Criminal Justice & the Rule of Law Cybersecurity & Tech Democracy & Elections

Longer-Term Cybersecurity Implications of the Occupation of the Capitol—Beware of Fake Leaks

Herb Lin
Monday, January 11, 2021, 4:04 PM

There are many consquences of the rioters taking computers from members' offices. 

A computer keyboard (BigOakFlickr/https://flic.kr/p/ygGUtA/CC BY-SA 2.0/https://creativecommons.org/licenses/by-sa/2.0/)

Published by The Lawfare Institute
in Cooperation With
Brookings

Last week, I wrote about cybersecurity issues raised by the loss of physical control in the U.S. Capitol during the occupation. Since then, it has become clear that a number of devices are missing and presumably taken by the occupiers. The rioters took laptops from the offices of House Speaker Nancy Pelosi and Sen. Jeff Merkley. These devices are now in the physical possession of people who can be considered adversarial threat actors, and those actors now have the opportunity to take their time in trying to penetrate them and see what data is available on those machines. 

One would hope that connections associated with these machines have been terminated, so that, for example, these devices can no longer be used to access the email accounts or network drives associated with their owners. And perhaps there wasn't very much sensitive information locally available on those laptops, though I would not count on that for a minute.

But a much larger issue is how the fact of possession can be leveraged in the future to the advantage of the occupiers. Specifically, those who took the laptops are now in a position to create messages or files containing any kind of content and then claim that they were retrieved from one of these devices. If such faked content is released to the public, how will the owners of those devices refute what that content purports to reveal? The possibilities for mischief and worse are endless.

Technical forensics may be of some limited assistance in showing that these files and messages were created after the occupation, but the bigger question is whether forensic evidence would matter in changing public perception. How easy will it be for bad actors to ignore the forensics or claim the forensics are themselves forged?

I have no solution to this problem, but the device owners should start thinking very hard about what they will do and how they will respond when such fakery emerges.


Dr. Herb Lin is senior research scholar for cyber policy and security at the Center for International Security and Cooperation and Hank J. Holland Fellow in Cyber Policy and Security at the Hoover Institution, both at Stanford University. His research interests relate broadly to policy-related dimensions of cybersecurity and cyberspace, and he is particularly interested in and knowledgeable about the use of offensive operations in cyberspace, especially as instruments of national policy. In addition to his positions at Stanford University, he is Chief Scientist, Emeritus for the Computer Science and Telecommunications Board, National Research Council (NRC) of the National Academies, where he served from 1990 through 2014 as study director of major projects on public policy and information technology, and Adjunct Senior Research Scholar and Senior Fellow in Cybersecurity (not in residence) at the Saltzman Institute for War and Peace Studies in the School for International and Public Affairs at Columbia University. Prior to his NRC service, he was a professional staff member and staff scientist for the House Armed Services Committee (1986-1990), where his portfolio included defense policy and arms control issues. He received his doctorate in physics from MIT.

Subscribe to Lawfare