fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Breaking: Computers With Access To Classified Material Stolen From Capitol

Breaking: Computers With Access To Classified Material Stolen From Capitol

A Congress staffer holds his hands up while Capitol Police Swat team check everyone in the room as they secure the floor of Trump supporters in Washington, DC on January 6, 2021. Source: Photo: Olivier Douliery, AFP Via Getty Images.

SOFREP source inside the Pentagon has confirmed that several classified SECRET laptops were stolen from the Capitol Building during Wednesday’s chaotic events. According to the source, who spoke to SOFREP under the condition of anonymity, some of the computers were left open and logged into the government’s classified network known as the SIPRNet.

SIPRNet, or the Secret Internet Protocol Router Network, is, simply put, the Department of Defense’s classified version of the civilian internet. It is a network of secure computers and servers that allows users from the Department of Defense, the Department of State, and other government bodies to transmit classified information.

On Thursday, following the breach of the Capitol building, the SIPRNet was shut down for a portion of the day before an update was pushed out, according to several SOFREP sources.

On Friday morning, according to sources inside, the operations center of the United States Army Special Operation Command, USASOC, sent out an email to all personnel saying that any SIPRNet computers not accounted for by the end of the day would be dropped from the network. A USASOC spokesperson confirmed the email but said it was “part of an ongoing administrative effort” which was “in no way related” to the events in Washington DC.

The Department of Justice has expressed concern over the theft of computers from the Capitol and has warned that some secret information may now be in play. On Wednesday, following the breach of the Capitol and the subsequent securing of the building, Senator Jeff Merkley posted on Twitter a video of the damage to his office which is located on a lower level of the building. In the video, he reports that his laptop was stolen.

The trail of destruction and looting. What happened today was an assault by the domestic terrorists who stormed the Capitol, but it was also an assault on our constitution.
[sound on] pic.twitter.com/BrELF7cMz1

— Senator Jeff Merkley (@SenJeffMerkley) January 7, 2021

It is unclear at this time whether Senator Merkley’s computer was designated as SECRET.

Department of Justice officials are still working to determine the number of computers that were stolen during the breach. House and Senate staff members with a need to access classified information are required to obtain security clearances. The Office of Senate Security and Office of House Security, respectively, have oversight over the security clearance process for congressional staffers. The background investigations for both the House and Senate are conducted by the FBI.

Also Read: 10 Principles On How To Build A Good Governance Model

What Could Someone Access Via a SECRET Laptop Inside the Building?

Every SECRET computer is secured with a SIPRNet token, or password, and encryption in the form of a BitLocker key. In order to access a computer that had been logged off of the SIPRNet, someone would have to first bypass the password and then the encryption. If the encryption were hacked, access to any files saved on the computer’s hard drive would be accessible. If the computer were left open and logged in, however, access to the SIPRNet would be fairly easy.

It is common for a user to download information onto the computer’s hard drive for later use.

Access to the SIPRNet is controlled through a secure username and password or via a Common Access Card, or CAC. SECRET computers are equipped with CAC readers. When a CAC is inserted, the user’s credentials are verified. If a user is logged in and the CAC is removed from the reader, the user is immediately logged out and the computer is locked.

Accessing local files stored on the hard drive or gaining access to the SIPRNet would be nearly impossible for the average internet user, especially one lacking the credentials or a CAC with SECRET level clearance. Still, it is feasible. It’s also possible that authorized users — in this case, most likely senators serving on the Armed Services or Homeland Security Committees — could have left their CACs in their computers during the turmoil.

However, if someone among the rioters knew what they were doing, the SIPRNet security breach could be severe.

Say, for example, if a computer belonging to a National Security Council member or an Armed Serviced Committee member — who have nearly full access — were left unguarded and logged in, information from the SIPRNet could easily be downloaded onto the hard drive and then removed from the building in a cargo pocket or backpack.

secret laptops stolen
A Trump supporter is seen hanging from the balcony in the Senate Chamber on January 06, 2021, in Washington, DC. (Photo: Win McNamee, Getty Images)

Another concern is uploading files onto the server. For example, it would take no time at all to upload a virus. While a SECRET computer would reject the thumb drive immediately, someone smart enough could bypass this.

While a remote possibility, it would have been easy for a trained professional to slip unnoticed into the Capitol building in the midst of the confusion. Once inside, they would have had ample time to locate a SECRET computer, gain access, and carry out any number of actions. According to the most up-to-date timelines of the events on Wednesday, the Capitol was breached around 3 p.m. and cleared by Capitol Police by 5:40 p.m. A trained professional — a hacker, foreign spy, or traitor — would have had unfettered access to the SIPRNet for nearly three hours.

Expert intelligence operatives can get sensitive information from a single site in minutes.

capitol breached
Richard Bigo Barnett takes a seat in the office of Speaker of the House Nancy Pelosi after breaching Capitol security during a protest against Congress certifying Joe Biden as the next president in Washington, Jan 6, 2021. (Jim Lo Scalzo/EPA via Shutterstock)

Where Would the SECRET Information Really Be?

A SCIF, or Sensitive Compartmented Information Facility, is a secure place where sensitive information can be viewed and discussed to prevent outside surveillance or spying

There is a SCIF in the Capitol building on the third floor. It is heavily guarded, with armed guards always present, and nearly impossible to get into.

Now, it is very likely that many members of Congress would have SECRET documents in their offices’ safes. It’s unknown how many of those were breached or taken.

Given that the SECRET internet was down yesterday, an update was rolled out, and the take-home computers are to be dropped from the network suggests that the authorities are casting a wide net. It’s also possible that they aren’t sure what might be at risk and are attempting to shut as many doors down as possible.

Also Read: The Importance Of DPIA And Its 3 Types Of Processing

What Could Someone Do With a Laptop Outside the Building?

If a laptop that was logged out of the SIPRNet and still encrypted were stolen from the building, it would be little more than a paperweight for the common thief. Even if they were able to bypass the security credentials and encryption, they would have no way of connecting the machine to the SIPRNet.

That is unless they had already solved that problem.

The level of sophistication needed to access classified information on the SIPRNet outside of a secure connection is extremely high. It’s likely that only a highly trained professional or someone from a foreign espionage group would be able to make a breach. It’s unlikely — though possible — that Russian or Chinese spies were present at the demonstrations on Wednesday. That said, a stolen SECRET computer with files on its hard drive would be very valuable to the right person.

Hackers, Spies, or Traitors?

It would stand to reason that an average rioter would not know about the existence of classified material or computers in the Capitol. It’s also likely that if a rioter entered an office and saw a computer, the motive for theft would be a base one, a crime of opportunity.

But, the gathering in DC on Wednesday was no random event. It was planned, and people came from all over to participate.

This new information comes amid questions over the lax security and claims from a Metro DC Police officer that off-duty military and police personnel were among the thugs and “flashing their ID badges” at their on-duty colleagues. Rioters who gained access to the building were pictured at the desks of high-ranking members of Congress, including Speaker Nancy Pelosi, and had unfettered access to dossiers, computers, and phones.

Michael Sherwin, acting U.S. Attorney for the District of Columbia, said “items, electronic items were stolen from senators’ offices, documents and… we have to identify what was done to mitigate that.”

The penalty for stealing a classified computer or classified information is hefty and could include over 10 years in jail.

Reporting was contributed by John Black, Sean Spoonts, and J.W. Sotak.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us