When rioters invaded the Capitol on January 6, 2021 they broke into chambers and offices of lawmakers gaining access to computers, laptops, zip drives for over two hours. US Attorney for DC, Michael Sherwin, stated “electronic items were stolen from senators’ offices, documents.” Senator, Jeff Merkley (D-Ore.), reported that at least one laptop had been stolen. The cybersecurity consequences of this attack will take months to sort out.
Passwords, documents, access codes, and confidential or secret information may have been stolen. We also need to assume that some computers may have been compromised, with malware loaded onto them. This makes all information on the computers potentially accessible to foreign agents.
Likely only a few machines were compromised, but federal IT personnel must assume that all the digital devices at the Capitol have been compromised. From the moment lawmakers started re-using computers at 8PM that night, information could be compromised. Russia has conducted cyber attacks against the United States for some time. Though Capitol police seemed surprised by the attack, most news organizations and anyone paying attention to online chatter would have known about the impending violent insurrection. It would be quite easy to have a foreign agent sneak into the Capitol with rioters.
A scorched earth policy is the only way to guard against possible attack. All computers need to be replaced along with light switches drapes or any other place a bug might be planted. Malware doesn’t always trigger immediately so many machines could be Trojan horses waiting to invade and seize information. The amount of work to clear the Capitol of the threat is staggering and of course tax payers will pay for it.