As investigations continue, it will be important for government IT leaders to monitor all activity for security. The network was exposed to unprecedented access, a prime time to plant malicious code.
Last week, the Capitol was overrun by a mob of people. They pushed through barricades and broke windows, although some were simply let in by Capitol police. But once inside, they didn’t stick to the public areas where tours are given. Instead, they infiltrated House and Senate floors, went through offices destroying property, stealing equipment and trashing the place. Many took photos and videos. While various policing and federal agencies are investigating and assessing the damage done so mitigation can happen, there is a major security problem no one has considered: What if someone who entered that building had malware on their mobile device? Or, worse, what if someone managed to plant malware on one of the congressional staff members’ machines?
Think about it, there were people everywhere in that building, there was no real security. They were in offices where they weren’t supposed to enter. They were in areas where there are no cameras. They had unprecedented access to federal networks and information. No one fully knows the extent of information that was exposed or stolen. No one fully knows how much time some of the people had with internal machines that were unlocked like House Speaker Nancy Pelosi, whose emails were on-screen when her laptop was discovered in her office. Private conversations containing sensitive information, potentially strategic planning for upcoming bills or even defense strategies. The truth is, we will not know the extent of information that was exposed for a long time.
Also, consider the SolarWinds breach that came to light last month that impacted the security of many of its clients, including the U.S. government. That attack started in October of 2019 and appears to be the work of Russian hackers, although that has not been confirmed at this time. Federal and private agencies were impacted, and now a second software supplier could be implicated. According to Ars Technica, “While SolarWinds software has been widely suspected as the initial way hackers got in, The New York Times on Wednesday reported that investigators are examining the role another software supplier, JetBrains, may have played. The company, which was founded by three Russian engineers in the Czech Republic, makes a tool called TeamCity that helps developers test and manage software code. TeamCity is used by developers at 300,000 organizations, including SolarWinds and 79 of the Fortune 100 companies.
The Wall Street Journal reported that investigators believe the hackers gained access to a TeamCity server used by SolarWinds but that it was unclear how the system was accessed. In a statement, JetBrains co-CEO Maxim Shafirov said it hasn’t been contacted by SolarWinds or any government agency about any role TeamCity may have played.”
All signs point to some sort of Russian infiltration/interference, and if not them, then another nation state. It also points to the possibility that an agent of a nation state was planted at the Trump protest and subsequently entered the Capitol. Even if only on the Capitol’s public WiFi network, it’s possible that someone planted a virus, worm, cryptomining program or other malicious package which is now being dispersed through the network doing who knows what kind of damage. It’s also possible that an agent of an organization ended up gaining access to some of the devices that were left open when members of congress were whisked out of their offices to a safe location. Security protocols could have easily been circumvented.
At this point, our country is in a vulnerable and volatile political state. We are ripe for a nation state to attempt to breach our federal defense systems. But even with the SolarWinds hack, no one is paying attention. Everyone is focused on which side is right instead of the weaknesses we exposed in our own system. And that doesn’t just apply to other countries that are our allies, but also to threat actors, activist groups and nation states. We have a major problem on our hands, and until it is addressed, we will remain vulnerable.
As a business owner or leader, while what you do may not directly impact outcomes of the federal government, you can make an immediate impact on your business and employees. Review your security protocols. Review all code in every piece of software, product, application and internal system for weaknesses and malicious findings that have gone unnoticed. Bring in an expert and have them go over your business from top to bottom. Make your business a fortress. With time and resources, any lock can be broken, but the more difficult your lock is to break, the more likely it is a hacker will move on to easier prey.