[HN Gopher] A physical breach is a nightmare scenario for Capito... ___________________________________________________________________ A physical breach is a nightmare scenario for Capitol IT Author : rmason Score : 162 points Date : 2021-01-07 19:14 UTC (3 hours ago) (HTM) web link (twitter.com) (TXT) w3m dump (twitter.com) | cpascal wrote: | The author of the Twitter thread links to another thread towards | the end that notes the risk of a classified information breach | isn't too high. | | https://twitter.com/ericgeller/status/1347226499930230785 | | Obviously that doesn't change the fact that the entire building | should be considered compromised and scrubbed. | slg wrote: | The last 5+ years of leaks from politicians should have taught | us that something doesn't need to be classified to be highly | damaging to both the individual and the nation. | jmiter wrote: | Maybe someone can answer this for me: | | having worked for the US gvt, though not in legislature or dept | of state, PIV cards were always required to access a gvt machine, | and leaving your PIV inserted while absent from the room was, in | theory, a serious offense. | | Are congress critters and others not required to use ID cards | when accessing gvt networks? | Jtsummers wrote: | Different agencies have different IT systems at the federal | level. The PIV cards used by the DOD and some other departments | are _not_ universal within the executive branch, and the | legislative and judicial branches manage their own IT systems | (sometimes still managing it locally rather than having any | kind of centralized system). Government IT is very much a set | of feudal territories still and many of them are not well or | consistently managed. | chefkoch wrote: | I'm not sure you can say no to senator who wants stuff changed? | jnwatson wrote: | The rules for the executive branch are fairly rigorous. The | legislative branch, not so much. There's a huge difference in | scale: the executive branch employs some 4 million folks, the | legislative branch just 35K. | | Just the picture of Pelosi's desktop indicates there's no | automatic screenlock, which is a fairly low bar as controls go. | fl0wenol wrote: | It wasn't Pelosi's desktop, it was her scheduling | assistant's. You can clearly see his name on the Outlook | inbox. | | Not that it's much better, but it is still an important | clarification. | dillondoyle wrote: | Another thread that I think offers some context a bit less | 'scary' than this [1]. Most of the stuff the invaders could of | had easy access to - eg in a Member's office - is not that | important, consider what is leaked to the press strategically for | politics every day. | | I'd be more concerned about listening devices especially key | committee Members and staff e.g. foreign relations LAs | | I don't have firsthand knowledge of the non-classified working | computers of Congress but maybe someone can confirm if IT used | SolarWinds and their network is already compromised. | | * also individual Member offices are treated basically like | businesses in a lot of ways. e.g. the Member can contract/share | hire their own IT helpers too. i can't find a source quickly but | a few years ago remember the article about some guy working for a | few Dems being a dumb ass | | * * I'll also add that almost any US citizen can get a meeting | inside a Member's office. A house member directly or with a | staffer. I'm sure there are a ton of listening devices that metal | detectors wouldn't find and that are quick to place | surreptitiously | | https://twitter.com/ericgeller/status/1347226499930230785 | rootusrootus wrote: | > almost any US citizen can get a meeting inside a Member's | office | | Indeed, most days you can just walk directly into any senator's | or member's office. Maybe leadership has different rules, I | haven't tested that, but I had no trouble strolling into Ron | Wyden's office. So anything you can get through the building | metal detectors (which really aren't very sensitive, they're | just looking for weapons) you could take in and surreptitiously | drop off. | psychlops wrote: | Heaven forbid someone front runs the trades of Congress. | jaywalk wrote: | The one person who almost got into an area where they really | didn't want people was shot dead. This guy's acting like the | rioters breached a SCIF or something. The Capitol building is | (was, normally) open to the public. | thinkmassive wrote: | Yep, the important rooms would not accidentally be left | accessible, even in a situation like what happened yesterday. | | https://en.wikipedia.org/wiki/Sensitive_Compartmented_Inform... | paxys wrote: | Multiple computers belonging to congressmen/their aides have | been reported accessed or stolen | (https://thehill.com/homenews/senate/533162-merkley-says- | capi...). Someone posted a picture of Nancy Pelosi's email | client, stole mail and left a threatening note in her office. | Other private chambers were vandalized (https://twitter.com/Sen | JeffMerkley/status/134703950452849868...). Can anyone really | confirm that there were zero foreign agents among the thousands | of rioters who accessed the building? Let's not pretend what | happened was normal. | chefkoch wrote: | You'd have to reimage all those computers for sure. | jaywalk wrote: | Not normal, not good. Will cause issues for sure. But those | computers did not have access to classified information. | paxys wrote: | > But those computers did not have access to classified | information. | | Got a source for that? You really think a sitting Senator's | laptop has zero useful data for a foreign government, or | even the opposition party? Heck his browser history or | synced texts could have enough blackmail material. | [deleted] | Jtsummers wrote: | Useful data != Secret/TS data. If there is any Secret/TS | data on these systems, there's already been a security | breach and yesterday wasn't special. Unclassified systems | are often assumed unsafe/breached to begin with. | randylahey wrote: | I don't disagree, however... human beings can be lazy, | short-sighted or take short-cuts. I wouldn't put it past | someone to keep something where it shouldn't be, | intentionally or by accident. | jjcon wrote: | I don't think you understand how difficult it would be to | get classified information on your unclassified laptop | and there isn't a chance in hell you could do it by | accident | Robin_Message wrote: | Just wondering as I have no special knowledge, but | suppose I am a senator and I receive a number of | classified briefings on a particular issue. | | Could I use Outlook to take some notes on my thoughts on | that issue? Say as a draft e-mail? I don't think there | would be anything technical to stop me, and it's not | going to set off any automatic exfiltration flags. | | But those notes could very well need to be classified. | Does everyone in the Capitol with access to classified | material have the necessary skills and incentives not to | make notes about them on their personal computer? | jjcon wrote: | If you are receiving a classified briefing you cannot be | on a machine that has internet access - the briefing | would be in a secured area with no personal devices and | the only machines in that area are airgapped (and they | are airgapped forever, no switching back and forth). | | You could of course write stuff down afterwards in an | unsecure place but that is day 1 essential huge fucking | deal no no. You don't even discuss classified info | outside a secure area, not in your public office not in | the outback not ever. That doesn't mean people don't do | it but when they do and it is found out it is a really | big deal. Accidents do happen and there are protocols in | place to deal with them when they occur. 99.9% of these | leaks are extremely mundane low tier classification and | are due to document misclassification etc. Sometimes the | name of a project is classified and is leaked by | reference etc but when it comes to actual important stuff | people are quite competent at keeping that in secure | areas. | richardwhiuk wrote: | You write an email that references something you read in | a classified briefing? | | Nancy Pelosi is part of the Gang of Eight - https://en.wi | kipedia.org/wiki/Gang_of_Eight_(intelligence) which is | briefed on National Security matters by the Executive | Branch (this is top secret, special forces operations | style stuff). | Jtsummers wrote: | That's actually how a lot of real-world classified data | leak incidents happen. Either someone records a | classified fact/detail on an unclassified system through | carelessness or lack of caution, or compiles a set of | facts that are (in aggregate) classified but individually | unclassified. | | The latter can be particularly pernicious as it's hard to | know the aggregate classification. I may be able to say | in separate contexts "The XF-42 is capable of exceeding | 1200 nautical miles per hour" and "The XF-42 is capable | of flying in excess of 60k feet" but placing the two | facts together can actually be classified (in practice, | usually more than two details). | setr wrote: | This seems nonsensical -- why are the sum of the parts | more classified than the individual? | | If I put together a long list of facts about the XF-42, | it's classified, but if I separate each item onto a | different page and tell someone else how to recompile the | information (eg page numbers), it's fine? | | I can't imagine a scenario where this model makes sense | -- ignoring absurdities like classifying basic facts (sky | is blue) and words (help) due to cascading | classification. | | It seems to me the rule should be that of poisoning -- | any information in a document with classification X | poisons the rest of the document to the same | classification; or rather, a document classification is | the maximum of its children | Jtsummers wrote: | My example probably wasn't the best as too much is | already given away. It's more like this: | | - We have a manned aircraft | | - We have an aircraft that can travel above 60k feet | | - We have an aircraft that can sustain or exceed Mach 8 | at that altitude | | - We have an aircraft called the XF-42 | | - We have an aircraft based in Middle-Of-Nowhere, AZ | | - We have 10 operational aircraft of some specific type | | Any one of those details may be unclassified, but as you | start pairing them up classified information can be | derived from it. Note that in this, somewhat better, | example only one item identifies the aircraft (rather | than my initial example in which both items identified | it). | | Publicly it may be known that an XF-42 exists, even where | it's based, and that there are only 10. Publicly it may | be known that _an_ aircraft exists which is manned, | travels above 60k feet and over Mach 8. But the two sets | of data may not be joined in public because that would | give more information than desired (in particular, that | there are only 10 indicates a limit on the capability of | the mystery superfast and high altitude aircraft). | | EDIT: Regarding some of your other comments. | | If I spread the information out _and_ tell you how to | reconstitute it so you can make a cohesive whole, I 've | just obfuscated the classified information which is the | same as leaking it straight up. | | Regarding "poisoning", this is how it's done. If you have | a document with TS data, the document is TS even if it's | a single line item surrounded by unclassified data. | jjcon wrote: | I've never seen exactly what