- The looting of the US Capitol on Wednesday by a mob of Trump supporters has also caused a cybersecurity disaster that the federal government must address, according to experts.
- Rioters stole computers and hard drives from lawmakers’ offices and had access to unlocked computers while storming the building, according to video footage and photos taken on Wednesday. A US attorney said Thursday that objects stolen from the Capitol could include “national security equities.”
- Cybersecurity experts told Insider congressional offices needed to take immediate steps to secure potentially stolen hardware and that all the computers in the Capitol building would likely need to be replaced.
- It’s not clear that any of the intruders in the Capitol were prepared to mount a sophisticated cyberattack, but experts say their direct access to lawmakers’ hardware and data means caution is advised.
- Visit Business Insider’s homepage for more stories.
The siege on the Capitol by a mob of Trump supporters Wednesday was a historic security failure right at the seat of the US government — but cybersecurity experts said the intrusion could pose an ongoing threat to national security, even well after the Capitol building itself was secured.
After they breached barriers and smashed windows to gain entry to the Capitol, several of the rioters accessed lawmakers’ office computers and stole hardware, according to footage from the rally and statements by politicians.
Now in the aftermath, there are unanswered questions about the state of congressional cybersecurity. Experts told Insider tha the federal government will need to take swift action to protect confidential information stored on stolen devices. Extreme measures will also likely be needed to secure existing hardware at the Capitol, including wiping all computers in the building and rebuilding its IT infrastructure from scratch.
House chief administrative officer Catherine Spindzor sent an email to representatives Thursday afternoon asking them to take inventory of electronics and report any missing computers or smartphones, Politico reported. Spindzor added that her office issued commands to remotely lock computers and shut down wireless access to the Capitol “to prevent inappropriate access to House data,” according to the report.
It’s possible that none of the intruders in the Capitol were sophisticated cybercriminals, in which case the threat to Congress would be relatively low. But given the mob’s direct access to lawmakers’ machines and data while in the building, experts say it’s better to be overly cautious.
“Once intruders have physical access to a system, the game is over,” Jackie Singh, a security researcher who worked as a cybersecurity expert for the Biden 2020 campaign, told Insider. “The safest thing to do once it’s been out of physical custody is to wipe it.”
When reached for comment, the Cybersecurity and Infrastructure Security Agency — the body tasked with overseeing cybersecurity for the federal government — referred Insider’s questions to the House and Senate Sergeants at Arms. Those offices did not immediately respond to questions.
US Attorney for the District of Columbia Michael Sherwin told Fox News Thursday that among the electronic materials stolen from the capital, some “could have potential national security equities,” adding that officials are still taking stock of what’s missing.
In the aftermath of the looting, several lawmakers found that their offices’ computers had been accessed or stolen by rioters. Sen. Jeff Merkley of Oregon said in a video posted on Twitter that a computer was swiped from his office.
—Senator Jeff Merkley (@SenJeffMerkley) January 7, 2021
Footage taken during the riot also showed Trump supporters breaking into House Speaker Nancy Pelosi’s office. A rioter told The New York Times that he stole a letter from Pelosi’s desk. Elijah Schaffer, a journalist with the right-wing news outlet Blaze TV, posted a photo on Twitter on Wednesday, apparently since deleted, that appeared to show an unlocked computer in Pelosi’s office with an open email account of one of her staffers.
“There’s no evidence that the looters inside the Capitol are cybercriminals, but that doesn’t mean they won’t have the ability to access sensitive files,” said Kiersten Todt, the managing director of the Cyber Readiness Institute and a former cybersecurity advisor to the Obama White House. “You certainly don’t want ‘Pelosi123’ as a password on one of those laptops.”
Congressional IT teams need to take swift action, experts say
Experts advise that lawmakers’ IT staffs immediately start taking inventory of devices to gauge which computers were accessed and what hardware was stolen. Most modern IT teams have the ability to remotely wipe or lock devices, experts said.
“If devices were stolen, I would either geolocate the device and decide whether or not it’s prudent to retrieve it, or render it useless using an enterprise device-management solution to do what we call in the industry ‘brick the device,'” said Theresa Payton, CEO of the security firm Fortalice Solutions and former White House chief information officer.
Out of an abundance of caution, congressional IT staffs will likely have to wipe all federal devices to ensure they haven’t been infected with spyware or otherwise compromised, said Bob Maley, the chief security officer of the cybersecurity firm NormShield and a former chief information-security officer for the state of Pennsylvania.
While it’s a daunting task, it’s well within the capability of Capitol staff: The former House IT worker Ian Campbell suggested in a tweet a similar sweep happens every time a political office changes hands.
—Ian (@neurovagrant) January 6, 2021
Rioters were inside the Capitol for more than two hours on Wednesday. President Donald Trump, who initially urged his supporters to march to the Capitol before the mob broke into the building, resisted his staffers’ requests to send in the National Guard to protect Congress, The New York Times reported.