After the Riot, the US Capitol's IT Staff Faces 'a Security Mess' (wired.com) 140
After Wednesday's invasion by protesters, America's Capitol building is now grappling with "the process of securing the offices and digital systems after hundreds of people had unprecedented access to them," writes Wired.
Long-time Slashdot reader SonicSpike shares their report: Rioters could have bugged congressional offices, exfiltrated data from unlocked computers, or installed malware on exposed devices. In the rush to evacuate the Capitol, some computers were left unlocked and remained accessible by the time rioters arrived. And at least some equipment was stolen; Senator Jeff Merkley of Oregon said in a video late Wednesday that intruders took one of his office's laptops off a conference table...
Former Senate sergeant at arms Frank Larkin, who retired as Senate sergeant at arms in 2018, adds that cybersecurity is the next priority after physical security. In spite of this, the mob Wednesday had ample opportunities to steal information or gain device access if they wanted to. And while the Senate and House each build off of their own shared IT framework, ultimately each of the 435 representatives and 100 senators runs their own office with their own systems. This is a boon to security in the sense that it creates segmentation and decentralization; getting access to Nancy Pelosi's emails doesn't help you access the communications of other representatives. But this also means that there aren't necessarily standardized authentication and monitoring schemes in place. Larkin emphasizes that there is a baseline of monitoring that IT staffers will be able to use to audit and assess whether there was suspicious activity on congressional devices. But he concedes that representatives and senators have varying levels of cybersecurity competence and hygiene.
It's also true that potentially exposed data at the Capitol on Wednesday would not have been classified, given that the mob had access only to unclassified networks. But congressional staffers are not subject to Freedom of Information Act obligations and are often much more candid in their communications than other government officials. Security and intelligence experts also emphasize that troves of unclassified information can still reveal sensitive or even classified information when combined... Kelvin Coleman, executive director of the National Cyber Security Alliance, who formerly worked in the Department of Homeland Security and National Security Council... adds, though, that for now the most important thing congressional IT staffers can do is account for which devices were stolen and begin a mass effort to reset passwords, add multifactor authentication to any accounts that don't already have it, wipe and reimage hard drives when practical, and comb monitoring logs for signs of access or exfiltration.
Long-time Slashdot reader SonicSpike shares their report: Rioters could have bugged congressional offices, exfiltrated data from unlocked computers, or installed malware on exposed devices. In the rush to evacuate the Capitol, some computers were left unlocked and remained accessible by the time rioters arrived. And at least some equipment was stolen; Senator Jeff Merkley of Oregon said in a video late Wednesday that intruders took one of his office's laptops off a conference table...
Former Senate sergeant at arms Frank Larkin, who retired as Senate sergeant at arms in 2018, adds that cybersecurity is the next priority after physical security. In spite of this, the mob Wednesday had ample opportunities to steal information or gain device access if they wanted to. And while the Senate and House each build off of their own shared IT framework, ultimately each of the 435 representatives and 100 senators runs their own office with their own systems. This is a boon to security in the sense that it creates segmentation and decentralization; getting access to Nancy Pelosi's emails doesn't help you access the communications of other representatives. But this also means that there aren't necessarily standardized authentication and monitoring schemes in place. Larkin emphasizes that there is a baseline of monitoring that IT staffers will be able to use to audit and assess whether there was suspicious activity on congressional devices. But he concedes that representatives and senators have varying levels of cybersecurity competence and hygiene.
It's also true that potentially exposed data at the Capitol on Wednesday would not have been classified, given that the mob had access only to unclassified networks. But congressional staffers are not subject to Freedom of Information Act obligations and are often much more candid in their communications than other government officials. Security and intelligence experts also emphasize that troves of unclassified information can still reveal sensitive or even classified information when combined... Kelvin Coleman, executive director of the National Cyber Security Alliance, who formerly worked in the Department of Homeland Security and National Security Council... adds, though, that for now the most important thing congressional IT staffers can do is account for which devices were stolen and begin a mass effort to reset passwords, add multifactor authentication to any accounts that don't already have it, wipe and reimage hard drives when practical, and comb monitoring logs for signs of access or exfiltration.
