Decrypted: How bad was the US Capitol breach for cybersecurity?

It’s the image that’s been seen around the world. One of hundreds of pro-Trump supporters in the private office of House Speaker Nancy Pelosi after storming the Capitol and breaching security in protest of the certification of the election results for President-elect Joe Biden. Police were overrun (when they weren’t posing for selfies) and some lawmakers’ offices were trashed and looted.

As politicians and their staffs were told to evacuate or shelter in place, one photo of a congressional computer left unlocked still with an evacuation notice on the screen spread quickly around the internet. At least one computer was stolen from Sen. Jeff Merkley’s office, reports say.

A supporter of U.S. President Donald Trump leaves a note in the office of U.S. Speaker of the House Nancy Pelosi as the protest inside the U.S. Capitol in Washington, D.C, January 6, 2021. Demonstrators breached security and entered the Capitol as Congress debated the 2020 presidential election Electoral Vote Certification. Image Credits: SAUL LOEB/AFP via Getty Images

Most lawmakers don’t have ready access to classified materials, unless it’s for their work sitting on sensitive committees, such as Judiciary or Intelligence. The classified computers are separate from the rest of the unclassified congressional network and in a designated sensitive compartmented information facility, or SCIFs, in locked-down areas of the Capitol building.

“No indication those [classified systems] were breached,” tweeted Mieke Eoyang, a former House Intelligence Committee staffer.

Hi, former HPSCI staffer here.

Congressional offices deal in unclassified information. Most of the things they deal with are open source.

Classified information dealt with in designated Congressional SCIFs. No indication those were breached. https://t.co/Ciel6BW3oU

— Mieke "18 USC 2383" Eoyang (@MiekeEoyang) January 7, 2021

But the breach will likely present a major task for Congress’ IT departments, which will have to figure out what’s been stolen and what security risks could still pose a threat to the Capitol’s network. Kimber Dowsett, a former government security architect, said there was no plan in place to respond to a storming of the building.

My heart goes out to the unsung IT heroes at the Capitol tonight. My guess is they’ve never had to run asset inventory IR before – a daunting, stressful task in a tabletop exercise – and they’re running one (prob w/o a playbook) following a full on assault of the Capitol.

— socially distant, mask wearing bat (@mzbat) January 7, 2021

The threat to Congress’ IT network is probably not as significant as the ongoing espionage campaign against U.S. federal networks. But the only saving grace is that so many congressional staffers were working from home during the assault due to the ongoing pandemic, which yesterday reported a daily record of almost 4,000 people dead from COVID-19 in one day.

THE BIG PICTURE

U.S. blames “ongoing” federal agency breaches on Russia

For the past month, the U.S. government has scrambled to expel hackers from the networks of at least 10 federal agencies, including Treasury, State and Homeland Security, the federal agency charged with overseeing cybersecurity of government departments. Now the U.S. says Russia is “likely” to blame for the attack.

News of the intrusions began last month after FireEye, one of the biggest cybersecurity and incident response companies in the world, was itself hacked. It didn’t take long to discover that it wasn’t an isolated breach, but a sophisticated infiltration across the federal government and several major tech companies. Hackers had broken into SolarWinds, an enterprise software vendor used by federal agencies and Fortune 500, and planted a backdoor in its product. Once its customers updated the software, they unknowingly introduced the backdoored software into their own networks.

In a joint statement by the FBI, NSA and Homeland Security this week, the U.S. said the widespread hacking campaign was “likely Russian in origin” and that it was “ongoing,” suggesting that the hackers were still inside federal networks.

New statement on SolarWinds from FBI, ODNI, CISA and NSA says SolarWinds hack is "likely Russian in origin" and that fewer than 10 U.S. agencies have been identified as victims.

"At this time, we believe this was, and continues to be, an intelligence gathering effort." pic.twitter.com/BXdmv3Fu9Y

— Dustin Volz (@dnvolz) January 5, 2021

The statement said that the breaches were likely an “intelligence-gathering effort,” pointing to espionage rather than setting the stage for a destructive attack, as seen with the WannaCry and NotPetya ransomware attacks in 2017.

Several news outlets had already reported that the hacks were most likely carried out by a Russian intelligence group known as APT 29, or Cozy Bear, which has been linked to several espionage-driven attacks, including attempting to steal coronavirus vaccine research. But this is the first time the government acknowledged the likely culprit behind the campaign.

It comes as the Justice Department confirmed that about 3% of its unclassified email inboxes were raided by the same hackers. Per a statement published Wednesday, a spokesperson said it had “no indication that any classified systems were impacted.”

FBI, NSA say ongoing hacks at US federal agencies ‘likely Russian in origin’

MOVERS AND SHAKERS

Trump has faced fierce criticism for handling of the SolarWinds breach. In fact he hasn’t made any public statement about the breach, except to point the blame — without any evidence — at China, contradicting his own secretary of state who publicly said Russia was “pretty clearly” behind the espionage campaign.

With less than two weeks on the clock before Biden is set to take charge, all eyes are on the new administration to see who will take on the task of remediating this extensive breach of federal systems.

The big question is, who will be in charge of it all? The next federal chief technology officer has yet to be announced, but their role will cover everything from climate change, addressing net neutrality and vaccine distribution to taking on Big Tech. The role will also be expected to help protect the U.S. against another wave of cyber-espionage. Experts say it has to be someone who “already knows how government works, to minimize the learning curve, and has a track record of getting results.”

The transition team hasn’t yet shown its cards or floated any names yet. But whoever takes on the job will have their work cut out for them.

Just how bad is that hack that hit US government agencies?

$ECURITY $TARTUPS

Israeli spyware maker NSO Group is reportedly eying going public, according to reports. The controversial company is currently embroiled in a lawsuit brought by WhatsApp for exploiting an undisclosed vulnerability to deliver its notorious spyware product, dubbed Pegasus, to 1,400 phones — including journalists and human rights defenders. A report by Reuters said the company, which also builds anti-drone technology and is pitching its contact tracing technology to governments, could be valued at $2 billion.

Cloud security startup Lacework has raised a whopping $525 million round in its Series D, becoming the latest startup to surpass a $1 billion valuation. The round was led by Sutter Hill and Altimeter Capital.

Lacework lands $525M investment as revenue grows 300%

Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop. Learn more.