Storming of the Capitol Building Presents Massive Cybersecurity Risk
January 28, 2021
In light of the historic siege on the Capitol building, a glaring problem in security has come to the attention of the nation. While the breach in the Capitol has also revealed a risk in physical security, a more dangerous threat to cybersecurity has surfaced.
A large amount of concern has piled over reports of stolen devices and the multiple images that have surfaced online of rioters roaming freely inside congressional offices with open access to computers. Elijah Schaffer, a personality and reporter for the conservative outlet Blaze Media, even claimed that computers in Nancy Pelosi’s office were “left unlocked” by panicked staff, and he also posted pictures on social media of “one of [Nancy Pelosi’s] staffers’” computers that was left logged in.
While the United States government continually faces a variety of cyber attacks, with the recent Solar Winds breach exemplifying the growing dangers of sophisticated remote hacking, the physical access these rioters had to congressional devices warrants a massive deal of scrutiny. Christopher Painter, a former top US Cyber Diplomat said, “There’s a lot more you can do when you have physical proximity to a system.” Unlike remote hacking, physical access gives hackers more possibilities to attack a device, including exploiting the hardware of the device.
The threat to security increases when the possibility of devices being left unlocked is considered, as even individuals without proper technical knowledge would be able to access sensitive information. But Dr. Sturim, a researcher in the CyberSecurity and Information Sciences Division at the MIT Lincoln Laboratory, explained to the Register Forum that “a common practice in the industry is to have all devices auto lock themselves after a period of time.” He added that having auto lock is not the only countermeasure, as “another tactic is to have the computers only be unlocked by inserting a personal security badge.” Since an identification badge is needed to bypass security checkpoints, the person must remove it from the computer in order to go anywhere. When the badge is removed, the device automatically locks.
Even computers that were left locked are vulnerable, as some more highly sophisticated hackers among the ranks of those who entered the Capitol could have very easily injected malware ridden flash drives into the vulnerable USB ports of several computers. In the words of Dr. Sturim, “USB ports in general pose a great risk to a computer.”
An attempt to infiltrate into computers with USB ports could also lead to a situation similar to the 2008 cyber attacks on US military networks, when a flash drive containing a virus dubbed “Agent.btz” was inserted into a military laptop. These attacks were so severe that William J. Lynn III, the former Deputy Secretary of Defense, called it “the most significant breach of US military computers ever” in a 2010 Foreign Affairs article.
However, Dr. Sturim noted, “Any good intrusion detection system installed on a computer should be able to detect or block usage” and he would not be surprised if the USB ports were disabled at “the hardware level.”
While the situation is still developing and the true extent of damage that has been done is unknown, this event nonetheless serves as a warning to the dangers of cyberattacks, whether it be physical or remote.