Get Out The Popcorn (Score:1)
"But congressional staffers are not subject to Freedom of Information Act obligations and are often much more candid in their communications than other government officials."
Re: (Score:2)
It's too bad that this equipment wasn't obtained by someone like a Snowden, but retards with zero credibility. We're never going to get a reliable report of what was on them. It's going to be radioactive, legally, for anyone to handle this equipment. How many will be willing to seek asylum in Russia to publicly release data from it? How would you even verify the chain of custody at this point?
What's guaranteed, though, is the usual social-media conspiracy morons will have a field day mentally masturbating o
CSO here (Score:5, Insightful)
And while the Senate and House each build off of their own shared IT framework, ultimately each of the 435 representatives and 100 senators runs their own office with their own systems. This is a boon to security in the sense that it creates segmentation and decentralization; getting access to Nancy Pelosi's emails doesn't help you access the communications of other representatives.
It is most certainly NOT a boon to security. It‘s a clusterfuck, and a poor attempt to justify lack of proper standardization and control (probably, though it is an assumption, due to overaggressive and unreasonable management stakeholders) by claiming that security by obscurity is a good thing.
I had no idea the US government allowed that kind of nonsense.
Re: (Score:2)
Re: (Score:2)
Re:CSO here (Score:5, Insightful)
It's certainly not allowed in the federal agency where I work (we do health care). Only government-issued equipment is allowed on the network, all computers must remained turned on overnight so that patches can be applied, all devices enter lock mode after a few minutes (10?) of inactivity, users cannot install software, and users cannot attach external devices of any kind. If I take my govt laptop off site to work via a VPN, the process of connecting securely is onerous. And yet it's still possible for everyone to do all of their work.
Everyone's piling on to this thread and missing the main point. These people are not the government. At any time almost half of them are likely to be the opposition working against the government. In the case of the house, until recently that would be the majority of people. Even those that are currently aligned with the government can suddenly find them on the opposite side, as is about to happen on 20th January.
Given that the current president is primarily known for his disregard for laws and conventions, would you want people under his authority securing your representatives? If the answer is yes, then would you want Joe Biden's people securing your representative? If, even now you are answering yes, then you should probably study the history of security services interference in congressional investigations [theguardian.com].
Re: (Score:2)
Yep. Decentralized here is sub-optimal in many ways, but so is fully centralized.
Encryption is your friend.
Re: (Score:3)
The US is not a parliamentary system, where the "government" is defined by a majority of the parliament. All members of Congress are equally part of the government. Some are more equal than others, by virtue of seniority or leadership positions or what not, but there is NO "part of the government" versus "not part of the government" distinction.
Re: (Score:2)
s/government/administration/ or approximately "executive branch". Sorry - my mistake over the word. The function is equivalent and our MPs work in exactly the same way as your congress members (each one is an independent and has their own office) but because of the way it's formed we just use the term government.
Basic effect - the security people may be reporting to someone other than the people that the representative is loyal to. This means that the capitol police won't go into a Congress member's offi
Re: (Score:2)
Correct, no member of Congress would accept the executive branch or the opposition party to have system administration rights to their office. They have often pooled resources to share staff across politicians from the same party; see also Imran Awan for one of the risks.
However, the security problems are MUCH less an issue of who administers the system or who watches for security events, and much more an issue of having clear, strong standards for system operation and security controls. Get one or two sh
Re: (Score:2)
All members of Congress are equally part of the government.
I am assuming GP's point may have been that certain members of Congress have explicitly and openly expressed their goal to work against the government (e.g., prioritizing stopping Obama [politico.com], refusing to recognize Biden's win, and general "starve the beast" policy).
Re: CSO here (Score:2)
They were elected officials. Elected means people trust them and they represent those people, and hence, in a democracy, have equal power an voices.
