Capitol Insecurity

Jan. 8, 2021

Senior Content Director Bill Wong examines potential security issues given the recent events in the U.S. capitol.

Being a U.S. citizen, I found the recent mob attack on our nation’s Capitol Building shocking as most others have as well. There are other forums to discuss the political issues and ramifications. However, they should not overshadow things such as the deaths and injuries as well as the damage and potential impairment with respect to computer security. I’m not alone in considering the last issue, but it’s something that’s been overshadowed by other discussions.

One might think that the trail of destruction and the television and social-media coverage of the people involved was the only damage or attacks involved that day. Like most security problems, though, it’s usually what you don’t know that will come to haunt you.

The recent revelations about the SolarWinds attack, also on the U.S. government agencies and companies, should be a reminder that seemingly normal operations can have underlying problems. We still don’t know the scope of these attacks as the attackers would prefer their machinations remain hidden and usable to them. Cybersecurity experts are trying to mitigate the attacks and prevent new ones.

Finding a hole in a security system is almost always the starting point for an attacker. It can be as simple as guessing someone’s Twitter password to try to cause errors in an application and thus gain entry to a system, usually by remote means. Films like 1983’s WarGames (Fig. 1) highlight guessing passwords and scanning for contacts, but we also know that post-it notes with passwords on the side of screens or on desks is the norm.

1. Matthew Broderick’s character in the 1983 movie WarGames used the password Joshua to induce the WOPR computer to simulate global thermonuclear war.

We have features like two-factor authentication, but whether this is being used on all devices in the Capitol Building is a question. Likewise, the attack went so quickly that desktops and laptops were left in place, often logged into the system, allowing passersby to potentially do more than snap a selfie.

While this conjecture sparks ideas for movie plots, we should consider that reality is often more bizarre than imagined by Hollywood. The actual attacks that occurred weren’t necessarily inevitable. But someone who wanted to gain access, which would normally be difficult on a normal day, could easily take advantage when the opportunity arose.

We many never know if anyone took advantage of the systems while the mob migrated throughout the Capitol Building. Nonetheless, they essentially had access to most of the computer systems left running while office workers fled to safety. Some invaders simply posted tweets of computer screens (Fig. 2).

2. Tweets of computer screens may only be the tip of the iceberg.

We don’t know what else may have occurred and that frightens cybersecurity experts. Unfortunately, something as simple as powering down PCs would have prevented this, but often even a short amount of time may not be safe.

The problem with a potential covert attack having this type of access is such an issue that simply gaining access to someone’s email is probably a very minor breach. Compromising the operating system or boot support of a PC could enable subsequent invasions by remote means. Leaving a bunch of flash drives plugged into a machine could cause problems. Likewise, plugging devices into a wired network and hiding them are potential problems, too.

Simply turning chairs back over and replacing broken windows will not address computer security issues that may have arisen during the attacks. We’re unlikely to hear about how any of that may have been discovered, given how insecurity is rarely talked about in public. Still, it’s worthwhile talking about how secure your systems may be and how similar—although probably less drastic—situations can be addressed. Layered security and best practices may be worth reviewing while we’re thinking about them.

About the Author

William G. Wong | Senior Content Director - Electronic Design and Microwaves & RF

I am Editor of Electronic Design focusing on embedded, software, and systems. As Senior Content Director, I also manage Microwaves & RF and I work with a great team of editors to provide engineers, programmers, developers and technical managers with interesting and useful articles and videos on a regular basis. Check out our free newsletters to see the latest content.

You can send press releases for new products for possible coverage on the website. I am also interested in receiving contributed articles for publishing on our website. Use our template and send to me along with a signed release form.

Check out my blog, AltEmbedded on Electronic Design, as well as his latest articles on this site that are listed below.

You can visit my social media via these links:

I earned a Bachelor of Electrical Engineering at the Georgia Institute of Technology and a Masters in Computer Science from Rutgers University. I still do a bit of programming using everything from C and C++ to Rust and Ada/SPARK. I do a bit of PHP programming for Drupal websites. I have posted a few Drupal modules.

I still get a hand on software and electronic hardware. Some of this can be found on our Kit Close-Up video series. You can also see me on many of our TechXchange Talk videos. I am interested in a range of projects from robotics to artificial intelligence.