US Capitol riots: could Congress systems have been breached amid the chaos?

Apparent Trump supporters, who believe the US presidential elections to be fraudulent, stormed the US Capitol building on January 6 while Congress was in session, in what’s been called an “insurrection.” The building was occupied by the rioters for roughly five hours on Wednesday.

While the motives are still unclear, the cybersecurity community has been assessing the situation in order to understand the most likely scenario. In effect, the question is whether a cyberattacker could have gained valuable entry into Congress computers or servers in the midst of the chaos.

Mieke Eoyang, a former House Permanent Select Committee on Intelligence (HPSCI) staffer stated that the information contained in Congressional offices are “unclassified information.” “Classified information dealt with in designated Congressional SCIFs [Sensitive Compartmented Information Facility]. No indication those were breached,” she tweeted in response to questions of whether Congressional systems or physical files were compromised. 

Mieke Eoyang tweet screenshot

An SCIF is an enclosed area inside a building that is dedicated to processing classified information. 

Eoyang further indicated that there was no indication that any would-be cyberattackers “had access at the server or sysadmin level.” Eoyang later claimed to not be concerned about this incident from an infosec perspective, as there were many other things in Congress (such as the SolarWinds breach) that worried her: 

Joe Uchill tweet screenshot

However, while the unclassified information is one worry, other concerns are being raised about Congressional computer systems being breached and having traffic captured and intercepted. Some shared photos of computer cables running through the building:

Meredith L. Patterson tweet screenshot

Vinny Troia, a former longtime Defense Department cybersecurity contractor, stated that “You’d need a CAC [Common Access Card] install anything on a government network. It’s an actual physical ID card you have to put into the computer.” Troia also mentioned that the USB ports of all government computers should be disabled by default, a measure in response to Snowden’s famous exfiltration.

However, photos of the incident show that a computer apparently belonging to a staffer for House Speaker Nancy Pelosi was unlocked.

Photo by @ElijahSchaffer whose tweet has since been deleted

Ian Campbell, who claims to be a former System Administrator in Congress, stated that he would not be able to sleep well “until the networks were rebuilt from scratch and every computer wiped and the internals visually inspected before being put back in service. Every printer, every copier. Every nook and cranny.”

Ian tweet screenshot

The story is still developing and we will update as more facts come to light.