, he continued. “If issues or questions arise about their conduct, they should have their access immediately revoked until an investigation can be completed. There is no room for leniency or error until the concerns are alleviated.”

McDonald pointed out the dangers rogue IT aides pose. “They can add programs designed to spy on users, damage systems or data, redirect data flows and communications, or fully reproduce every bit of data contained on the systems they control. They can pretend to be a user and take action as if they are that user.”

The Awans were allegedly logging in, using members of Congress’s personal usernames, according to the IG.

The security professional wrote: “I have been involved in investigations where data was deleted, information was exfiltrated, money was stolen and clients were locked out of their own systems, and even extorted by staffers with information they gained from systems access. This means that the utmost care must be taken in selecting these technology professionals, determining their access and monitoring their behaviors.”

“In particular, sensitive systems in government, defense and finance should be accessed and supported only by those with impeccable work history, experience, knowledge and character,” he continued.

The Administration Committee requires background checks for IT aides, but its policy includes a loophole that allows other members to vouch for them in lieu of the recommended practice of a Capitol Police background check. The Daily Caller News Foundation reported Monday the IG report says the aides “have not been vetted (e.g. background checks),” meaning every member waived background checks for the Awans.

House officials finally banned the Awans from the House network on Feb. 2, 2017. Wasserman Schultz still kept him on staff, claiming the IT aide was somehow providing tech assistance without touching the network.

“Imran Awan was allowed to continue working as an IT admin for several months with restricted network access despite obvious red flags,” McDonald lamented.

“Let’s break it down from an IT security perspective. First, Wasserman Schultz implies that allowing someone under criminal investigation to remain in proximity to sensitive computers and the network equipment connected to it is no big deal. Second, she goes on to say that, basically, phones, printers, the website and software are nothing to worry about, despite the fact that malware placed on any of the above can lead to systems’ access. Even without gaining system access, key loggers and other data capture malware can, in fact, steal copies of everything a House member or staffer is doing.”

Though the IG report says server logs show “unauthorized access,” the Awans have not been charged with hacking. Democrats, as the victims of the alleged wrongdoing, have been reticent to press charges against the Awans, a House source told TheDNCF. Democrats have, in turn, cited the lack of cybersecurity charges to dismiss the issue.

“Regardless of whether Awan is found guilty, the response from members of Congress should be concerning,” McDonald wrote. “Even if it does not rise to the level of espionage, it should be a massive wakeup call about who is being allowed to access congressional IT systems and other sensitive government computers.”

Imran and his wife were charged in July with felonies for allegedly cashing out their congressional retirement account under false pretenses before attempting to leave the country.

The Administration Committee hasn’t changed the policy surrounding House information security nor answered basic questions about the unauthorized access.

“There should be a top-down investigation into the hiring, monitoring and termination practices of Congressional members’ IT staff, and new protocols need to be instituted,” McDonald wrote.

Editor’s Note:

The Daily Caller, Inc., the Daily Caller News Foundation, and Luke Rosiak have settled a defamation lawsuit brought by Imran Awan, Abid Awan, Jamal Awan, Tina Alvi, and Rao Abbas (“the Plaintiffs”), in the D.C. Superior Court, Awan et al. v. The Daily Caller, Inc. et al., No. 2020 CA 000652 B (D.C. Super.) (“The Lawsuit”).
 
The Plaintiffs filed the Lawsuit in 2020, alleging that they were defamed by statements made by The Daily Caller entities and Mr. Rosiak, including statements in Obstruction of Justice, a 2019 book authored by Mr. Rosiak and published by Regnery Publishing, a business of Salem Media Group, Inc., about the Plaintiffs’ work for the U.S. House of Representatives. In response, The Daily Caller entities and Mr. Rosiak each denied liability and contested the Plaintiffs’ claims. 
 
None of the Defendants has admitted to any fault as part of this settlement. Nevertheless, The Daily Caller entities and Mr. Rosiak recognize that no charges have ever been filed against the Plaintiffs relating to their congressional IT work.

