A SOFREP source inside the Pentagon has confirmed that several classified SECRET laptops were stolen from the Capitol Building during Wednesday’s chaotic events. According to the source, who spoke to SOFREP under the condition of anonymity, some of the computers were left open and logged into the government’s classified network known as the SIPRNet.
SIPRNet, or the Secret Internet Protocol Router Network, is, simply put, the Department of Defense’s classified version of the civilian internet. It is a network of secure computers and servers that allows users from the Department of Defense, the Department of State, and other government bodies to transmit classified information.
On Thursday, following the breach of the Capitol building, the SIPRNet was shut down for a portion of the day before an update was pushed out, according to several SOFREP sources.
On Friday morning, according to sources inside, the operations center of the United States Army Special Operation Command, USASOC, sent out an email to all personnel saying that any SIPRNet computers not accounted for by the end of the day would be dropped from the network. A USASOC spokesperson confirmed the email but said it was “part of an ongoing administrative effort” which was “in no way related” to the events in Washington DC.
The Department of Justice has expressed concern over the theft of computers from the Capitol and has warned that some secret information may now be in play. On Wednesday, following the breach of the Capitol and the subsequent securing of the building, Senator Jeff Merkley posted on Twitter a video of the damage to his office which is located on a lower level of the building. In the video, he reports that his laptop was stolen.
The trail of destruction and looting. What happened today was an assault by the domestic terrorists who stormed the Capitol, but it was also an assault on our constitution.
[sound on] pic.twitter.com/BrELF7cMz1
— Senator Jeff Merkley (@SenJeffMerkley) January 7, 2021
It is unclear at this time whether Senator Merkley’s computer was designated as SECRET.
Department of Justice officials are still working to determine the number of computers that were stolen during the breach. House and Senate staff members with a need to access classified information are required to obtain security clearances. The Office of Senate Security and Office of House Security, respectively, have oversight over the security clearance process for congressional staffers. The background investigations for both the House and Senate are conducted by the FBI.
What Could Someone Access Via a SECRET Laptop Inside the Building?
Every SECRET computer is secured with a SIPRNet token, or password, and encryption in the form of a BitLocker key. In order to access a computer that had been logged off of the SIPRNet, someone would have to first bypass the password and then the encryption. If the encryption were hacked, access to any files saved on the computer’s hard drive would be accessible. If the computer were left open and logged in, however, access to the SIPRNet would be fairly easy.
It is common for a user to download information onto the computer’s hard drive for later use.
Access to the SIPRNet is controlled through a secure username and password or via a Common Access Card, or CAC. SECRET computers are equipped with CAC readers. When a CAC is inserted, the user’s credentials are verified. If a user is logged in and the CAC is removed from the reader, the user is immediately logged out and the computer is locked.
Accessing local files stored on the hard drive or gaining access to the SIPRNet would be nearly impossible for the average internet user, especially one lacking the credentials or a CAC with SECRET level clearance. Still, it is feasible. It’s also possible that authorized users — in this case, most likely senators serving on the Armed Services or Homeland Security Committees — could have left their CACs in their computers during the turmoil.
However, if someone among the rioters knew what they were doing, the SIPRNet security breach could be severe.
Say, for example, if a computer belonging to a National Security Council member or an Armed Serviced Committee member — who have nearly full access — were left unguarded and logged in, information from the SIPRNet could easily be downloaded onto the hard drive and then removed from the building in a cargo pocket or backpack.
Another concern is uploading files onto the server. For example, it would take no time at all to upload a virus. While a SECRET computer would reject the thumb drive immediately, someone smart enough could bypass this.
While a remote possibility, it would have been easy for a trained professional to slip unnoticed into the Capitol building in the midst of the confusion. Once inside, they would have had ample time to locate a SECRET computer, gain access, and carry out any number of actions. According to the most up-to-date timelines of the events on Wednesday, the Capitol was breached around 3 p.m. and cleared by Capitol Police by 5:40 p.m. A trained professional — a hacker, foreign spy, or traitor — would have had unfettered access to the SIPRNet for nearly three hours.
Expert intelligence operatives can get sensitive information from a single site in minutes.
There is a SCIF in the Capitol building on the third floor. It is heavily guarded, with armed guards always present, and nearly impossible to get into.
Now, it is very likely that many members of Congress would have SECRET documents in their offices’ safes. It’s unknown how many of those were breached or taken.
Given that the SECRET internet was down yesterday, an update was rolled out, and the take-home computers are to be dropped from the network suggests that the authorities are casting a wide net. It’s also possible that they aren’t sure what might be at risk and are attempting to shut as many doors down as possible.
What Could Someone Do With a Laptop Outside the Building?
If a laptop that was logged out of the SIPRNet and still encrypted were stolen from the building, it would be little more than a paperweight for the common thief. Even if they were able to bypass the security credentials and encryption, they would have no way of connecting the machine to the SIPRNet.
That is unless they had already solved that problem.
The level of sophistication needed to access classified information on the SIPRNet outside of a secure connection is extremely high. It’s likely that only a highly trained professional or someone from a foreign espionage group would be able to make a breach. It’s unlikely — though possible — that Russian or Chinese spies were present at the demonstrations on Wednesday. That said, a stolen SECRET computer with files on its hard drive would be very valuable to the right person.
Hackers, Spies, or Traitors?
It would stand to reason that an average rioter would not know about the existence of classified material or computers in the Capitol. It’s also likely that if a rioter entered an office and saw a computer, the motive for theft would be a base one, a crime of opportunity.
But, the gathering in DC on Wednesday was no random event. It was planned, and people came from all over to participate.
This new information comes amid questions over the lax security and claims from a Metro DC Police officer that off-duty military and police personnel were among the thugs and “flashing their ID badges” at their on-duty colleagues. Rioters who gained access to the building were pictured at the desks of high-ranking members of Congress, including Speaker Nancy Pelosi, and had unfettered access to dossiers, computers, and phones.
Michael Sherwin, acting U.S. Attorney for the District of Columbia, said “items, electronic items were stolen from senators’ offices, documents and… we have to identify what was done to mitigate that.”
The penalty for stealing a classified computer or classified information is hefty and could include over 10 years in jail.
Reporting was contributed by John Black, Sean Spoonts, and J.W. Sotak.