> Begin forwarded message: > > From: Mark > > Cybersecurity and the Occupation of the Capitol > Published 7 January 2021 > http://www.homelandsecuritynewswire.com/dr20210107-cybersecurity-and-the-occupation-of-the-capitol > > <http://www.homelandsecuritynewswire.com/dr20210107-cybersecurity-and-the-occupation-of-the-capitol> > > On 6 January, a large number of pro-Trump rioters occupied portions of the > U.S. Capitol building to protest and disrupt the counting and certification > of electoral votes from the November 2020 election. Herb Lin writes that the > significance of this event for American democracy, the rule of law, and the > depths of extremism in the U.S. populace will be addressed by others, “but I > am compelled to point out this siege has created potentially serious cyber > risks for Congress and other affected offices.” > > On 6 January, a large number of pro-Trump rioters occupied portions of the > U.S. Capitol building to protest and disrupt the counting and certification > of electoral votes from the November 2020 election. Herb Lin writes in > Lawfare that the significance of this event for American democracy, the rule > of law, and the depths of extremism in the U.S. populace will be addressed by > others, “but I am compelled to point out this siege has created potentially > serious cyber risks for Congress and other affected offices.” > > He adds: > > To any computer security professional, maintaining physical security over > computers and other devices is a condition for maintaining cybersecurity. > What happens when a threat actor has compromised this essential aspect of > cybersecurity? > > These concerns arose during a conversation with my long-time cyber colleague > Eugene Spafford at Purdue University —what devices and computers did the mob > physically access during their breach of the countless desks and offices in > the Capitol? And how did they use that access? Have listening devices been > planted in these offices? Have USB sticks been used to download data from > House or Senate computers, or worse, to upload “back doors” that would enable > subsequent unauthorized remote access? > > To the best of my knowledge, only the Capitol was breached—personal and > committee offices in the various House and Senate office buildings remain > secure. But members often have offices in the Capitol as well. It is thus a > matter of the highest operational priority for those who provide > cybersecurity support for the House and Senate to ascertain the nature and > extent, if any, of cybersecurity compromises resulting from the occupation. > Every office with a computer and every telecommunications closet accessible > from public corridors (whether or not behind a locked door) will have to be > scanned and swept for malware and additional but unauthorized hardware (e.g., > a USB device that is not supposed to be attached that might be used as a > covert channel for exfiltrating information). > > And it is not only a technical scan and sweep that are necessary—user > passwords are often written on sticky Post-it notes; even worse, they are > often reused on different computers. House and Senate staff should > immediately change all passwords on all computers, ensuring of course that > they use different passwords for different accounts. >
_______________________________________________ Infowarrior mailing list Infowarrior@attrition.org https://attrition.org/mailman/listinfo/infowarrior