December 11, 2017
by Luke Rosniak
Becerra Tried To Block Server Admin Over Red Flags, But Logins Continued, With Muted Reaction
Xavier Becerra, the chairman of the House Democratic Caucus, barely reacted when he learned the caucus server had been infiltrated in 2016, although he loudly decried the hack of the Democratic National Committee that happened around that same time. No one has faced punishment for the caucus server infiltration.
The then-congressman, who is now California’s attorney general, refused to articulate even the barest details of the cyber breach at a press conference Wednesday, and would not say whether he’s seeking criminal charges against longtime IT aide Imran Awan and his family.
Members of the Awan family logged on to the Caucus server 7,000 times without authorization between October 2015 and August 2016, according to a House investigation. The logins suggested “the server is being used for nefarious purposes and elevated the risk that individuals could be reading and/or removed information,” it said.
Multiple sources said Sean McCluskie, who was Becerra’s chief of staff and is now chief deputy attorney general of California, knew of problems well before law enforcement was brought on board in October 2016.
Imran’s brother Abid Awan had no connection to either the caucus or Becerra’s congressional office and had no authorization or reason to log in, but he was doing so anyway, according to investigators. Becerra had paid Imran to manage his personal office server since 2004, adding in his wife Hina Alvi as a second IT aide in 2013. Hina Alvi was also the sole IT aide on the payroll of the caucus, which has its own staff and equipment. Other aides had no connection or authorization to access it.
McCluskie suspected Abid and quietly tried to address the issue by quietly blocking him. Abid defied him and continued to access the server, which should have raised urgent red flags, the sources said.
“The Caucus Chief of Staff requested one of the shared employees to not provide IT services or access their computers,” but “this shared employee continued,” the House report found. The logins continued for months, and eventually, police said the entire server with evidence on it disappeared and was replaced with a different one.
The Daily Caller News Foundation asked Becerra about the incident and his response to it on Wednesday.