Follow Luke on Twitter. Send tips to luke@dailycallernewsfoundation.org. PGP key.

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.

PREMIUM ARTICLE: Subscribe To Keep Reading
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!

Sign up

By subscribing you agree to our Terms of Use

 You're signed up!
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!

Sign up

By subscribing you agree to our Terms of Use

You're signed up!
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!

Sign Up

By subscribing you agree to our Terms of Use

 You're signed up!
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!
Sign up

By subscribing you agree to our Terms of Use

You're signed up!
BENEFITS READERS PASS PATRIOTS FOUNDERS
Daily and Breaking Newsletters
Daily Caller Shows
Ad Free Experience
Exclusive Articles
Custom Newsletters
Editor Daily Rundown
Behind The Scenes Coverage
Award Winning Documentaries
Patriot War Room
Patriot Live Chat
Exclusive Events
Gold Membership Card
Tucker Mug

What does Founders Club include?

Tucker Mug and Membership Card
Founders

Readers,

Instead of sucking up to the political and corporate powers that dominate America, The Daily Caller is fighting for you — our readers. We humbly ask you to consider joining us in this fight.

Now that millions of readers are rejecting the increasingly biased and even corrupt corporate media and joining us daily, there are powerful forces lined up to stop us: the old guard of the news media hopes to marginalize us; the big corporate ad agencies want to deprive us of revenue and put us out of business; senators threaten to have our reporters arrested for asking simple questions; the big tech platforms want to limit our ability to communicate with you; and the political party establishments feel threatened by our independence.

We don't complain -- we can't stand complainers -- but we do call it how we see it. We have a fight on our hands, and it's intense. We need your help to smash through the big tech, big media and big government blockade.

We're the insurgent outsiders for a reason: our deep-dive investigations hold the powerful to account. Our original videos undermine their narratives on a daily basis. Even our insistence on having fun infuriates them -- because we won’t bend the knee to political correctness.

One reason we stand apart is because we are not afraid to say we love America. We love her with every fiber of our being, and we think she's worth saving from today’s craziness.

Help us save her.

A second reason we stand out is the sheer number of honest responsible reporters we have helped train. We have trained so many solid reporters that they now hold prominent positions at publications across the political spectrum. Hear a rare reasonable voice at a place like CNN? There’s a good chance they were trained at Daily Caller. Same goes for the numerous Daily Caller alumni dominating the news coverage at outlets such as Fox News, Newsmax, Daily Wire and many others.

Simply put, America needs solid reporters fighting to tell the truth or we will never have honest elections or a fair system. We are working tirelessly to make that happen and we are making a difference.

Since 2010, The Daily Caller has grown immensely. We're in the halls of Congress. We're in the Oval Office. And we're in up to 20 million homes every single month. That's 20 million Americans like you who are impossible to ignore.

We can overcome the forces lined up against all of us. This is an important mission but we can’t do it unless you — the everyday Americans forgotten by the establishment — have our back.

Please consider becoming a Daily Caller Patriot today, and help us keep doing work that holds politicians, corporations and other leaders accountable. Help us thumb our noses at political correctness. Help us train a new generation of news reporters who will actually tell the truth. And help us remind Americans everywhere that there are millions of us who remain clear-eyed about our country's greatness.

In return for membership, Daily Caller Patriots will be able to read The Daily Caller without any of the ads that we have long used to support our mission. We know the ads drive you crazy. They drive us crazy too. But we need revenue to keep the fight going. If you join us, we will cut out the ads for you and put every Lincoln-headed cent we earn into amplifying our voice, training even more solid reporters, and giving you the ad-free experience and lightning fast website you deserve.

Patriots will also be eligible for Patriots Only content, newsletters, chats and live events with our reporters and editors. It's simple: welcome us into your lives, and we'll welcome you into ours.

We can save America together.

Become a Daily Caller Patriot today.

Signature

Neil Patel