they are talking about but | what they may be getting at is actually information | compartmentalization - group A can know fact A and group | B can know fact B but neither group can know AB. Some | higher up official can know AB but must keep those facts | separated in documentation because they may share | portions with the groups. Having said that - both A and B | are classified. You can't have unclassified | compartmentalized info. | [deleted] | jaywalk wrote: | There's a difference between the personal data you | mentioned, which is on all of our computers, and actual | classified information. | snowwrestler wrote: | I know a lot of people who worked for members of Congress | and a few who do now. Computers sitting on desks in | regular Congressional offices do not have access to | classified materials. Most members of Congress or their | staff do not have access to classified material at all. | | There is a lot of private information on those computers, | though, and the biggest risks there are the use of that | info to harass staff and/or manipulation of it to feed | conspiracy theories (see: Pizzagate). | | Blackmail material is extremely unlikely since these are | all government computers and everyone who works there | knows they are subject to oversight. | jjk166 wrote: | There are lots of things to be concerned about besides | classified information - such as emails and personal files | of congress members and staffers - but even further it's | not just what you can get off of the computer, it's what | you can put on it. | jjcon wrote: | > such as emails and personal files of congress members | and staffers | | All of which is not of national security concern and most | of which is already subject to public access via foia | meragrin_ wrote: | > The one person who almost got into an area where they really | didn't want people was shot dead. | | The videos showing her get shot had several police in the area | and they never looked like they were very interested in | protecting that area before she was shot. | c_r_w wrote: | Difference between the Secret Service and Capitol PD. | saargrin wrote: | not sure the office computers are typically accessible to | public | | now they gonna check everything for possible keyloggers or | whatnot | | and theres no way of knowing if any computer was left unlocked | and might have had something installed on it | NortySpock wrote: | At least one protestor claimed he found an unlocked computer. | Up to others to verify if that claim is accurate. | | https://arstechnica.com/tech-policy/2021/01/pro-trump- | report... | | Windows-L is the keyboard command to lock on Windows. I | strike it by habit every time I get up from my chair. | raverbashing wrote: | Best way I found is to set a "hot corner" that will lock | the computer once the cursor is moved there | | Easier than typing a key combination | InitialLastName wrote: | I had that at one point, but on Windows, with a high | resolution screen and maximized windows there are too | many useful operations dangerously close to every corner. | | Some folks at my office have ID cards that need to be | inserted to operate the computer (it locks when the card | is removed from the reader). The smart ones have attached | the card to their belt so that when they walk away, the | card goes with them and the computer locks. | mkl95 wrote: | Super-L is the keyboard command to lock on Gnome. The super | key is called the windows key on Windows :-) | jedberg wrote: | "Hi Representative Foo, I have a presentation on the USB | stick here I'd like to show you, mind if I plug it in?" | | "I just need to download the presentation from my website, | can I use your computer real quick?" | | Do you really think an 80 year old anti-tech representative | would even consider that a problem? | | I'd have to assume the computers are already protected from | that attack vector. | | Edit: I'm getting a lot of downvotes without replies, which | makes me thing people don't agree with this. I wonder, how | many have actually worked in corporate IT security for a non- | tech company with older employees? Because things like this | definitely happen on a daily basis. | | Case in point: Pelosi's screen was unlocked when that guy sat | down, which was at least 20 minutes after she left. That | means that not only does she not lock her screen when she | gets up, but the screen saver doesn't even auto-lock after 20 | minutes. | ufmace wrote: | Does anybody remember when Bradley/Chelsea Manning released | ~hundreds of thousands of classified diplomatic cables? I seem to | remember that most of the tech world at the time thought that was | awesome. I wonder why this time they're clutching pearls about | how scary and terrible this could be. | Sebb767 wrote: | > I wonder why this time they're clutching pearls about how | scary and terrible this could be. | | Most of the readers here know quite a few things about system | administration and/or IT security. As I read this thread, most | comments only discuss the IT security implication or express | sympathy for the poor souls that will need to clean up this | mess; there's hardly any discussion about the morality of | possible leaks. | [deleted] | randylahey wrote: | Your recollection does not comport with my own. A lot of | sensitive classified information was leaked, a good deal of it | having nothing to do with warrant-less wire-tapping, etc. | mjburgess wrote: | Four 5seconds until their contents was clear. | | It was initally assumed to be a leak on moral grounds. And | ended up just putting a lot of people in danger, and disrupting | international diplomacy. | | I dont think many who know the details support the leak. | jessaustin wrote: | No human was physically harmed as a result