Federal authorities are investigating whether sensitive data was stolen from congressional offices by several Pakistani-American tech staffers and sold to Pakistani or Russian intelligence, knowledgeable sources say.
What started out 16 months ago as a scandal involving the alleged theft of computer equipment from Congress has turned into a national-security investigation involving FBI surveillance of the suspects.
Investigators now suspect that sensitive US government data — possibly including classified information — could have been compromised and may have been sold to hostile foreign governments that could use it to blackmail members of Congress or even put their lives at risk.
“This is a massive, massive scandal,” a senior US official familiar with the widening probe told The Post.
Alarm bells went off in April 2016 when computer security officials in the House reported “irregularities” in computer equipment purchasing. An internal investigation revealed the theft of hundreds of thousands of dollars in government property, and evidence pointed to five IT staffers and the Democratic Congress members’ offices that employed them.
The evidence was turned over to the House inspector general, who found so much “smoke” that she recommended a criminal probe, sources say. The case was turned over to Capitol Police in October.
When the suspected IT workers couldn’t produce the missing invoiced equipment, sources say, they were removed from working on the computer network in early February.
During the probe, investigators found valuable government data that is believed to have been taken from the network and placed on offsite servers, setting off more alarms. Some 80 offices were potentially compromised.
Most lawmakers fired the alleged “ringleader” — longtime IT staffer Imran Awan — in February. But Florida Rep. Debbie Wasserman Schultz, the former Democratic National Committee chief, kept Awan on her payroll until his arrest last month on seemingly unrelated charges of defrauding the congressional credit union.
For more than a decade, Awan, his wife, two relatives and a friend worked for 30 House Democrats. They included New York City pols Gregory Meeks, Joseph Crowley and Yvette Clarke and members of the sensitive Intelligence and Foreign Relations committees.
The Democrats who hired the five suspects apparently did a poor job vetting them. Awan’s brother Abid had a rap sheet with multiple offenses, including a conviction for DWI a month before he was hired, and filed for bankruptcy in 2012.
Most had relatively little IT experience. Yet they hauled in a combined $4 million-plus over the past decade. One, a former McDonald’s worker, was suddenly making as much as a chief of staff.
“These lawmakers allowed an insider threat to come into the House,” the official charged. “Computer equipment was stolen, taxpayers were robbed of hundreds of thousands of dollars, and sensitive data was compromised and possibly sold overseas.”
On Thursday, a federal grand jury indicted Imran Awan on four seemingly unrelated felony counts including bank fraud, conspiracy and making false statements. They also indicted his wife, Hina Alvi. FBI agents seized hard drives and other evidence from their Virginia home.
The indictment says the couple wired close to $300,000 in fraudulently obtained funds to Pakistan in January, as the Capitol Police investigation heated up.
FBI agents last month collared Awan, 37, at the Dulles International Airport airport as he tried to board a flight to Pakistan. Alvi, 33, fled to Pakistan in March.
Now that prosecutors have Awan hung up on the fraud charges, they will try to squeeze him harder in the larger cyberespionage investigation, according to the US official, who expects additional charges and arrests in the case.
Awan’s lawyer, Christopher Gowen, who has worked for Hillary Clinton’s campaigns as well as the Clinton Foundation, maintained that his client was only indicted “for working while Muslim.”
The investigation has touched Democratic leaders including Wasserman Schultz, who has been accused of protecting Awan. She stuck by her close aide, despite being briefed several months ago by House administrators and security officials about his “suspicious activities” on the Hill, sources say.
Wasserman Schultz attempted to downplay his alleged conduct, saying he was “transferring data outside the secure network, which I think amounted to use of apps that the House didn’t find compliant with our security requirements.” Such transfers though, could be a serious, potentially illegal, violation.
The US Attorney’s Office in Washington has taken possession of a laptop issued to Awan from Wasserman Schultz’s office, according to the sources, and she has reportedly retained counsel.
Earlier this year, she badgered the Capitol Police chief to return the laptop to her, even threatening him with “consequences.”
The congresswoman could not be reached for comment, but she recently told a local paper that scrutiny of her Muslim aide was motivated by “racial and ethnic profiling.”
Awan had access to Wasserman Schultz’s e-mails at both Congress and the DNC, where he had been given the password to her iPad. After DNC e-mails and research files were stolen during the presidential election, Wasserman Schultz reportedly refused to turn over the server to the FBI and instead called in a private firm to investigate and ID the hackers. The firm blamed the Russian government, while admitting, “We don’t have hard evidence.” The corrupted DNC server, held in storage, still has not been examined by the FBI.
Wasserman Schultz denies the DNC turned down the FBI’s assistance or that her congressional or DNC e-mails were compromised by Awan.
“This whole investigation pivots off Debbie Wasserman Schultz,” the official said.
“It’s clear that large bytes of data were moved off the secure network,” said another source close to the investigation, adding that Awan and the other four staffers under investigation had “full and complete access” to lawmakers’ e-mails, calendars, schedules, hearing notes, meeting notes and memos and other sensitive information.
Investigators are trying to determine if any classified information was compromised. Although the network that was breached is an unclassified system, it’s possible that members or staff cleared to handle classified information inadvertently sent such information in e-mails after getting classified briefings, sources believe.
“Logic dictates that sensitive data was compromised,” the senior official speculated. “An accused criminal with close ties to Pakistan had full and complete control over data that went out over the network.”
Paul Sperry is a former Hoover Institution media fellow and author of “Infiltration: How Muslim Spies and Subversives Have Penetrated Washington.”