![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
estiroseDisclaimer: I am not an information security/cybersecurity expert. I just know something about the topic and have been reading what the cybersecurity/information security community on Reddit is saying.
First of all, people use information security and cybersecurity interchangeably, but they're not quite the same thing. The simple version is this: cybersecurity is part of information security, but not all of it. Information security is securing both printed/paper and electronic data, while cybersecurity is specifically protecting electronic data/networks. A lot of the discussion on the cybersecurity/information security Reddits involves the broader information security rather than cybersecurity itself when it comes down to the U.S. Capitol invasion. To save my fingers, I will use "infosec" to refer to information security/the information security people/field.
A term that you'll hear often in the field is the term "bad actors". A bad actor is a hacker or other individual or entity that means harm to an entity or network. In some sense, the rioters in the Capitol building are all bad actors, but what the infosec community has focused on is the potential for people who quietly used the riots/invasion to access physical computers/servers/confidential information in the building. The people who took selfies while sitting at desks are not the ones that the infosec community is worried about.
Thing is, computers are much, much easier to compromise when they're right in front of you. An unlocked computer is an easy target. So is a computer with the password stored on a sticky note that's easy to find. It's why policies are in place to have users lock their computers when they step away and not store their passwords in easy to find locations. Depending on local policies, someone could insert a flash drive or know how to pull backdoor software from another site and install it on a machine. A computer that is not encrypted with FileVault/BitLocker/LUKS or similar is vulnerable to someone with a bootable flash drive, as they can just access the file system and not worry about your password.
I do not envy local IT, because given the access that the rioters had every endpoint (computer/server/laptop/etc) is going to be considered compromised even if it wasn't.
In the realm of non-computer information security, there are also things to be worried about. It wouldn't be hard for an attacker to slip in with the rioters, find a desk, and start taking photos of confidential documents. (If your employer has ever had a clean-desk policy, this is the reason why.) We all carry portable computers with cameras in our pockets and it would be easy to pretend to take a selfie while actually taking pictures of a printed document. Likewise, it wouldn't be hard to install bugging devices into offices while pretending to just be another rioter whooping it up.
There are two groups of people in particular who have motive to do worse than pose for selfies. One is people aligned with the rioters that want to hurt a government that they think is corrupt/want to get one over on civil servants and elected officials. The second is foreign bad actors to sabotage and conduct espionage. (See the SolarWinds incident a few weeks ago.)
So, in conclusion, from a cybersecurity/infosec standpoint, this is a nightmare that we will be dealing with for some time to come.
First of all, people use information security and cybersecurity interchangeably, but they're not quite the same thing. The simple version is this: cybersecurity is part of information security, but not all of it. Information security is securing both printed/paper and electronic data, while cybersecurity is specifically protecting electronic data/networks. A lot of the discussion on the cybersecurity/information security Reddits involves the broader information security rather than cybersecurity itself when it comes down to the U.S. Capitol invasion. To save my fingers, I will use "infosec" to refer to information security/the information security people/field.
A term that you'll hear often in the field is the term "bad actors". A bad actor is a hacker or other individual or entity that means harm to an entity or network. In some sense, the rioters in the Capitol building are all bad actors, but what the infosec community has focused on is the potential for people who quietly used the riots/invasion to access physical computers/servers/confidential information in the building. The people who took selfies while sitting at desks are not the ones that the infosec community is worried about.
Thing is, computers are much, much easier to compromise when they're right in front of you. An unlocked computer is an easy target. So is a computer with the password stored on a sticky note that's easy to find. It's why policies are in place to have users lock their computers when they step away and not store their passwords in easy to find locations. Depending on local policies, someone could insert a flash drive or know how to pull backdoor software from another site and install it on a machine. A computer that is not encrypted with FileVault/BitLocker/LUKS or similar is vulnerable to someone with a bootable flash drive, as they can just access the file system and not worry about your password.
I do not envy local IT, because given the access that the rioters had every endpoint (computer/server/laptop/etc) is going to be considered compromised even if it wasn't.
In the realm of non-computer information security, there are also things to be worried about. It wouldn't be hard for an attacker to slip in with the rioters, find a desk, and start taking photos of confidential documents. (If your employer has ever had a clean-desk policy, this is the reason why.) We all carry portable computers with cameras in our pockets and it would be easy to pretend to take a selfie while actually taking pictures of a printed document. Likewise, it wouldn't be hard to install bugging devices into offices while pretending to just be another rioter whooping it up.
There are two groups of people in particular who have motive to do worse than pose for selfies. One is people aligned with the rioters that want to hurt a government that they think is corrupt/want to get one over on civil servants and elected officials. The second is foreign bad actors to sabotage and conduct espionage. (See the SolarWinds incident a few weeks ago.)
So, in conclusion, from a cybersecurity/infosec standpoint, this is a nightmare that we will be dealing with for some time to come.
