What’s required to restore electronic security to the Capitol

leave a comment »

My heart goes out to the unsung IT heroes at the Capitol tonight. My guess is they’ve never had to run asset inventory IR before – a daunting, stressful task in a tabletop exercise – and they’re running one (prob w/o a playbook) following a full on assault of the Capitol.

— socially distant, mask wearing bat (@mzbat) January 7, 2021

Read this thread by @jacobian, which begins:

So much this. A physical breach is a nightmare scenario for infosec.

On the off-chance that any of my followers are involved in this — I do have some experience in scenarios like this and would be happy to help. If I can be of assistance hit me up.

Just to give folks who aren’t in the field an idea what we’re talking about:

– we must assume that foreign agents were among the rioters
– snooping devices can be implanted into anything with a power cord
– so every device in the capitol is now a potential foreign asset 

So, just for starters:

– all computers need to be inventoried, inspected inside and out, and the OS paved/rebuilt
– keyboards, mice, &c might now have implants, they probably should be tossed (see eg keelog.com/forensic-keylo… which looks like a usb cable but is in fact a logger)

Then everything with a power source needs to be audited. This means lamps. Thermostats. Those cute little portrait lights on top of photos. The vacuum cleaner in the storage closet. Even outlets — a fav trick of one Red Team I know is a fake outlet cover that hides a mic. 

Continue reading.

Written by LeisureGuy

10 January 2021 at 3:22 pm

Posted in Congress, Software, Technology