of Manning's | leaks. If there had been, such a person would have been | mourned in the USA war media for months. | fl0wenol wrote: | Since you're bringing up Manning but not mentioning Snowden, | and also helpfully dead naming her in case we were confused, we | can assume you're not bringing this up in good faith but as a | slanted whataboutism. | nosmokewhereiam wrote: | They can't sign emails without PKI right? | sybercecurity wrote: | Officially yes, but the use of S/MIME signed email in the | federal government is minimal/non-existent beyond a few | instances. | unixhero wrote: | Hey! They used it on The X-Files. I've got proof. (Joke) | adrianmonk wrote: | Are there security cameras? If so (assuming footage wasn't | tampered with), then you can maybe narrow down the locations | where people actually did have physical access. | TT3351 wrote: | Access to the Capitol isn't very restricted. People who are | handling top secret information know that very well; that said, | plenty of personally compromising information can usually be | found on any given personal computer. | jedberg wrote: | Is it though? I was having this discussion with a friend last | night. If I were IT for the Capitol, I would already be operating | under the assumption that all the clients are hostile. | | There are constantly visitors to the Capitol, including foreign | visitors who could easily be spies. Also, the Members themselves | are often old, anti-tech, and not the kind of people who will | remember to lock their screen when they get up. I would already | assume Member computers are a huge attack vector, and act | accordingly. | _Microft wrote: | Here is why Foone thinks that "forgetting to lock the screen" | is unlikely: | https://mobile.twitter.com/Foone/status/1346924327996772354 | mikeryan wrote: | Relevant Picture (from since deleted tweet - Interesting that | the media is still accessible on twitter...) | | https://pbs.twimg.com/media/ErErUqKXMAMQtyy.jpg | chris72205 wrote: | I _believe_ this is where that picture originated from | https://twitter.com/mikko/status/1346922681158000640?s=21 | _Microft wrote: | It almost looks like a photo that an employee themselves | might take after being shown such an alert message. | chipsa wrote: | Congress apparently doesn't use CACs, and the photo shown of | the desktop shows no card reader to stick a card in. | watwut wrote: | Random visitors don't go into offices. They don't look into | cupboards. They don't sit behind desk with computer. | AnimalMuppet wrote: | How about staffers working for members from the other party? | Yes, you'd expect a "gentlemen's agreement" not to do such | things. You might not be wise to trust it, though... | watwut wrote: | I doubt there is anything like gentlemens agreement last 8 | year's. Everyone was aware it is sociopaths run the place. | | So I think other party stsffers are not trusted to be left | alone. | chefkoch wrote: | But perhabs visitors like lobbyists, donors etc. could be | often alone long enough with a computer to something bad. And | don't forget all the viruses that tweet porn links. | watwut wrote: | Unlikely, given that it does not happen in commercial | companies either and there no one particularly has reason | to care. | MacsHeadroom wrote: | Private companies are compromised by visitors every | single day. Outsiders on-premise are one of the largest | attack vectors after insiders. | | This is why both the local network and endpoints are no | longer trusted in security models. | generalizations wrote: | And yet you still have to assume they might. | lumost wrote: | Authorized individuals have classified documents on Capitol | hill computers, there have been many options available to | support breaching a workstation given physical access for | years. | | In this event you don't even know if such authorized | persons had time to lock their computers. | Rebelgecko wrote: | I am a random nobody and I was able to waltz in to my | congresswoman's office. Obviously I wasn't digging through | the desk drawers, but it's not like I was closely observed | while I waited for my congresswoman's secretary to get off | her phone call | moate wrote: | This is not similar to having 4 ours of unfettered access | during a riot. They literally were digging in desk drawers, | using the phone, leaving threats, carving hate speech into | wooden doors, etc. | | I once saw a citizen with a 6-shooter strapped to his hip | at a Colorado county clerk's office peacefully fill out | some paperwork for 5 minutes. What does this story tell us | about what rioters did or didn't do while tearing up the | capital building? | defen wrote: | > I once saw a citizen with a 6-shooter strapped to his | hip at a Colorado county clerk's office peacefully fill | out some paperwork for 5 minutes. What does this story | tell us about what rioters did or didn't do while tearing | up the capital building? | | 1 minute of Googling tells me that Colorado is an open- | carry state, and there is no specific exclusion for | county offices, so unless this was in Denver or another | municipality that prohibits open carry I don't see the | relevance of your story to what happened in the Capitol. | bszupnick wrote: | This person, who seems to have more intimate knowledge of | capitol IT, also mimics the concern: | https://twitter.com/neurovagrant/status/1346964347684179970 | anovikov wrote: | On the other hand, there are for sure plenty of cameras out | there. Why not just find everyone who participated and make sure | no one sees them again? Just make them disappear. | riversflow wrote: | Seriously? You are really asking the government to disappear | people? ___________________________________________________________________ (page generated 2021-01-07 23:00 UTC)