Previous All Posts Next

Capitol Building Breach: Physical and Cyber Failures

Posted: January 8, 2021 to News.

Tags: Data Breach, Digital Forensics, Malware

The breach of the Capitol building this week was both shocking and scary, but what is clear from the pictures that are emerging is that it was not only the physical structure that was violated that day. What we have seen since Wednesday is that the MAGA rioters were able to not only able to break into the offices of congresspeople, but they were able to remain there long enough to snap pictures of themselves while doing it; the most infamous being the white-bearded man in a green hat with his feet up on her desk and his American flag draped on her desk behind him. What others may not have noticed, but that I took note of immediately, was her computer and the personal files and folders that were strewn about.  This puts these politicians in a very vulnerable position... The fact that her screen was black shows that it was hopefully turned off, but who knows if anyone tried to wake it up by wiggling the mouse around after the photo was snapped.  And from the files and papers on her desk, it's clear that they were not secure, so it's possible they could have rifled through and figured out her schedule or looked at her mail. All of these factors lead to one conclusion... There is most definitely a cyber security risk at the Capitol Building.

How Big of a Cyber Security Risk?

In all likelihood, the rioters/domestic terrorists are probably not sophisticated hackers.  In fact, they may not even know how to turn a computer on.  At this point, we just don't know.  But, if someone somewhere was able to procure a stray laptop, it's possible they could hand it over to a person with more experience. If a device was stolen, and the victim was following cyber safety protocols, it's likely that it was encrypted or at least password protected.  However, we are aware of just how lackluster the US government's cyber hygiene has notoriously been.  Also, if it was left open - say a person was quickly evacuated and didn't have the time or foresight to shut it down - a looter could have taken pictures or read anything left up on the computer. There's also a possibility, though it is slight, that one of the people who broke in uploaded malicious software onto the devices they came across, especially in this time of political turmoil.  There is no evidence as of yet that this was done, but it's important to consider and examine. The biggest concern, however, is with the possibility that confidential documents may potentially have been taken, if they were printed off and left on a desk.  Again, it's likely that computers were encrypted, but clearly, papers on a desk were not.

The Cyber Fallout

While there isn't a huge worry that there will be negative cyber issues following the riot, the fact is that this came less than a month after it was discovered that Russia had perpetrated one of the worst US government cyber breaches that we have experienced by exploiting a SolarWinds software vulnerability.  There is still a lot to uncover about the breach but one thing is clear... The US needs to do better.

And likely, this attack will cause some national self-examination of not only physical security but cybersecurity, as well.  In both cases, however, the US just simply wasn't well enough prepared to properly handle the threat, and there will be repercussions from that.

And while you may not be able to prepare the US government, you can prepare yourself.  A good start is to download our FREE Remote Security Checklist.  While that won't fully secure your business, it's a good start.  For more assistance and to allow us to answer questions about your cyber security concerns, you can also give us a call at 919-422-2607 or schedule a free online consultation. And please be safe out there.

Protect Your Business Today

Petronella Technology Group has provided cybersecurity, compliance, and managed IT services from Raleigh, NC for over 23 years. Contact us today for a free consultation and technology assessment.

Need help implementing these strategies? Our cybersecurity experts can assess your environment and build a tailored plan.
Get Free Assessment
Explore Our Services
Cybersecurity AI Services Compliance HIPAA CMMC Managed IT

Related Articles

FBI Issues Warning for Gmail, Outlook, AOL, and Yahoo Users FBI Issues Warning for Gmail, Outlook, AOL, and Yahoo Users Top 3 MFA Bypass Attacks: MFA Fatigue, Token Theft, and Machine-in-the-Middle Attacks Top 3 MFA Bypass Attacks: MFA Fatigue, Token Theft, and Machine-in-the-Middle Attacks Stop M365 MitM Attacks: MFA Bypass Defense Guide Stop M365 MitM Attacks: MFA Bypass Defense Guide Understanding and Defending Against MFA Machine-in-the-Middle (MitM) Attacks Understanding and Defending Against MFA Machine-in-the-Middle (MitM) Attacks
Craig Petronella
Craig Petronella
CEO & Founder, Petronella Technology Group | CMMC Registered Practitioner

Craig Petronella is a cybersecurity expert with over 24 years of experience protecting businesses from cyber threats. As founder of Petronella Technology Group, he has helped over 2,500 organizations strengthen their security posture, achieve compliance, and respond to incidents.

LinkedIn Twitter About
Related Service
Need Cybersecurity or Compliance Help?

Schedule a free consultation with our cybersecurity experts to discuss your security needs.

Schedule Free Consultation
Previous All Posts Next
Free cybersecurity consultation available Schedule Now