Annuncio del 08. gennaio 2021

U.S. Congress must re-examine its IT infrastructure after the attack

In the wake of the storming of the U.S. Congress by a mob of Trump supporters, the entire IT infrastructure of both the Senate and the House of Representatives must be thoroughly scrutinized. Images of unlocked PCs in congressmen’s and congresswomen’s offices circulated on Twitter, so parts of the network should be presumed to have been compromised. These images also revealed shortcomings in the security awareness of some staff members.

Even in the office of Speaker of the House Nancy Pelosi, one computer was left unlocked, with the contents of the Outlook account openly available for anyone to view. Although it is unlikely that classified data are processed on these computers, the information stored there is surely of great interest to political opponents or intelligence services. It can be assumed that many more computers were similarly vulnerable.

Hauke Gierow

Security awareness is about making the right decisions – even in critical situations and under stress. Especially when people are faced with an exceptional situation, they tend to follow their instincts and rely on habitual behavioral patterns. Employees must lock their computers whenever they leave their workplaces, even if it’s only to get a quick cup of coffee.

Hauke Gierow

Security expert at G DATA CyberDefense

It is also incomprehensible that the screens did not automatically lock after a brief period of inactivity. IT managers can enforce automatic locking by integrating it into group guidelines. This is basically a standard procedure in IT security.

Already on the evening of the day of the attack, police reported that the building had been secured. Debate on the certification of the election victory of future President Joe Biden, which is ordinarily a mere parliamentary formality, was concluded successfully late that night. But the cleanup of the Capitol’s IT systems will take much longer. “After unlocked computers were found, the congressional network should be regarded as having been compromised,” Gierow says. “All computers should be thoroughly analyzed and rebooted. If the scrutiny discovers that systems have been successfully accessed, they must be replaced.” After all, it cannot be ruled out that agents of intelligence agencies infiltrated the mob, hoping to take advantage of the chaos to gain access to intelligence-relevant data.

The ongoing debates about alleged election fraud, Russian interference in U.S. democratic processes, and the lessons learned from leaks of former presidential candidate Hillary Clinton’s emails show that confidence has weakened in key elements of the rule of law. Numerous measures are necessary to rebuild this trust. One essential measure is a precise reappraisal of the security problems that have now become obvious, also in the IT sector.

Media:

Annuncio del 08. gennaio 2021

G DATA CyberDefense AG
G DATA Campus
Königsallee 178
D-44799 Bochum

Phone: +49 234 9762-239
E-Mail: presse@remove-this.gdata.de

Kathrin Beckert-Plewka
Public Relations Manager

Contact

Kathrin Beckert-Plewka

Phone: +49 234 9762-507
kathrin.beckert@remove-this.gdata.de

Hauke Gierow
Press spokesperson

Contact

Hauke Gierow

Phone: +49 234 9762-665
hauke.gierow@remove-this.gdata.de

Vera Haake
Spokesperson for event & location communication

Contact

Vera Haake

Phone: +49 234 9762-376
vera.haake@remove-this.gdata.de

Stefan Karpenstein
Public Relations Manager

Contact

Stefan Karpenstein

Phone: +49 234 9762-517
stefan.karpenstein@remove-this.gdata.de