While not congress, so I can't say for sure, I have been around government and other enterprise systems. Some measures they had in place:
- Disabled USB Ports (except whitelisted peripherals)
- User accounts don't have permission to install anything at all
- If you plug a deceive with a different mac address than expected into an ethernet port the port locks down until a sysadmin verifies it and manually unlocks it
- Remote imaging of systems, including remote system verification
- No wifi on actual network
While its all a pain in the ass to deal with. Hopefully at least some of that is in place and reduces the likelihood of many of those issues.
> If you plug a deceive with a different mac address than expected into an ethernet port the port locks down until a sysadmin verifies it and manually unlocks it
Reckon they'd immediately block this laptop's MAC address after it gets reported stolen? If not, that's reason enough to steal it - clone the MAC address and plug in your own device which is now whitelisted. Of course this isn't enough on its own and you likely need some compromised credentials too.
Probably would remove it as soon as its reported yes. Even if they didn't you would still have to take the device back in the building to that same exact port to connect.
Probably (let's hope - but, if I have seen anything in the last 4-years, it has been a constant, non-stop erosion of competency in the US government) - and, most likely the insurgents just didn't plan anything "long-term" or tricky.
Question though... Don't hardware-based keyloggers present as a "keyboard", and isn't that a generic device which would probably be whitelisted?
Definitely possible, nothing is perfect. Just Lots of things that make it harder, but not impossible, to do bad stuff. Some places still use PS/2 devices for those peripherals as well, though that's much less common these days.
Was curious, looks like there are a lot of pass through USB keyloggers that probably show up like the original whitelisted device. So definitely a risk there. I know I would want every single device there manually looked over, but I don't know how long that would take with a likely pretty limited staff.
I'm afraid that simply discarding all these devices and replacing them with new devices instead of inspection will be not just safer, but also cheaper.
At my old job, even if you plugged a generic keyboard that you'd already been using with the computer into the wrong USB port it wouldn't work. I believe you can set this stuff all up to be looking for very specific pieces of hardware on specific USB ports.
I know someone who had their government laptop taken from them (then they came back with it), when going through customs of another country. The first thing their bosses told them was do not turn it on. The laptop had very sophisticated encryption and I would assume they just straight out destroyed it. They got an exact replacement.
If this is how Uncle Sam reacts to one of his laptops being "borrowed" at foreign customs, why does he expect civilians to simply accept the situation when their laptops are "borrowed" at US customs?
One or two hiding in the crowd could be enough. I wouldn’t be surprised if there was at least one spy from some adversarial nation.
From a security perspective, I think they will need to assume everything is potentially compromised and go from there. Remote wipe, scan for microphones and cameras, etc.
The idea here is some foreign actor agent (that could be a U.S. citizen by the way) could have participated in storming/ breaking and entering the capitol.