The whole concept of an "opposition" is fucked-up N@zi-propaganda-level shit that has no place in a democracy.
They are expected to be a team, work out their differences and work together! Even associating with a party after being elecred as part od a parliament, shouls be a federal crime IMHO.
Re: (Score:2)
Hear hear. Parties are the death of democracy.
With this I actually agree. In a first past the post / constituency system like the US or the UK the "whipping" system [wikipedia.org] should basically be seen as a form of corruption. However, that's the way it is.
Re: (Score:2)
A political party is an election club. You create it to get the candidates you select, so they will get elected. When those clubs were sold to private for profit individuals is when they chaos occurred. The club is logical approach to elections, how ever in a Democracy, they should be mandated as being entirely democratic in nature, all decisions, voted on by the majority of members, at all times. Failure to adhere to that should result in the banning of that party, they are not inherently democratic, how c
Re: (Score:2)
Ya right. Doctors overruled the "Lock workstation when smart card is removed" and they're able to simultaneously unlock multiple workstations.
Re: (Score:3)
Ask yourself if you want the Administration to have administrative control of all the Senators' and all the House members' IT. They could read emails, selectively block emails, read shared documents, etc.. The level of possible mischief is incalculable.
That would be the ultimate clusterfuck.
Congressional staff, not White House (Score:2)
The Congress has thousands of staff members.
Examples being the Congressional Budget Office and the capital police, who report to Congress, not to the executive adminstration.
Congress can have the Congressional IT Office in the same way that they have the Congressional Budget Office.
Re:CSO here (Score:5, Insightful)
And while the Senate and House each build off of their own shared IT framework, ultimately each of the 435 representatives and 100 senators runs their own office with their own systems. This is a boon to security in the sense that it creates segmentation and decentralization; getting access to Nancy Pelosi's emails doesn't help you access the communications of other representatives.
It is most certainly NOT a boon to security. It‘s a clusterfuck, and a poor attempt to justify lack of proper standardization and control (probably, though it is an assumption, due to overaggressive and unreasonable management stakeholders) by claiming that security by obscurity is a good thing.
Agreed, and whomever sold them on the idea that decentralization and non-standardization for this particular group of users was the way to go, practically deserves the security clusterfuck they created. It's almost as if these non-technical fossils can't even grasp the basic non-technical concept of a chain only being as strong as its weakest link. Sure you could claim compartmentalization is a security enhancement, if you actually had consistent security rules. The fact that civilians got into the building highlights that not even physical security standards, are standard.
I had no idea the US government allowed that kind of nonsense.
Government computer security audits have shown failing grades all the way back to the Win9x days. Nothing much has changed regardless of the increased risk. And Hillary's personal email server wasn't that long ago. No lawmaker who's above the law is going to look to confirm that quickly.
Re: (Score:2)
Re: (Score:2)
You've got to appreciate the history. Originally most legislators didn't have or want any computers in the office. Then a few enthusiasts did, but each one had his own way of doing things. Eventually more and more found the benefits of computers to be worthwhile, but those who were already using them didn't want to give up their own systems.
Re: (Score:2)
Term limits could have taken care of this as well. Sure, you would still have a few folks that would try to homebrew stuff but that takes time (and money) and if the official IT staff has a working system, I'd say 99 out of 100 Congress critters coming in would just go with it.
Re: (Score:2)
Assuming, hypothetically, that the Republicans were to manage the hat trick, take the House, Senate, and Oval Office, and enact term limits into law, what stops the Democrats from repealing them the moment they get back into power?
Various States have tried to impose term limits on their Congresscritters. Those efforts were overturned by the US Supreme Court as unconstitutional, because the Constitution is interpreted as not allowing States to impose additional requirements on candidates for Congress, beyon
Re: (Score:2)
Who would manage this centralized IT? The administration? You really want the administration to have the potential to mess with elected officials' emails, documents, etc.? That would be the real clusterfuck.
