A secret memo marked “URGENT” detailed how the House Democratic Caucus’s server went “missing” soon after it became evidence in a cybersecurity probe. The secret memo also said more than “40 House offices may have been victims of IT security violations.”
In the memo, Congress’s top law enforcement official, Sergeant-at-Arms Paul Irving, along with Chief Administrative Officer Phil Kiko, wrote, “We have concluded that the employees [Democratic systems administrator Imran Awan and his family] are an ongoing and serious risk to the House of Representatives, possibly threatening the integrity of our information systems and thereby members’ capacity to serve constituents.”
The memo, addressed to the Committee on House Administration (CHA) and dated Feb. 3, 2017, was recently reviewed and transcribed by The Daily Caller News Foundation. The letter bolsters TheDCNF’s previous reporting about the missing server and evidence of fraud on Capitol Hill.
It details how the caucus server, run by then-caucus Chairman Rep. Xavier Becerra, was secretly copied by authorities after the House Inspector General (IG) identified suspicious activity on it, but the Awans’ physical access was not blocked.
But after, the report reads, the server appears to have been secretly replaced with one that looked similar.
The memo called for firing the Pakistani-born aides, revoking all their computer accounts, and changing the locks on any door they had access to.
Rep. Louie Gohmert — a Texas Republican on the House Committee on the Judiciary who has done oversight work on the case — said the missing server contained copies of Congress members’ emails.
Multiple sources connected to the investigation told TheDCNF that shortly after an IG report came out identifying the House Democratic Caucus server as key evidence in a criminal probe, the evidence was stolen.
“They [the Awans] deliberately turned over a fake server” to falsify evidence, one official close to the CHA alleged. “It was a breach. The data was completely out of [members’] possession.”
The six-page letter says:
• In September of 2016 … the CHA and [IG] briefed the former Chairman of the Democratic Caucus about suspicious activity related to their server that the [IG] identified. As a result, the former Chairman of the Democratic Caucus directed the CAO to copy the data from their server and two computers.
• The CHA directed the IG to refer the matter to the US Capitol Police. The USCP initiated an investigation that continues to this day.
• In late 2016, the former Chairman of the Democratic Caucus announced his intention to resign from Congress to assume a new position. The CAO and [sergeant-at-arms] worked with the Chairman to account for his inventory, including the one server.
• While reviewing the inventory, the CAO discovered that the serial number of the server did not match that of the one imaged in September. [Investigators] also discovered that the server in question [the replacement server] was still operating under the employee’s control, contrary to the explicit instructions of the former chairman to turn over all equipment and fully cooperate with the inquiry and investigation. [A House source said the “employee” was Abid Awan.]
• The USCP interviewed relevant staff regarding the missing server.
• On January 24, 2017, the CAO acquired the [replacement] server from the control of the employees and transferred that server to the USCP.
President Donald Trump referenced the Democratic Caucus’ missing server in a tweet. But because the letter to the CHA was kept secret, many news outlets have not grasped that the House’s top cop documented a “missing server” connected to the Democratic Caucus.
The timeline laid out in the letter also shows that Becerra — now California’s Democratic attorney general — failed to ensure that the Awans didn’t have access to House computer systems during the 2016 election, which was wrought with cybersecurity scandals.
An IG presentation from September 2016 shows that Becerra knew of problems months before the server disappeared.
“The Caucus Chief of Staff requested one of the shared employees to not provide IT services or access their computers,” it read. “This shared employee continued.” It’s unclear why that request was not granted or why it was a request rather than an order.
A House official close to the probe said the employee was Abid, who was not on Becerra or the Caucus’s payroll. The official said Becerra Chief of Staff Sean McCluskie apparently knew Abid was accessing Caucus servers. According to payroll records, Abid’s sister-in-law, Hina Alvi, was the Caucus’ systems administrator.
The Awans’ continued physical access to Becerra’s equipment after red flags emerged enabled the server to disappear after it became evidence, House officials close to the investigation told TheDCNF.
Becerra has refused to comment, citing an ongoing criminal investigation.
The February 2017 memo itemizes “numerous and egregious violations of House IT security” by members of the Awan family, including using Congress members’ usernames and “the unauthorized storage of sensitive House information outside the House.”
“These employees accessed user accounts and computers for offices that did not employ them, without the knowledge and permission of the impacted Member’s office,” it said, adding, “4 of the employees accessed the Democratic Caucus computers 5,735 times.” More than 100 office computers were open to access from people not on the office’s staff, it said.
Chris Gowen — a former aide to Hillary Clinton who is now serving as Imran’s attorney — told TheDCNF, “There is no missing server and never was.”
He didn’t provide any support for his claim, which is contrary to evidence Kiko and Irving presented to Congress.
The memo said the CHA possesses voluminous evidence, including, “Interview notes with House Members’ Chiefs of Staff,” and “Logon activity and computer access logs.” Prosecutors have not brought charges.
The Awans were banned from Congress’s computer network the day the letter was sent, and Kiko held a briefing to convey the message to chiefs of staff for members who employed them.
But Democrats claim they were never told about any of the cybersecurity issues itemized in the urgent memo. Rep. Jackie Speier — a California Democrat on the House Permanent Select Committee on Intelligence who employed Imran and his wife, Hina Alvi — said she never heard of any missing server.
Joaquin Castro of Texas — another Democratic intelligence committee member who employed one of the Awans — told TheDCNF that Kiko never told him of any cybersecurity issues whatsoever and that the Awan probe was instead described as a theft issue.
Indeed, the CHA issued only one public statement on the case and titled it the “House Theft Investigation” — wording that avoids cybersecurity words while political news coverage raged about other cybersecurity issues in the 2016 election.
Yet even the alleged theft has not resulted in criminal charges — even though the letter also says House authorities have “purchase orders and vouchers” that allegedly show procurement fraud, as well as testimony from a Democratic chief of staff to Rep. Yvette Clarke, who warned of procurement fraud.
The FBI arrested Imran at the airport in July 2017 for alleged bank fraud that occurred six months prior, and Democrats have since claimed that the case is about nothing but bank fraud. Bank fraud does not explain why the Awans were kicked off the House network concurrent with the urgent memo, which did not cite bank fraud.
A Democratic IT aide who alleged that Imran solicited a bribe from him told TheDCNF he believes members of Congress are playing dumb and covering the matter up. Wendy Anderson, a former chief of staff to New York Rep. Yvette Clarke, told House investigators that she suspected that her predecessor, Shelley Davis, was working with Abid on a theft scheme, but Clarke refused to fire Abid until outside investigators got involved, TheDCNF reported.
Eighteen months after the evidence was recounted in the urgent memo, prosecution appears to have stalled for reasons not publicly explained. Imran is in court July 3 for a possible plea deal in the bank fraud case. Gohmert said the FBI has refused to accept evidence demonstrating alleged House misconduct, and some witnesses with first-hand knowledge say the bureau has not interviewed them.