Top News

Cybersecurity experts warn of congressional information security after the Capitol riots

When rioters stormed the Capitol, they stormed Congressional offices, looted papers and, in at least one case, stole a laptop, according to a video Subscribed to Twitter By Sen. Geoff Merkley.

Merkley’s office was not the only one that was robbed, according to authorities. In a phone call to reporters Thursday afternoon, US officials said several Senate offices had been bombed.

“It will likely take several days to clarify what exactly happened, what was stolen, and what was not,” said Michael Sherwin, Acting District Attorney. “Items, electronic items, were stolen from Senate offices. Documents and materials were stolen, and we have to determine what was done, mitigate that, and they could have potential national security property rights. If there is damage, I don’t know the extent of that yet.” .

The thefts raise questions about the cybersecurity status of Congress and whether US officials have done enough to secure their computing hardware and networks from direct and physical access.

The incident highlights the grave cybersecurity risks now facing all lawmakers, congressional staff, and any outside parties they may have contacted in the course of work, say security professionals. Merkeley is a member of the Senate Foreign Relations Committee, which routinely discusses US global strategy and oversees the State Department.

There is no evidence that the rioters’ ranks included skilled pirates or enthusiastic spies, nor is there yet any indication of a data breach. It is a risk that the US Capitol Police and IT officials in Congress should consider, said Kirsten Todd, managing director of the Institute for Cyber ​​Readiness.

READ  Alessandra Aiou: From Vico Equense to the USA and her passion for Italian cuisine

Todd said, “What you are completely hoping for is that last night, after the looting and invasion took place, the Congressional IT Department was on top of things and taking inventory in all offices,” to check to see which devices were counted, which weren’t, and were able to scan those devices Immediately “.

Spokespeople for the Capitol Police, the House of Representatives and the Senate did not respond to requests for comment.

As with remote hacking, physical access to a computer or mobile device can allow thieves to view emails, connect to networks, and download important files without permission. But physical access threats are often considered more dangerous, as it gives hackers more options to compromise the device.

US intelligence agencies say the massive piracy of the US government probably originated in Russia '

“There is a lot that you can do when you have physical proximity to a system,” said Christopher Pinter, a former senior US official in the field of cybersecurity.

Attackers who took control of a laptop computer, for example, could plug in USB drives loaded with malware, install or modify computers, or make other secret changes to a system that they would not be able to accomplish from a distance.

Given the correct level of access, Ashkan Soltani, a security expert and former chief technologist with the Federal Trade Commission, said even an occasional attacker would be able to view Congressional emails, shared file servers, and other system resources.

Pinter added that even unclassified information can be harmful in the right contexts and in the wrong hands.

Several current Senate employees told CNN that while some IT safeguards exist throughout the organization, many decisions regarding information security practices are left to individual lawmakers’ offices.

READ  Australia, Facebook will pay Murdoch newspapers to use the news

Legislators and their employees use a range of technology: iPhones, iPads, MacBooks, Android devices, Microsoft Surface tablets and laptops from HP, Dell and Lenovo, to name a few, according to one employee.

Staff said that mobile devices and laptops in general are password protected. Someone said that in his office, devices are set to automatically lock themselves after sometimes 30 minutes or less.

Federal law enforcement agencies are pushing for arrests and charges after Wednesday's riots in the Capitol

Employees said that accessing certain applications, such as shared file storage systems and Skype, requires a VPN login. Logging into the VPN also requires multi-factor authentication.

But they said that a VPN is not required to access emails downloaded to a mobile device, and not many employees store their files behind multiple layers of protection.

“A lot of people keep folders on the desktop – not everyone uses their server storage,” one employee told CNN.

CNN’s Kara Scannell contributed to the report.

Earl Warner

"Devoted bacon guru. Award-winning explorer. Internet junkie. Web lover."

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Close
Close