Re: (Score:2)
Re: (Score:3)
"cybersecurity is the next priority after physical security"... yeah. Somehow that doesn't make me feel a whole lot
Re: CSO here (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
And while the Senate and House each build off of their own shared IT framework, ultimately each of the 435 representatives and 100 senators runs their own office with their own systems. This is a boon to security in the sense that it creates segmentation and decentralization; getting access to Nancy Pelosi's emails doesn't help you access the communications of other representatives.
It is most certainly NOT a boon to security. It‘s a clusterfuck, and a poor attempt to justify lack of proper standardization and control (probably, though it is an assumption, due to overaggressive and unreasonable management stakeholders) by claiming that security by obscurity is a good thing.
I had no idea the US government allowed that kind of nonsense.
Not a CSO but I'm not sure I agree.
Your idea makes sense if they all share the same basic information, so an intrusion of Rep Bob also compromises Rep Janet.
But even though they have similar classes of info, fundraiser lists, bills being written, constituent projects, etc, etc, they don't actually have the same information.
Therefore breaking into Rep Bob's network doesn't really compromise any specific items that Rep Janet is working on.
I think it really does makes sense to think of those 535 different legi
Re: (Score:2)
Are Senators and Representatives allowed to use government computing resources for campaign purposes? I seem to recall that they are not (well, except, for routing pork to favored parties of course -- but that's really the definition of their job).
Re: (Score:2)
There are rented rooms in goverment building and ajcent to goverment building just for that sort of campaigning. The typical hill rat has a 8x5 to himself or shared with someone else from his party somewhere and a private table to run 100 donar calls a day from.
Each party has 5-10 phone apps and w
Re: (Score:2)
So I guess having a hot, young, and willing spouse is probably a good asset if you're considering national politics - but I suppose if you're a career politician you might have to upgrade regularly and could be on Spouse 4.0 by the end of your career.
Re: (Score:2)
It is a practical matter— each congressional office is essentially its own independent business. Each one has its own interests and needs to keep matters isolated and private. I might not be on the cutting edge of this stuff, but it has only really been in the past year or two that there was a better approach for most of the functions via centralization. It is quite likely that there are still hold-outs of applications and technologies that centralization would pose a challenge.
I have recently beco
Re: (Score:2)
Government worker here. Depends on which part of the government you are in.
I used to work for the DoD. They don't fuck around. Doesn't matter who the 4 star general is, if it's against security standards he's pretty much told he can fuck off if he's expecting some special treatment. OTOH the current branch of government I work for gives certain people special treatment. I won't go into the particulars because I don't want to expose myself, but I will say that it seems that congress has not enabled "Loc
Re: (Score:2)
"Isn't matter who the 4 star general is, if it's against security standards he's pretty much told he can fuck off if he's expecting some special treatment."
Re: (Score:2)
Re: (Score:2)
What, you’ve never heard of security through clusterfuckery?
Kudos, you've won my morning chuckle!
Re: (Score:2)
Remember, these people are not members of one team. Each is independently elected and is its own team. They are not "government workers" whom "the government" can tell what to do. What this would mean in practice is Donald Trump giving the orders for the administration of Pelosi's computer... let's think about that for a moment.
Re: (Score:2)
It depends. It certainly slows attackers down. But it also slows defenders down and you may have lots and lots of unrecognized security issues.
Re: (Score:2)
FWIW, if they want to look at secret data, there are more secure, more centrally managed, mechanisms.
One major argument that they should have shot more (Score:5, Insightful)
Agreed (Score:2, Insightful)
Imagine if the people breaking in and looting were of a darker skin tone. It would have been a bloodbath. Capitol police were taking selfies and letting these terrorists in.
Re: (Score:1)
I suspect those in charge of security felt "their own kind" were safer. That's normal human bias, whether you call it tribalism or racism. On average, we are simply more afraid of cultures we don't understand.
