While much of the security-oriented focus regarding the storming of the Capitol building by protesters yesterday has rightfully been on the failure of the Capitol Police to prevent the breach of security, the country also faces a potentially serious cyber-threat as a result of the incident.
Laptops, smartphones, printers, and other computing devices that were left behind in offices and other areas by elected officials, staffers, and others as they retreated from the advancing protesters all must now be considered potentially compromised. Of course, members of the group that invaded the Capitol may have easily both accessed information found on any devices abandoned in an unlocked state, and infected such devices with malware. Even locked devices, however, can no longer be trusted to be secure. Unless their USB ports’ communication lines were previously disabled (which is certainly unlikely in the case of phones), unauthorized people in the Capitol could easily have infected the devices with malware simply by plugging poisoned USB sticks into ports on the devices.
While initial impressions are that the group that breached the Capitol consisted of unruly individuals intent on having a temper tantrum, and not cyber terrorists or foreign spies, there is simply no way at this point to know for certain that none of the latter entered the building as part of the group, nor that none of the protesters themselves would inflict cyber harm. (Consider for a moment what you would do if you were running a Washington, DC intelligence cell for a hostile foreign power, and saw the Capitol being overrun – wouldn’t you send some agents to join the riad?)
As such, all devices left behind should be treated as potentially infected with malware, and care should be taken to immediately address any risks emanating from the potential compromise of information on devices that were left unlocked or weakly-locked.