By GCN Staff
Jan 11, 2021
Federal IT staff have a massive job ahead of them cleaning up after the rioters who broke into the U.S. Capitol building, some of whom rifled through lawmakers offices.
While improving physical security for the building and for lawmakers and staff who work there is the first priority, experts have said the rioters’ unprecedented access to offices, files and computers can have serious cybersecurity ramifications.
In some instances, IT equipment was stolen. Sen. Jeff Merkley (D-Ore.) said a laptop was taken off a conference table in his office, and House Speaker Nancy Pelosi’s (D-Calif.) staff also reported the theft of a laptop. A desktop in Pelosi’s office that was left on and unsecured allowed the rioters to read the staffer’s email and take photos of the PC’s screen.
January 12th, 2021
Kent Nishimura / Los Angeles Times via Getty Images
Among so many things that are horrific about last week’s deadly attack on the Capitol building was the fact that it was planned for weeks. In the open. With that in mind, we are left wondering about the cybersecurity questions raised in the aftermath.
When Engadget asked a physical cybersecurity penetration tester what he’d do if assigned to “pentest” the Capitol building during the riot, the response wasn’t comforting. His excitement was palpable. “Oooh, so many cool attacks you could do,” he said, and began listing equipment he’d bring.