Re: (Score:2)
I suspect those in charge of security felt "their own kind" were safer. That's normal human bias, whether you call it tribalism or racism. On average, we are simply more afraid of cultures we don't understand.
Probably. But this is still exceptionally unprofessional. Hence they should all lose their jobs and those in charge probably should face criminal prosecution.
Re: (Score:2)
Keep a clear head and refrain from raising the temperature folks. Keep your ears open and refrain from interpreting everything as a rising temperature too.
Yup. No idea why this got modded down.
Re: (Score:1)
The major difference here is that the democrat politicians usually wink after the fact and are in a much less powerful position than the POTUS and are not in the process of perpetuating a lie like a "stolen election" in order to remain in power. How many examples are there where left-of-center politicians meet with an energized crowd just before a riot and egged them on with phrases like "fight light hell" and "trial by combat"?
Re: (Score:2)
Lol this was your final straw for Giuliani? It wasn’t his 100% losing streak in court or his hair dye press conference meltdown? It wasn’t the press conference he called at a landscaping company that shares a name with a famous hotel? Oh yeah almost forgot about him touching his peepee when alone with a teenage reporter.
Re: (Score:1)
What would you have them do to Hilary Clinton?
By all accounts the Trump admin & the GOP (Score:5, Insightful)
The videos I've seen make it very clear the police were completely undermanned and out gunned. Unless the Secret Service was willing to break out the mini-guns and commit a massacre I don't think more force was an option at that point.
The running theory is that this was allowed to happen by Trump in the hopes he could declare martial law. He had a pretty bad case of COVID and it's known to affect the brain, we may be seeing the effects of that play out in front of us. This is why the Dems are calling so strongly for the 25th. Heck, this is what the 25th is for.
Nonetheless still the Republicans back him, and McConnell is already saying he won't hold a floor vote on impeachment conviction. This is a purely political move. He doesn't want them to have to go on record as either voting to remove or voting to keep him. It's a lose-lose for the Republican party. Meanwhile Trump is still up there encouraging his supporters to think he somehow won the election, despite multiple recounts and his own judicial appointments shooting him down time and time again.
TL;DR; Power and Party before Country.
Re:By all accounts the Trump admin & the GOP (Score:5, Informative)
Trump has no control over the Capitol Police. Mayor Bowser very specifically rejected the idea of more federal law enforcement presence, unless they coordinated with her office specifically, and said they "were not asking for" more help: https://thehill.com/homenews/a... [thehill.com]
The Capitol Police rejected an offer from the Pentagon to provide National Guard forces to help keep order: https://thehill.com/news-by-su... [thehill.com]
The lack of forces cannot fairly be laid at Trump's feet.
Trump can call out the National Guard (Score:2)
So Trump failed to call out the guard and the Republican Party blocked attempts to call in additional police, hence the reason my post said "Trump & the GOP". They are both equally to blame and both culpable in an attempt to overthrow the US Govern
Re: (Score:2, Troll)
Every significant fact you alleged in your earlier comment was a lie. Do you have a shred of evidence that McConnell told the Capitol Police to reject the offer for help?
Or are you just putting Power and Party before Country, again?
You additionally ignore that DC's Democratic mayor also rejected the idea of federal law enforcement on the streets. And that Capitol Police rejected the FBI's offer of help during the early stages of the riot. Your comment SHOULD have said that by all indications, Congress
/. isn't a court of law (Score:2)
If you're still alive in 20 years when the documents around Trump's presidency are declassified will you change your mind? No, probably not. This isn't about truth, this is about your side winning.
Re: (Score:1)
he didn't. Eventually under pressure Pence did.
That is not what the Whitehouse Press Secretary said the day after. She was explicit in claiming it was Trump who called the National Guard.
I would love to see an investigation and a report on the timeline of events. Did Trump resist calling the NG while the siege was in progress. If so then that is treason and he was party to the riot. You know very well he was watching the events in real-time.
Re: (Score:2)
Re: (Score:2)
Mayor Bowser very specifically rejected the idea of more federal law enforcement presence.
