Commentary January 11, 2021

Longer-Term Cybersecurity Implications of the Occupation of the Capitol—Beware of Fake Leaks

Inside the U.S. Capitol last week, laptops from the offices of House Speaker Nancy Pelosi and Sen. Jeff Merkley, and other devices were taken, presumably by the occupiers. These devices are now in the physical possession of people who can be considered adversarial threat actors, who can take their time in trying to see what data is available on those machines.
Riots at the U.S. Capitol Building
Getty Images: Samuel Corum / Stringer

Last week, I wrote about cybersecurity issues raised by the loss of physical control in the U.S. Capitol during the occupation. Since then, it has become clear that a number of devices are missing and presumably taken by the occupiers. The rioters took laptops from the offices of House Speaker Nancy Pelosi and Sen. Jeff Merkley. These devices are now in the physical possession of people who can be considered adversarial threat actors, and those actors now have the opportunity to take their time in trying to penetrate them and see what data is available on those machines.

Read the rest at Lawfare blog