The House IT Scandal

Russian meddling? Campaign collusion? Forget that. That “did they or didn’t they” story has nothing on the ongoing saga of cybersecurity breaches with the possible involvement of a foreign government taking place in the House of Representatives.

The story has all the features of a political spy novel: stolen servers, access to confidential congressional files, claims of “controlling the White House” and $12,000 in a suitcase.

Compared to the rampant speculation over yet-unproven claims of Russian collusion in the Trump campaign, the events in the House have received minimal attention from the mainstream press (the exception is the impressive level of coverage from the Daily Caller News Foundation). Even President Trump has raised public questions about the issue, tweeting about it as recently as April 20.

The unwillingness of major news outlets to devote significant coverage to the story is all the more noteworthy considering the presence of clear indications of wrongdoing by congressional staff, Members of Congress who are actively delaying the investigation, and a number of critical questions that remain unanswered.

Here are the basic facts. On February 2, 2017, Chiefs of Staff in several House offices were notified of a criminal probe into several House information technology (IT) staffers, for theft of computer equipment, overbilling, and, most disturbingly, the presence of an external email server to which House data was being funneled.

The probe, first raised by investigators in the House Inspector General’s (IG) office, centered around five House IT staffers, all immediate family members—brothers Abid, Imran and Jamal Awan, as well as Imran’s wife, Hina Alvvi, and Abid’s wife, Natalia Sova. All were shared employees of over forty House offices, meaning they were hired by multiple House offices, which split their salaries.

As IT staffers, the group had significant access to the correspondence, emails and confidential files of Members of Congress, with almost no one tracking them. Bizarrely, these IT staff were not subject to background checks— which, given what these staffers are alleged to have engaged in, seems to be a massive oversight.

In addition to working as House IT staff for over forty members of Congress, several on key intelligence and foreign relations committees, Imran Awan and his brothers (two of which had criminal records) ran a car dealership in Virginia. The dealership was reportedly plagued with financial mismanagement, leading to angry investors and unpaid debts.  

One of those owed money, Rao Abbas, threatened to sue amid allegations of deception and theft. A short time later, Abbas mysteriously appeared on the congressional payroll and received $250,000 in payments. The dealership also received a $100,000 loan from a former Iraqi politician who fled the United States on tax charges and reportedly has links to the terrorist group Hezbollah.

In spite of this, the five family members netted $4 million in taxpayer financed salaries as employees of the House of Representatives between 2009 and the present; only 100 of the 25,000 staff working in the House since 2010 made more. All were paid over $160,000 a year—three times what the average House IT staffer makes. When Jamal Awan joined the family business, he was brought in with a six-figure salary at just 20 years old.

Despite making top tier salaries, it is unclear what services the five actually provided. Interviews with Members of Congress suggest Imran was doing the bulk of the work, while his family members existed as “ghost employees”on the payroll.

In the meantime, we do know that the group made unauthorized access to House servers, logging in with the usernames and passwords of Members of Congress, including the servers of members for whom they did not work. Moreover, according to the IG, the access continued after they were banned from the network and, in some cases, fired by the Member offices.

The unauthorized access peaked just months before the 2016 elections, when the server of the House Democratic Caucus was accessed by the Awans 5,700 times over a seven-month period. Authorities believe Awan routed data from over a dozen House offices to the server, where he may have then read or removed information. Awan’s purpose for doing so has not been made clear, though the Daily Caller recently reported claims by Awan’s father that his son transferred the data to a USB drive, which was then given to a Pakistani senator and former head of a Pakistani intelligence agency.

In a spy novel twist, the server, containing all the data in question, has gone missing.

In July, 2017, Awan was arrested attempting to board a flight to Pakistan with a wiped cell phone, a resume that listed his address as Queens, New York, and after initiating a wire transfer of $238,000 from the Congressional Federal Credit Union to the Pakistan. His wife had already left the country with $12,000 in cash hidden in her suitcase.

A month later, the Awans were indicted on bank fraud charges. Remarkably, neither Awan, his wife, nor any of his family members have been charged for their repeated unauthorized access to congressional networks.

The obvious question is why. After documentation of thousands of unauthorized breaches, a missing server whose contents are now unaccounted for, and thousands of dollars in missing equipment, it beggars belief that anyone could still be incredulous about whether or not a crime was committed.

And yet, certain House Democrats remain that way. Rep. Debbie Wasserman Schultz (D-Fl.), in particular, refused to fire Awan, keeping him on her payroll for six months after he was banned from accessing the House network. According to Capitol Hill officials involved in the case, the Democrats who employed Awan are refusing to press charges. No significant public oversight has been given to the matter, beyond an unofficial hearing held by the House Freedom Caucus in October, 2017. In a hearing held by the House Administration Committee on April 12, 2018, the House Chief Administrative Officer Phil Kiko identified two dozen problems with how the House manages cybersecurity, and recommended eliminating the concept of “shared employees,” which allowed the Awans access to data in multiple offices. Thus far, the proposed reforms have been blocked.

Can we pause for a moment and appreciate how terribly ironic this is? Many of these same Democrats who are demanding the president’s impeachment for unproven collusion allegations have their own cybersecurity scandal —one they refuse to address or even acknowledge.

This is astonishing not only for its rank hypocrisy, but also given the 2016 hack of the server at the Democratic National Campaign committee, which resulted in DNC emails being published on Wikileaks. Many Democrats lament the role those leaked emails played in tarnishing the candidacy of Hillary Clinton prior to Election Day. And yet, these Democrats refuse to take the breaches seriously, or even to implement recommended reforms.

But, politics aside, this issue is beyond mere “whataboutism.” The security of the House has been compromised, and the investigation into how and why is being stymied by Democratic lawmakers who conveniently claim to care about electoral integrity—until it may impact them.

Secure files repeatedly have been breached without authorization, a server and its data are missing, and hundreds of thousands of dollars have been transferred to Pakistan. Yet if you ask any House Democrat involved in this, they’ll tell you nothing is amiss.

As the palace guard succinctly put it in Shakespeare’s Hamlet, something is rotten in the state of Denmark—in this case, in the People’s House.

Democrats must address this scandal, or the House leadership should take the matter into their own hands. Politics aside, no breach of this magnitude should be left unaddressed, particularly when it comes to the scope of the information that may be at stake.

Photo credit:  Tom Williams/CQ Roll Call

Get the news corporate media won't tell you.

Get caught up on today's must read stores!

By submitting your information, you agree to receive exclusive AG+ content, including special promotions, and agree to our Privacy Policy and Terms. By providing your phone number and checking the box to opt in, you are consenting to receive recurring SMS/MMS messages, including automated texts, to that number from my short code. Msg & data rates may apply. Reply HELP for help, STOP to end. SMS opt-in will not be sold, rented, or shared.

About Rachel Bovard

Rachel Bovard is senior director of policy at the Conservative Partnership Institute and Senior Advisor to the Internet Accountability Project. Beginning in 2006, she served in both the House and Senate in various roles including as legislative director for Senator Rand Paul (R-Ky.) and policy director for the Senate Steering Committee under the successive chairmanships of Senator Pat Toomey (R-Penn.) and Senator Mike Lee (R-Utah), where she advised Committee members on strategy related to floor procedure and policy matters. In the House, she worked as senior legislative assistant to Congressman Donald Manzullo (R-Il.), and Congressman Ted Poe (R-Texas). She is the former director of policy services for the Heritage Foundation. Follow her on Twitter at @RachelBovard.