That was before the terrorists attempted the overthrow of the government. While it was happening, calls were made asking for reinforcements [stripes.com] but because of the "optics" of having military personnel on the Capitol grounds, there was a significant delay in sending reinforcements.
The lack of forces cannot fairly be laid at Trump's feet.
On January 4th and 5th, memos were issued by the Pentagon which prohibited the District [politicususa.com]
Re: (Score:1)
Nah, Don was a fucked up troll before Covid. Remember, he told his crowd to consider using the "2nd amendment" on Hillary, twice.
Re: One major argument that they should have shot (Score:2)
Oh come on! Do you think spies were just sitting in their asses all the decades before that?
You think none of the little helpers there, *especially* their IT, security and cleaning staff, is a spy? Don't make us laugh.
I bet there was not a thing they wanted, that they didn't already have.
Re: (Score:2)
No, but they may have been in the vicinity for other reasons, but take advantage of the crowd when opportunity knocks.
Definition of "coup" (Score:3)
Those who say it wasn't a "coup" say there was no direct planning. But Trump doesn't really plan, at least not on a detail level. He throws chaos & distraction into the system and surfs the chaos in an ad-hoc, shoot-from-the-hip way. He knew they were certifying the votes next door and if he could disrupt and postpone that it could buy him time to insert more chaos into other cracks as they form. Being ab
Re: (Score:2)
The definition of a coup shouldn't require competence. A failed coup is still an attempted coup. Trump's stated objective is to overturn the election result. When legal challenges failed he resorted to threats and intimidation.
Re: (Score:1)
There wasn't a central figure fomenting them. Who would you bust as the prime instigator? And for the most part, it wasn't primary gov't buildings being targeted.
A pickup truck was found with molotov cocktails in the area.
Re:Definition of "coup" (addendum) (Score:1)
Addendum: "And for the most part, it wasn't primary gov't buildings being targeted while in session."
Re: (Score:2)
It was a circus this week, the clowns from inside the building almost met the clowns from the outside of the building.
For the most part everyone in the building selfie, that very act means they beloved they were part of a political protest or event. In six months all these cases are going to be dropped.
Re: (Score:2, Troll)
And while you are worrying about the "left" don't forget the Republican politicians all buddy buddy with Putin and Russia. Hell 7 Senators celebrated the 4th of July in Moscow!
https://www.msnbc.com/rachel-m... [msnbc.com]
Russians (Score:1)
A bunch of dumb rednecks can't pull this sort of well planned attack on their own.
We all know they were paid by the Russians to install malware on exposed devices. The Russians have been planing this for years.
Did you see the pictures. These aren't exactly Carnegie Mellon AI PhDs.
Re: (Score:1)
Re: Russians (Score:4, Insightful)
Oh you wish it was the big bad scapegoat behind the horizon that makes everything sooo simple and nothing your fault and no reason to fix anything about your society . . .
Which, funnily, is exactly how we got here.
American can only ever become the greatesr nation on Earth, if it starts to admit that it isn't. (And assess what there is to do.)
Re: (Score:2)
Did you see the pictures. These aren't exactly Carnegie Mellon AI PhDs.
Which is what the con artist was concerned about while the insurrection was happening. The con artist was upset at how low class the terrorists looked on tv [nymag.com].
This adviser, who spoke to Trump on Wednesday amid the siege, said Trump watched the events on television intently. CNN reported that he was so excited by the action, it “freaked out” some staffers around him. The adviser told me that Trump expressed disgust on aesthetic grounds over how “low class” his supporters looked. “He doesn’t like low-class things,” the adviser said, explaining that Trump had a similar reaction over the summer to a video of Brad Parscale, his former campaign manager, shirtless and drinking a beer in his driveway during a mental-health emergency in which police tackled him and seized his weapons. “He kept mentioning, ‘Oh, did you see him in his beer shirt?’ He was annoyed. To him, it’s just low class, in other words.”
