You are using an outdated browser.
Please upgrade your browser
and improve your visit to our site.

The Capitol Riot Is a Cybersecurity Nightmare

The MAGA mob rifled through file cabinets and stole at least one computer. What secrets did the looters abscond with?

Win McNamee/Getty Images

The violent storming of the U.S. Capitol on Wednesday by Donald Trump supporters, who were egged on by the president’s false claims that the election was fraudulent, was a bizarre and macabre event without precedent in Washington this side of the War of 1812. Four people died as the mob rampaged through congressional offices and the floor of the Senate, while politicians donned gas masks and hustled through secret corridors to safety. The riot revealed just how vulnerable the Capitol is—not just its workers, but its secrets.

Because everything is content now, the rioters took advantage of their new surroundings to post selfies and videos of themselves enjoying full access to congressional offices. One rioter, a reporter for The Blaze, tweeted a photo of himself sitting at a computer in Nancy Pelosi’s office, with the computer still logged in, a warning message about the insurrection blaring on the screen. Once order was restored late on Wednesday, the rioters having been forced out of the building, the physical damage became apparent. Oregon Senator Jeff Merkley posted a video of one of his offices that had been trashed, and he said a laptop was stolen.

But the unseen damage remains unknown. The Trumper riot exposed not just the grounds’ physical insecurity—which seemingly was abetted by a pliant police force—but also its openness to electronic attack. It would have been trivial for a tech-savvy MAGA head or QAnon cultist, or an agent of a criminal organization or foreign government, to abscond with a government computer or leave behind a small listening device. Scrubbing these offices and their equipment, and ensuring that they can be trusted again, will be an arduous task for Congress’s cybersecurity team.

There are some reassuring notes of caution for those worried about the spilling of government secrets or whether rioters could have installed malware on government networks. Computers in the Capitol generally need a physical ID card present in order to install software; USB ports have reportedly been disabled since the Snowden revelations (a decision that has a deleterious effect on the ability of would-be leakers and whistleblowers to spirit information out from under the omniscient eye of government surveillance). But that doesn’t mean that more sophisticated actors could not have left behind electronic spy tools, rifled through files on computers that were left logged on, or simply absconded with the computers themselves, as someone did in Merkley’s office. There’s also the question of whether government-issued cell phones or other devices were lost in the maelstrom.

“It seems likely that some serious data breaches will occur,” wrote Ars Technica. We simply won’t know the full damage unless, or until, leaks start appearing. Whatever a few rioters might later dump on the internet for public consumption, it’s likely to become more material for the slurry of disinformation and manipulation that brought MAGA rioters to the Capitol in the first place. Wednesday’s mob ostensibly overran the Capitol because they think the truth of the election has been hidden from them, and undoubtedly they’re now wondering whether the truth might be found on a random computer lifted from a congressional office.