> belonged to a conference room and was used for presentations
Yikes. My first though was - oh this should be no big deal chances are there are good policies in place for laptops that go home with people.
Then I realized it is a shared/central machine which means it probably has the most effed up and relaxed security in the fleet, post-it notes with passwords taped to the palm rests, and god knows what else. IT departments are notorious for over-granting privileges to these shared machines due to the mixed use they typically recieve. After X help desk complaints you get fed up and check all the boxes in the permissions manager.
Hopefully, though, it is locked up and the data is inaccessible.
I worked on a barely do-not-distribute. Someone's spouse took a project member's laptop as hostage for alimony. Within 45 minutes of discovery and a phone call to the army equivalent of the FBI, agents were at the spouse's work and home searching for the laptop.
Lucky for the spouse they thought it was the personal laptop (it was not marked) so they weren't prosecuted.
IT should be able to revoke any access the machine has, so the only compromise would be what was already on the machine; which would be the case regardless of security policy, as they could just access the harddrive directly regardless of OS security policy.
In practice, it wouldn't suprise me if that computer was locally storing passwords that were not specific to that machine, which might mean needing to revoke a bunch of passwords
The presentation machines at my workplace (in addition to being desktops in a locked cabinet, because why would they leave the room?) just allow you to remote desktop back to your real workstation or to a VM. They have nothing locally.
I think that's a good solution to avoiding over-granting privileges.
The link appears to be some sort of live news feed and right now unrelated stuff about covid, articles of impeachment, and Trump's power to launch nukes is dominating the page, you really have to scroll to get to the laptop story
While not congress, so I can't say for sure, I have been around government and other enterprise systems. Some measures they had in place:
- Disabled USB Ports (except whitelisted peripherals)
- User accounts don't have permission to install anything at all
- If you plug a deceive with a different mac address than expected into an ethernet port the port locks down until a sysadmin verifies it and manually unlocks it
- Remote imaging of systems, including remote system verification
- No wifi on actual network
While its all a pain in the ass to deal with. Hopefully at least some of that is in place and reduces the likelihood of many of those issues.
How was every person leaving the building not searched by police as a condition of exit?
The kettling and taking of details of (even peaceful) protesters in the UK is pretty standard now (I don't like it, but it is what seems to happen) - so why did they just let these people leave unchecked?
Clearly the police were outnumbered to a degree that they couldn't prevent them from getting inside in the first place, so why would they have sufficient forces to search these individuals on exit?
Clearly a big deal and congressional IT staff are going to have a crazy few weeks ahead of them. However, my understanding is that any classified information would have to be in a SCIF. I assume that would be the case with congresspeople as well.
I've also heard that the congressional paging system locks devices when an emergency is announced, but haven't seen that corroborated anywhere. Anyone know if that's true?
Imagine something like 'The Thing' but with ~75 years of technological advancement.
The Capitol is going to need to be cleaned for such devices and equipment for a long time before it can be considered secure again.
On the flip side, any devices that may be found are likely to be close to the latest models, and like with project SATYR, the US may have a potential goldmine of new tech in the coming years.
EDIT: Combined with the recent hacking of the US, the synergy of having physical access creates a load of headaches and nightmares. If I were in the federal information security space I would be very interested in visa and flight logs in and out of the US right now.
Beyond the information security risk around the loss of this specific device, what really worries me is the physical security implications here. I'm certainly no expert on the subject, but it seems to me like, in a building like the US Capitol, it should not be anywhere near this easy for unauthorized people to waltz into an office or conference room in the first place. Let alone walk away with items from within that room.
https://twitter.com/doctorow/status/1347244300527013889:
"Resecuring the Capitol's IT infrastructure should probably involve shredding every device, cable and thumb-drive, tearing open every light-socket and power-outlet, and even then, it will be hard to fully trust the building and its systems."
Everthing in that building that plugs into the wall should be discarded and with a known good device. That includes network infrastructure and even cabling.
Between this and the recent SUNBURST fiasco, there are going to be some long discussions about security policy.
I was thinking even just merely about physical security while this was going on. One bad actor going from room to room planting listening devices would take a short bit to weed out no?
Came here to say I hope it was encrypted.
Being a laptop I hope the IT person saw it fit to have it encrypted just because it is more easily prone to theft.
I don't understand why Windows 10 doesn't take an encryption first approach. When you install Windows 10, it should default to having disk encryption checked.
This is yet another aspect that makes these recent events so depressing. I don't think I've ever felt this low and ashamed as an American before. How could the government even allow such a security breach to happen?
If you add up all the charges on breaking into the Capitol, the Speaker's office, the theft, the computer security laws, etc., they could probably get a 100 year sentence, and I hope they prosecute it fully.
Just a side note, to compare a slightly similar situation (with far less potential for violence).
It happened in Germany several months and three officers defended the Reichstag building from radical anti-Corona protesters until reinforcements arrived.
The key difference is that the German protesters didn't bring automatic weapons, molotov cocktails and pipe bombs. I sincerely hope federal authorities will get every single domestic terrorist involved in the Capitol storming.
There was a great thread on Twitter about the infosec implications of this breach of the capitol. In short, you have to assume foreign state actors were among the people inside, and every piece of technology should be replaced.
The infosec aspect of this whole event has been fascinating to me. That tweet from that guy in Pelosi's office with the computer with her email open was pretty shocking. Every company I have ever worked for enforced the pc auto locking after 10 min or so of inactivity. Its unbelievable that the Capitol doesn't enforce this.
[+] [-] whalesalad|5 years ago|reply
Yikes. My first though was - oh this should be no big deal chances are there are good policies in place for laptops that go home with people.
