Capitol Riot

The rioting in the Capitol gives rise to cybersecurity issues as well as some basic concern regarding traditional modes of spying.

There is no way to know who all the intruders were. They didn’t sign in, and their bags were not searched when they left. The riot offered perfect cover for espionage and extremely sensitive data compromise of all stripes.

We cannot know what was stolen, but we should assume the worst.

The potentially compromised data could include: Social Security numbers, health records (including mental health), home addresses, phone numbers, etc., as well as details about state business and likely correspondents, which could be used in a spear phishing attack, doxxing, and other social engineering ploys.

Commentators have already pointed out that the rioting was most likely a Covid super spreader event. We have to treat the Capitol invasion as if it were a home intrusion during Covid: all surfaces are suspect. We don’t know what we don’t know.

This is a national security issue.

  • The SolarWinds hack was catastrophic. This invasion of the Capitol Building may be on the same order of magnitude since it is where our nation’s business is conducted.
  • A state-sponsored hacker and/or a member of a foreign government’s intelligence organization may have used the chaos to compromise the security of the Capitol with mechanical spyware or other exploits.
  • This would include communications wiring, the planting of video, audio or network hacking devices as well as other electronic surveillance technology.
  • Physical documents and print-outs of a potentially sensitive nature may have been stolen.
  • The theft of device including computers, smartphones, USB drives and other external drives is a matter of grave concern. Given the fact that a podium was stolen, the area of concern should include printers, scanners and other digital modes of transmitting information since they have hard drives that store data.