Being a U.S. citizen, I found the recent mob attack on our nation’s Capitol Building shocking as most others have as well. There are other forums to discuss the political issues and ramifications. However, they should not overshadow things such as the deaths and injuries as well as the damage and potential impairment with respect to computer security. I’m not alone in considering the last issue, but it’s something that’s been overshadowed by other discussions.
One might think that the trail of destruction and the television and social-media coverage of the people involved was the only damage or attacks involved that day. Like most security problems, though, it’s usually what you don’t know that will come to haunt you.
The recent revelations about the SolarWinds attack, also on the U.S. government agencies and companies, should be a reminder that seemingly normal operations can have underlying problems. We still don’t know the scope of these attacks as the attackers would prefer their machinations remain hidden and usable to them. Cybersecurity experts are trying to mitigate the attacks and prevent new ones.
Finding a hole in a security system is almost always the starting point for an attacker. It can be as simple as guessing someone’s Twitter password to try to cause errors in an application and thus gain entry to a system, usually by remote means. Films like 1983’s WarGames (Fig. 1) highlight guessing passwords and scanning for contacts, but we also know that post-it notes with passwords on the side of screens or on desks is the norm.
We have features like two-factor authentication, but whether this is being used on all devices in the Capitol Building is a question. Likewise, the attack went so quickly that desktops and laptops were left in place, often logged into the system, allowing passersby to potentially do more than snap a selfie.
While this conjecture sparks ideas for movie plots, we should consider that reality is often more bizarre than imagined by Hollywood. The actual attacks that occurred weren’t necessarily inevitable. But someone who wanted to gain access, which would normally be difficult on a normal day, could easily take advantage when the opportunity arose.
We many never know if anyone took advantage of the systems while the mob migrated throughout the Capitol Building. Nonetheless, they essentially had access to most of the computer systems left running while office workers fled to safety. Some invaders simply posted tweets of computer screens (Fig. 2).
We don’t know what else may have occurred and that frightens cybersecurity experts. Unfortunately, something as simple as powering down PCs would have prevented this, but often even a short amount of time may not be safe.
The problem with a potential covert attack having this type of access is such an issue that simply gaining access to someone’s email is probably a very minor breach. Compromising the operating system or boot support of a PC could enable subsequent invasions by remote means. Leaving a bunch of flash drives plugged into a machine could cause problems. Likewise, plugging devices into a wired network and hiding them are potential problems, too.
Simply turning chairs back over and replacing broken windows will not address computer security issues that may have arisen during the attacks. We’re unlikely to hear about how any of that may have been discovered, given how insecurity is rarely talked about in public. Still, it’s worthwhile talking about how secure your systems may be and how similar—although probably less drastic—situations can be addressed. Layered security and best practices may be worth reviewing while we’re thinking about them.