• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » News » The US Capitol was breached by rioters. What has to happen next?

The US Capitol was breached by rioters. What has to happen next?

by Chris Stokel-Walker
7 January 2021
in News
0
US Capitol
18
SHARES

When drawing up plans for IT security in the US Congress, Congressional tech employees most likely didn’t have an attack by hundreds, if not several thousand, irate supporters of Donald Trump who have been called “insurrectionists” and “terrorists” in mind. Yet a stunning security failure by police forces meant to quell crowds that gathered in the nation’s capital last night have resulted in just that. 

Marauding mobs of protesters went door to door throughout the US Congress in the late hours of January 6, ripping signs off walls and taking mementoes of the occasion, which will live in infamy. Many were armed with cell phones, with which they snapped photographs of themselves, feet up on the desks of some of the country’s most famous politicians. Others shared photos online of the email inboxes of Congressional staffers.

Information security professionals are worried that Congressional systems could have been breached as a result of the attack, as CyberNews has previously reported. But if they have, what are the next steps?

A full audit will be needed

“My heart goes out to the unsung IT heroes at the Capitol tonight,” tweeted Kimber Dowsett, director of security engineering at Truss Works. “My guess is they’ve never had to run asset inventory IR before – a daunting, stressful task in a tabletop exercise – and they’re running one (prob w/o a playbook) following a full on assault of the Capitol.”

My heart goes out to the unsung IT heroes at the Capitol tonight. My guess is they’ve never had to run asset inventory IR before – a daunting, stressful task in a tabletop exercise – and they’re running one (prob w/o a playbook) following a full on assault of the Capitol.

— socially distant, mask wearing bat (@mzbat) January 7, 2021

That “asset inventory IR” means an asset inventory incident response, or a wholesale rebuilding of all networks and IT infrastructure, because they don’t know what could have been compromised. “Honestly, everything with enough silicon to store a worm, starting with some of the charging cables, that was left insecure or plugged into the network since should be scrapped,” tweeted Joe Helfrich. 

“Even if you think the odds of someone using this to insert an attack is small, the risk is huge.”

 Joe Helfrich

There’s precedent for this kind of thing: in 1991, the KGB sent spies to look around the US embassy in Moscow when it suffered a fire

Meticulous monitoring and destroying of material

“They’re probably going to have to throw every computer in the shredder,” added one senior infrastructure administrator at a financial services company. “Can’t trust that somebody didn’t leave something behind.”

They pointed out that a similarly destructive attack – by a tornado on a tower block in Fort Worth, Texas that the FBI operated out of – resulted in documents scattered all over the city’s streets. 

“They called in a bunch of agents from other offices, and some who had retired to go through the city and pick up every scrap of paper. They couldn’t risk any of it leaking, and they couldn’t use any of it as evidence anymore, so it all had to be destroyed.”

Some images have been shared on social media of conversations where mob participants claim to have taken hard drives, though those claims are unsubstantiated – and the people who have made them are supporters of a US president who has no qualms about lying. 

A silver lining?

There is, however, a silver lining to take from the disruption to democracy that occurred, and the information security nightmare that it could have caused. The wholesale rework of IT systems and equipment, if pursued properly, could throw up any pre-existing hardware implants that foreign governments may have surreptitiously installed. 

While many of those drunk with power who roamed the corridors of Congressional buildings yesterday likely won’t have realised what a treasure trove of information and data they likely could have accessed, they may have unwittingly helped force one of the biggest governmental IT audits in history – which could be beneficial in the long run.

Share18TweetShareShare

Related Posts

Wall Street vs Main Street fight quashes hedge funds as GameStop keeps rallying

Wall Street vs Main Street fight quashes hedge funds as GameStop keeps rallying

27 January 2021
Google to stop using Apple tool to track iPhone users, avoiding new pop-up warning

Google to stop using Apple tool to track iPhone users, avoiding new pop-up warning

27 January 2021

‘World’s most dangerous malware’ Emotet disrupted

27 January 2021
GameStop extends Reddit driven hyper-rally after Musk tweet

GameStop extends Reddit driven hyper-rally after Musk tweet

27 January 2021
Next Post
Excerpt from a deepfake based satirical show “Sassy Justice”

Kill, laugh, love: what should we do with deepfakes?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    83053 shares
    Share 83043 Tweet 0
  • The ultimate guide to safe and anonymous online payment methods in 2021

    13 shares
    Share 13 Tweet 0
  • 8 best cybersecurity podcasts for 2021

    56 shares
    Share 56 Tweet 0
  • Walmart-exclusive router and others sold on Amazon & eBay contain hidden backdoors to control devices

    13365 shares
    Share 13361 Tweet 0
  • Network Attached Storage

    0 shares
    Share 0 Tweet 0
Wall Street vs Main Street fight quashes hedge funds as GameStop keeps rallying

Wall Street vs Main Street fight quashes hedge funds as GameStop keeps rallying

27 January 2021
Google to stop using Apple tool to track iPhone users, avoiding new pop-up warning

Google to stop using Apple tool to track iPhone users, avoiding new pop-up warning

27 January 2021

‘World’s most dangerous malware’ Emotet disrupted

27 January 2021
The satellite-hacker’s guide to the space industry: don’t panic (yet)

The satellite-hacker’s guide to the space industry: don’t panic (yet)

27 January 2021
Man in front of multiple computers

North Korea has been targeting threat researchers

27 January 2021
GameStop extends Reddit driven hyper-rally after Musk tweet

GameStop extends Reddit driven hyper-rally after Musk tweet

27 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!