Attack on the Capitol might have severe cybersecurity aftermath

by Ugnius Kiguolis - -

Incidents in the Capitol may lead to possible cybersecurity issues like data leakage or even espionage

Capitol Building in DC

The Department of Justice (DoJ) warns that the attack on January 6, 2020, when hundreds of Donald Trump supporters pillaged the Capitol Building and its offices, looting computers, mobile devices, various documents, and other confidential information, might lead to severe cybersecurity consequences.

It was reported[1] that there were off-duty military and police officers amid the raging mob. Rioters spent more than three hours in senators' and other politicians' offices, taking pictures at high-ranking Congress members, including House of Representatives Speaker Nancy Pelosi, and stealing anything they could get their hands on.

Acting US Attorney for District of Columbia, Michael Sherwin, stated:

items, electronic items were stolen from senators' offices, documents and … we have to identify what was done to mitigate that.

It is known that besides physical injuries to the ones present, reports state that various devices filled with sensitive information got stolen. Sherwin also added that it would take several days to find out what exactly was stolen. During that time, many things can happen.

Malware infections, usage of stolen data and devices might cause severe issues

Hundreds of uninvited guests were roaming the Capitol Building freely during the attacks. It is not known what some of them were doing, apart from taking pictures, damaging various equipment, and leaving threatening notes. The worse thing is that they had complete access to classified information, such as dossiers, mail, computers, cell phones, documents, and others.

It is still not entirely clear what was stolen, as reports[2] are still coming in, or what the rioters were doing there for nearly four hours. Cybersecurity experts[3] fear the worse – sensitive information leakage (passwords, access codes, secret information, etc.), possible espionage, or even malware distribution. It is extremely dangerous, especially because this is one of the most critical government networks and potential threat actors had unrestricted access to computers, devices, and the physical network itself.

The threat actors could have planted physical listening devices anywhere in the Capitol Building, including senators' offices and the network itself. All devices – computers, networks, servers, routers, WiFi hotspots, etc.- were accessible to rioters for almost four hours. So a state of the art malware could have been installed on either of those. And since the politicians continued with their work after the attackers were kicked out, the possible malware infections could have spread.

Possible foreign agent involvement in the Capitol attack cannot be ruled out

For years, foreign cybercriminals were trying to hack various companies connected to the government of the U.S. One of the latest attacks was on Texas-based SolarWinds Corp,[4] which manages government agencies and big companies' informational technologies. The prime suspect of the crime was APT 29, a group linked to the Russian government.[5]

When it comes to the attack on the Capitol Building, the involvement of foreign intelligence agents cannot be discarded, as this was an ideal time span of four hours to get a small group of agents to blend in with the rioting crowd, access the offices of politicians (and the equipment in them) and plant whatever they wanted, wherever they wanted, including but not limited to listening equipment and malware.

Due to the possible malware infection, all devices that might have been affected by threat actors might have to be changed with brand new ones. Because malware, such as Trojans, can lay undetected until triggered. So even a perfectly clean looking computer might actually be compromised and pose a threat to national security.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions

References

Your opinion regarding Attack on the Capitol might have severe cybersecurity aftermath