During the attack on the Capitol on January 6, the Capitol attackers had access to individual rooms and offices where they were free to move around for 2 hours. A report by acting prosecutor Michael Sherwin reported electronic items and documents stolen from senators’ offices. Senator Jeff Merkley also reported that at least one laptop was stolen.
Cybersecurity and National Security
Between computers stolen laptopss, the lost data and the suspected espionages, the consequences of this attack on cybersecurity will take months to resolve. Until then, we do not know what action has been taken against this stolen equipment. Passwords, documents, access codes and confidential or secret information may have been stolen.
Some computers may have been compromised with malware. to hack into them. Given the risk and sensitivity of the data, federal IT staff must assuming that ALL digital cameras on Capitol Hill have been compromised and act accordingly.
Risks of physical access to computers
If the computers stolen from Capitol Hill have been hacked with traditional methodsThe use of malicious software followed by a breach on the Internet for example, the malware scan would have been enough. The infected hard drives would then have been formatted or replaced. But among all these assailants, the possibility of physical access to computers on Capitol Hill must be raised.
Physically accessing a computer is more than just stealing it. Physical access implies the possibility of a sneak attack by a trojan…. The rioters could also have connected a USB key to the computers. They could even have simply put the key in a drawer to make it look like a Capitol device. Once connected, the computers would be infected with malware.
What needs to be done
Some good IT practices can reduce risk. Micro-segmentation of the network can prevent malware from traversing areas, for example. But no network-based security practice can completely mitigate a physical attack. The Capitol building needs to be completely wiped down. All machines must be scanned.
Any desktop computer that is not hermetically sealed should be opened and its internal components carefully inspected. The USB key slots must be lockedso that Capitol Hill workers can’t plug in random USB drives. The building must be scanned repeatedly room by room, floor by floor for the signal scattering.
Pursuing the rioters
U.S. law prohibits the collection and transmission of defense information. Anyone should be prosecuted who does so for the purpose of obtaining information concerning national defense with the intent or reason to believe that the information is to be used to the detriment of the United States, or to the advantage of any foreign nation.
It’s going to last for months or yearsboth in our courts and within the United States intelligence community. If secure information resulting from this breach finds its way into foreign hands, the stakes will rise enormously.