Re: (Score:2)
I don't think you've ever been to a technical college. Students, and even professors, when they aren't "looking professional" tend to go in for fantastic garb. (Well, not all of them, but a sizeable minority.)
Re: (Score:3)
Including agents from other nations... (Score:3, Insightful)
Re: Including agents from other nations... (Score:2)
You mean unlike the regular ones that did their jobs all the decades before?
Re: (Score:2)
You don't need to maintain a secret identity. If caught, you'll have diplomatic immunity and leave the country.
Wipe all IT equipment (Score:2)
Who really wants to make a distinction between what the rioters could have done and what Trump's officials may have done on their own?
At this point should one no longer make such a distinction. Instead, just wipe all the IT devices of the entire government. Get rid of any doubts and get rid of anything from the Trump era with it. But also don't forget to make copies in case it may be needed as evidence later.
Re:Wipe all IT equipment (Score:4, Interesting)
Sensitive devices should self-lock quickly (Score:1)
"In the rush to evacuate the Capitol, some computers were left unlocked and remained accessible by the time rioters arrived."
Oops.
Equipment destruction protocol needed. (Score:2)
Military TMs have instructions for the destruction of equipment to prevent it falling into enemy hands. That should be mandatory for civilian government. Computers should require an inserted CAC card to unlock which is also the individual's ID.
Thin clients with a central, guarded server in such a building would allow instant network shutdown and easy disabling military-style by thermit grenade (those don't explode but fire extinguishers don't put them out so they'd finish the job, plus sprinklers make occup
Re: (Score:2)
Re: (Score:2)
There is plenty of FOUO material floating around on sensitive but unclassified systems that when correlated together can create classified product.
Re: (Score:2)
Meeting in person is the only way to get any compromise going.
I wouldn't be too worried. (Score:1)
It's a small wonder if they know how to spell "computer". Let alone access computer systems, unless the keyboard looks like this:
https://uxpamagazine.org/wp-co... [uxpamagazine.org]
But never underestimate the power of doing something thst makes you feel good. :)
The mess was there before (Score:1)
But then pretty much everyone working in the Capitol would have known this.
It probably means that for as long as this has been standard practice pretty much any outside entity probably had easy and comprehensive access to pretty much anything. Who needs collusion when you have incompetents running the show.
What are the betting odds? (Score:2)
I think it probably near 100% likely that that somebody will claim to have obtained sensitive incriminating data from the computers that turns out to be crude fakes.
The major security rule (Score:1)
Unless the Lord builds the house, those who build it labor in vain. Unless the Lord guards the city, the guard keeps watch in vain.
This security rule is know for fourty centuries. Some write about policies, secure networks, disk encryption, etc., but it all may be, well, in vain, if 127:1 is not observed.
Re: (Score:2)
Which lord?
Re: (Score:2)
The Duke of Earl
Lots of paper on the floor. (Score:1)
Then there is digital access. Done with encrypting drives, etc.
Seriously, this is a no-brainer, it is thought out for you already, a long time ago.
Years even.
CONgress is loaded with dipshits (Score:2)
but now, we have the far right directly attacking congress, and opening up a nice little breach for spies to take advantage of.
Who needs to worry about the likes of Mannings/Snowdens, when we have far right extremists that do it far better.
A security mess? Why? (Score:2)
Re: (Score:2)
> My systems have encrypted drives and timed log off. Why wouldn't any government system be doing the same?.
Your incentives are aligned. Crazy Aunt Nancy gets to go down to the local store and pick up a shiny new laptop on her expense card and her IT has to deal with it.
That's the benefit of having outsized power.
Having nobody to say "no" to you is the downside of outsized power.
While everybody was distracted by Viking Man being a clown, operatives were in opposition offices grabbing equipment. Some wo
Call it what it is (Score:2)
Not protestors. Insurrectionists.
Everyone's an executive (Score:2)
The reason that network is such a hodge podge is that the primary users are all effectively c-suite and their privately employed staffs.