Then I realized it is a shared/central machine which means it probably has the most effed up and relaxed security in the fleet, post-it notes with passwords taped to the palm rests, and god knows what else. IT departments are notorious for over-granting privileges to these shared machines due to the mixed use they typically recieve. After X help desk complaints you get fed up and check all the boxes in the permissions manager.
Hopefully, though, it is locked up and the data is inaccessible.
[+] [-] grogenaut|5 years ago|reply
Lucky for the spouse they thought it was the personal laptop (it was not marked) so they weren't prosecuted.
This laptop could be much worse, or just fine.
[+] [-] m463|5 years ago|reply
"How can we remove this compromised system from the building without letting on that we know"
"just have a 'theft' remove it!"
[+] [-] gizmo686|5 years ago|reply
In practice, it wouldn't suprise me if that computer was locally storing passwords that were not specific to that machine, which might mean needing to revoke a bunch of passwords
[+] [-] simonh|5 years ago|reply
[+] [-] geofft|5 years ago|reply
I think that's a good solution to avoiding over-granting privileges.
[+] [-] dfsegoat|5 years ago|reply
[+] [-] asveikau|5 years ago|reply
[+] [-] debt|5 years ago|reply
A stolen laptop is usually not considered "no big deal" basically everywhere I worked.
[+] [-] eplanit|5 years ago|reply
[+] [-] astura|5 years ago|reply
I think this is the direct link: https://www.theguardian.com/us-news/live/2021/jan/08/donald-...
The "story" is also really just a link to this tweet: https://twitter.com/Drew_Hammill/status/1347598063620206592?...
[+] [-] spzb|5 years ago|reply
[+] [-] jjkaczor|5 years ago|reply
[+] [-] Bedon292|5 years ago|reply
- Disabled USB Ports (except whitelisted peripherals)
- User accounts don't have permission to install anything at all
- If you plug a deceive with a different mac address than expected into an ethernet port the port locks down until a sysadmin verifies it and manually unlocks it
- Remote imaging of systems, including remote system verification
- No wifi on actual network
While its all a pain in the ass to deal with. Hopefully at least some of that is in place and reduces the likelihood of many of those issues.
[+] [-] ljf|5 years ago|reply
The kettling and taking of details of (even peaceful) protesters in the UK is pretty standard now (I don't like it, but it is what seems to happen) - so why did they just let these people leave unchecked?
[+] [-] hwillis|5 years ago|reply
[+] [-] snoshy|5 years ago|reply
[+] [-] tt433|5 years ago|reply
[+] [-] ViViDboarder|5 years ago|reply
[+] [-] BitwiseFool|5 years ago|reply
[+] [-] kube-system|5 years ago|reply
The same reason they weren't searched on the way in. It was a security failure.
[+] [-] stuff4ben|5 years ago|reply
[+] [-] ascales|5 years ago|reply
[+] [-] yuliyp|5 years ago|reply
[+] [-] Balgair|5 years ago|reply
https://en.wikipedia.org/wiki/The_Thing_%28listening_device%...
Imagine something like 'The Thing' but with ~75 years of technological advancement.
The Capitol is going to need to be cleaned for such devices and equipment for a long time before it can be considered secure again.
On the flip side, any devices that may be found are likely to be close to the latest models, and like with project SATYR, the US may have a potential goldmine of new tech in the coming years.
EDIT: Combined with the recent hacking of the US, the synergy of having physical access creates a load of headaches and nightmares. If I were in the federal information security space I would be very interested in visa and flight logs in and out of the US right now.
[+] [-] jnwatson|5 years ago|reply
[+] [-] tsomctl|5 years ago|reply
[+] [-] stuff4ben|5 years ago|reply
[+] [-] mumblemumble|5 years ago|reply
[+] [-] DevX101|5 years ago|reply
[+] [-] amenghra|5 years ago|reply
[+] [-] yabones|5 years ago|reply
Everthing in that building that plugs into the wall should be discarded and with a known good device. That includes network infrastructure and even cabling.
Between this and the recent SUNBURST fiasco, there are going to be some long discussions about security policy.
[+] [-] TheCapn|5 years ago|reply
[+] [-] aborsy|5 years ago|reply
[+] [-] Grazester|5 years ago|reply
[+] [-] nodesocket|5 years ago|reply
[+] [-] java-man|5 years ago|reply
[+] [-] abnry|5 years ago|reply
[+] [-] duxup|5 years ago|reply
That stuff will get out of hand and will come back to even bite the folks who thought they were part of it.
Lindsey Graham was apparently accosted by a crowd at the airport so much security escorted him away.
[+] [-] coldcode|5 years ago|reply
[+] [-] spoonjim|5 years ago|reply
[+] [-] rufus_foreman|5 years ago|reply
[+] [-] mminer237|5 years ago|reply
[+] [-] brynjolf|5 years ago|reply
[+] [-] neuronic|5 years ago|reply
It happened in Germany several months and three officers defended the Reichstag building from radical anti-Corona protesters until reinforcements arrived.
https://www.youtube.com/watch?v=Pc-56opg-Xg [cellphone source]
https://www.youtube.com/watch?v=e1AxyHaHYIY [actual news]
The key difference is that the German protesters didn't bring automatic weapons, molotov cocktails and pipe bombs. I sincerely hope federal authorities will get every single domestic terrorist involved in the Capitol storming.
[+] [-] telaelit|5 years ago|reply
[+] [-] neolog|5 years ago|reply
Full disk encryption is good for when the machine is powered off.
What about for the scenario when it gets swiped during the work day when I'm in the bathroom?
[+] [-] handelaar|5 years ago|reply
There is no laptop, no camera, no wall socket, no light switch even, that should not now be destroyed
[+] [-] larrywright|5 years ago|reply
https://twitter.com/jacobian/status/1347001812889452545?s=20
[+] [-] print_r|5 years ago|reply