The visceral violence of last week’s deadly attack on the U.S. Capitol rightfully alarmed the nation, but the raid could have a more chilling effect going forward if bad actors used the opportunity to gather intelligence, security experts said.
Grace Buckler, founder and CEO of The Privacy Advocate, a consulting firm, said the Jan. 6 breach of the building by pro-Trump supporters left government computer systems vulnerable, which could be catastrophic if exploited.
“A determined intruder with an opportunity and expertise can compromise information in five minutes what might take an average person two hours to do,” said Buckler, an D.C.-area resident who is an international privacy advocate. “It’s not wise to underestimate an intruder based on your capabilities. Intruders are sophisticated and learned.”
In an in-depth interview, Buckler, who has extensive experience and training in cybersecurity, raised a myriad of questions.
“Access alone is not a problem,” she said. “What the unauthorized actor may have left behind or planted is concerning — bugs on devices that will give him or her online access later down the line. For example, if laptops were taken, even if those laptops are recovered, if they were not encrypted, they can make any network they’re plugged into vulnerable to more unauthorized activities.”
Authorities are still tracking down participants and organizers of the Jan. 6 attack on the Capitol, which came after a massive nearby rally protesting that day’s certification of Joe Biden’s win over President Donald Trump in the November election. Trump addressed the rally shortly before the riot, cajoling the crowd of thousands to converge on the building in protest.
The incident resulted in five deaths, including a Capitol Police officer, and dozens of injuries and arrests.
An IT expert who works on Capitol Hill said they are trying to determine how significant the security breach is — efforts that are complicated by the removal of the Capitol Police chief and both the House and Senate sergeants-at-arms.
The FBI and other federal entities are investigating the Capitol breach as an insurrection with many actors. An FBI source told The Washington Informer that tens of thousands of photos are now being examined, but the process can be lengthy.
“Even machines that were not taken — including mobile devices, which nowadays contain more personal information than a desktop computer, including conversations — could have been compromised,” the source said. “A SIM card could have been switched. An unattended phone or tablet could have been unlocked to gather information or plant a malware. Anything could have happened.”
Buckler said that it is still unclear what impact the insurrection will have on democracy in the U.S. and that looking at foreign involvement is not out of the question.
“An intruder can also take pictures of physical documents or notes, or pictures on workers desks which may identify their children and other family members — that’s a threat to privacy,” she said. “They could take a picture of credit cards in a wallet that was left in a drawer, which is personal financial information. The impact of that information if used by the intruder can be devastating to the victim.”