Rioters who breached the U.S. Capitol building have been spotted sitting at congressional desks with physical access to desktop computers and other devices. According to experts, there’s a low risk that the rioting will pose a direct threat to the security of the Capitol’s computer networks or information on devices.
But the chaos may be a golden opportunity for malicious actors, including America’s enemies, to mount cyberattacks elsewhere.
In theory, elements within the seditious uprising or other actors using the rioters as cover might attempt to install malware on, say, House Speaker Nancy Pelosi’s desktop. That could spread to compromise other computers on the network.
But such an attempt would face barriers far beyond guessing a congressperson’s password.
“You’d need a CAC card to install anything on a government network. It’s an actual physical ID card you have to put into the computer,” according to Vinny Troia, a former longtime Defense Department cybersecurity contractor and founder of NightLion Security. A CAC, or common access card, is issued to Defense Department workers and military personnel.
“They could always force someone at gunpoint to log in with the card or steal it, but I think that’s a low probability,” adds Troia.
Furthermore, according to Troia, the USB ports of all government employee devices should be disabled, a rule put into effect after Edward Snowden was able to exfiltrate sensitive government documents via a USB key. That would make it more difficult to install malware or remove information.
It’s also unlikely the mob will gain access to the cell phones of staff or legislators. Though once banned in legislative chambers, cell phones are now allowed, making it likely that lawmakers and others were carrying their devices when they were evacuated. And any government phones or laptops that go missing can be wiped remotely, according to Jonathan Reiber, former head of strategic cybersecurity policy in the Defense Department and now chief strategist at cybersecurity firm AttackIQ.
However, even if it doesn’t lead to a direct attack on the Capitol network, the right-wing insurrection will be an enticing opportunity for attacks elsewhere.
“Any adversary is going to look at what’s happening in the United States right now and try to do more,” warns Reiber. The chaos provides potentially strong cover for either state-backed or criminal cyberattacks on hospitals, city governments, or corporate networks.
Reiber strongly urges cybersecurity leaders to be vigilant.
“For CISOs across the world and around the United States, I’d be exercising my controls right now to increase my effectiveness…because hostile actors are going to go against them, too.”