Any standardization would pretty much require unanimous approval in order to be implemented and would still leave the IT people in the lurch if later one of Congress critters decides to do something different. Imagine a Private trying to tell a General the plane won't move until he buckles up, technically correct, but what's he going to do, physically eject the General from
This should not be a problem... (Score:3)
1. A cyber breach
2. A physical breach
Since the federal government knows that the Capital Building was physically penetrated, there is only one safe response: physically remove every single computer, router, switch, hub, printer, laptop, wifi repeater, printer and any other piece of network-connected electronics and replace with "all new"...
By all means they can bring all the "suspect" gear to a laboratory and perform a forensic analysis, but they will need to re-flash every bios, check firmware in peripherals [like hard drives] the works. To be honest, it would likely be cheaper and quicker to assume that everything has been compromised and junk the lot.
While they are replacing all the federally-owned electronics from the building, they might as well sweep for electronics left behind by the visitors. Given the event was advertised in advance, it would not be unreasonable to suspect that hostile foreign nations had their own actors - even under-cover agents - in the crowd. It would also be reasonable to suspect that such agents might have had an opportunity to plant listening devices, network repeaters and similar technology anywhere in the building that was accessible to the mob. The penetration of the Capital building by the mob would be a perfect cover for a small cadre of agents to plant devices - in say ceiling voids or flush-fit wall boxes, or even inside power sockets.
A mate of mine used to work for a big US bank that has offices around the world. In places like New York, London, Hong Kong, Tokyo, Singapore they have plush offices for corporate clients, including conference facilities and meeting rooms. Those areas of the buildings that are open to visitors are comprehensively scanned for foreign electronics two or three times a week - and it is quite remarkable to learn just how much stuff is found - equipment left being by supposed clients.
If a commercial entity needs to take these sorts of precautions on a routine basis, the federal government sure as hell does.
And if they haven't done so already, they need to instigate a more thorough review and security harden the physical infrastructure of their technology. Hopefully, they will be doing all this and more.
A mixture here.... (Score:2)
The actual agents in the mob - any spies in DC would have been stupid *not* to join the mob - will have gotten what they can. The idiots of the insurrectionists got zip, other than laptops, because all federal government hard drives are encrypted. And, once they're off the network, the traitors can't log into them, either.
And even if you use a std. password cracker, or attach it to another computer, we're back to "it's encrypted".
The real worry are all the actual bugs, and whether USB cables are, in fact, b
Re:I see (Score:5, Funny)
But surely they use full disk encryption on all their laptops, right? And the laptops lock themselves after 5 minutes of inactivity or at the very least when you close the lid, right? I mean, that's all so easy to set up, so painless, and so important with the kind of information they have on there, surely they must have...
Oh, never mind, who am I kidding...
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Dear Slashdot user,
Keep in mind that Chris is a victim here. He keeps on reading those SEO, youtube algorithm, basically get rich quick sites. He doesn't realize that he is the fish for them since they make money off him with their own schemes. Then, he wastes his time trying to implement what those sites suggest and he ends up disturbing people.
Those crooks tell Chris that he has to build personal brands and he goes on the Internet and makes everything about himself public!
I believe we should bring this up at our next meeting. He might not be our only patient victim of such on-line abuse.
https://www.researchgate.net/p... [researchgate.net]
--
Silvia Bunge
Psychology Department
University of California, Berkeley
It doesn't do much good to post as "Anonymous Coward" if your name and affiliation is in your .sig for everyone to read, Google, and confirm.
Re: I see (Score:2)
We?
Unless you are a corporation, and adresses other corporations, no, we didn't vote for shit.
We made a cross on a list of lobbyists that were pre-picked by corporations.
Call me when you can write your own name in there and it being accepted without a fuss. Call me when others csn write your name in there and there isn't suddenly a SWAT team in your house, "finding" planted child porn on your PC and drugs and weapons and swastikas under your mattress.