Published on January 7th, 2021 📆 | 7824 Views ⚑0
Rioters Open Capitol’s Doors to Potential Cyberthreats
Business Continuity Management / Disaster Recovery
Critical Infrastructure Security
Cyberwarfare / Nation-State Attacks
Security Experts: Federal Computer System In Capitol Building Is Endangered
The massive pro-Trump demonstrations that saw large crowds riot and then occupy the U.S. Capitol building in Washington Wednesday present a significant potential cybersecurity threat, as protesters appear to have gained access to at least one lawmaker’s office, along with computer systems and other devices, experts say.
The unfettered access gained by the protesters opens up a range of security issues, according to cybersecurity executives and analysts. These range from the protestors themselves acting as a cover to launch a cyberattack to threat actors gaining access to critical federal computer systems located in the Capitol building.
“Any malicious actor can walk in there with the others with a thumb drive and access a computer. Every system in there will have to be checked,” says Frank Downs, a former U.S. National Security Agency offensive threat analyst and now director of proactive services at the security firm BlueVoyant.
One image that captures this particular concern began circulating on social media Wednesday, showing a pro-Trump supporter sitting on what appears to be Speaker of the House Nancy Pelosi’s desk with an office computer sitting right off to the side.
A supporter of President Trump sits inside Speaker Pelosi’s office. pic.twitter.com/xyhj0Lziro
— NBC News (@NBCNews) January 6, 2021
The protesters were able to gain access to the Capitol building following a pro-Trump rally that was held in Washington, D.C. on Wednesday. President Trump appeared at the rally and continued his demands that the election results be recounted, and pushed for Vice President Michael Pence to reject key electoral votes, which Pence refused to do, according to The New York Times and multiple other media reports.
At the time the Capitol was occupied, both houses of Congress were in session and in the process of certifying the Electoral College votes that would eventually make Joe Biden officially president. The building was evacuated, with lawmakers and other locked away in offices until police regained control of the building later Wednesday night.
“Violence has absolutely no place in our democracy. I applaud the men and women of law enforcement and the National Guard, who are working to restore order and protect our institutions. Our country is better than what we saw today at our Capitol.”- NSA Robert C. O’Brien
— NSC (@WHNSC) January 6, 2021
Mike Hamilton, a former Department of Homeland Security analyst and now CISO with security firm CI Security, concurs that the protests and the ensuing distraction from the riots provided an open door for threat actors.
“This is a really great time for another country to exercise access they may have that may be dormant and waiting for an opportunity like this. For example Senate and House communication systems. It’s not like people aren’t monitoring, but their gaze is definitely averted right now,” Hamilton tells Information Security Media Group.
Brian Honan, president of Dublin-based cybersecurity consultancy BH Consulting, noted on Twitter that it will take several days for the Capitol Hill IT and security staff to not only check all PCs and devices, but also to ensure that no rogue devices, such as USB drives, were left behind.
There will be a lot of work over the coming days in ensuring every electronic device in the Capitol buildings has been wiped and cleared as they cannot now be trusted. Also, need to ensure no rogue devices have been left behind
— BrianHonan #BLM He/Him (@BrianHonan) January 6, 2021
Several cybersecurity experts noted that while it will take several days to recover and assess what happened on Wednesday, there are also long-term concerns to consider.
Jake Williams, president of cybersecurity consultancy Rendition Infosec and a former member of the NSA’s elite hacking team, believes that nation-state actors likely monitored what was happening Wednesday and would want to collect intelligence about what had transpired as well as taking advantage of some of the chaos.
“Nation-state adversaries will take advantage of distractions in our attention and certainly foreign governments will be interested in collecting intelligence on what precisely is happening in DC,” Williams told ISMG. He did note, however, that most organizations are not at any increased cybersecurity risks.
Tom Kellermann, who served as a cybersecurity adviser to President Obama, and is now head of cybersecurity strategy at VMware, is also concerned about what could transpire in the coming days, especially for anyone who might have access to cyber capabilities and was inside the Capitol Building.
“I am concerned that cyberattacks from domestic groups will spike over the next 14 days. A handful of these fringe groups are cyber capable,” Kellermann tells ISMG.
Other security experts worried that the riots and their aftermath might help spread disinformation, as well as open up victims to potential phishing and other attacks as threat actors look to take advantage of the confusion caused by the day’s events.
“There is likely an elevated cybersecurity threat level, as some may try to take advantage of disruption,” says Phil Reitinger, president and CEO of the Global Cyber Alliance, and the former director of the National Cybersecurity Center within the Department of Homeland Security.
“However, I’m far more worried about cyber activity directed toward people, including greater efforts at disinformation, to exacerbate divisions, and to phish people seeking rapid news and an explanation about what is happening,” Reitinger tells ISMG. “My standard advice of ‘be cautious’ applies more than ever now.”
Christopher Krebs, the former director of the U.S. Cybersecurity and Infrastructure Security Agency who was fired by Trump just after the November election, took to Twitter on Wednesday and explained that much of the disinformation surrounding the vote directly led to the events at the Capitol.
We called out #disinfo repeatedly before & after the election. Yet the President & his campaign/lawyers/supporters fanned the flames for their own selfish reasons culminating with today’s objections followed by his video message. WHAT DID THEY THINK WOULD HAPPEN? They own this.
— Chris Krebs (@C_C_Krebs) January 6, 2021