Hacker News new | past | comments | ask | show | jobs | submit login
Laptop stolen from Pelosi's office during storming of U.S. Capitol, says aide (reuters.com)
561 points by spzb 16 days ago | hide | past | favorite | 696 comments

> belonged to a conference room and was used for presentations

Yikes. My first though was - oh this should be no big deal chances are there are good policies in place for laptops that go home with people.

Then I realized it is a shared/central machine which means it probably has the most effed up and relaxed security in the fleet, post-it notes with passwords taped to the palm rests, and god knows what else. IT departments are notorious for over-granting privileges to these shared machines due to the mixed use they typically recieve. After X help desk complaints you get fed up and check all the boxes in the permissions manager.

Hopefully, though, it is locked up and the data is inaccessible.

I worked on a barely do-not-distribute. Someone's spouse took a project member's laptop as hostage for alimony. Within 45 minutes of discovery and a phone call to the army equivalent of the FBI, agents were at the spouse's work and home searching for the laptop.

Lucky for the spouse they thought it was the personal laptop (it was not marked) so they weren't prosecuted.

This laptop could be much worse, or just fine.

Reminds me of this old "Professor Pwnage" video. https://www.youtube.com/watch?v=u4gVkprDej0

Do you have any information on how this ended?

The professor was bluffing [0].

Apparently it was deemed a random theft [1].

[0]: https://www.engadget.com/2005-04-25-laptop-thief-not-scared-...

[1]: https://www.berkeley.edu/news/media/releases/2005/09/15_lapt...

What is a “barely do-not-distribute?”

Put the quotes around DND... It was mostly unimportant mostly already public do not distribute data but you can't be sure what was actually on the laptop. NOFORN would be a good exact version.

This was also years ago, and for obvious reasons I don't want to be more exact.

It's usually the second lowest security level, just above "Public" and below "Secret".

We used to just call that "confidential".

We still do, but it's rarely used in my experience.

Third lowest; NOFORN is above public

NOFORN is not a level but an orthogonal restriction.

Information could be Secret and NOFORN or Secret and Five-Eyes, for instance.

Do you all say NOFORN the way I think you say NOFORN? (No forn)

"No foreign nationals"

And yes, "no-forn"

Never heard it called that. What I have heard is something along the lines of "confidential but unclassified" which seems more descriptive to me.

This would never be used by USG. Confidential -> Classified

The classification scheme is broadly cut up into Confidential, Secret, Top Secret, and Codeword. There are many modifiers to that such as Five-Eyes, Cosmic (NATO), and Restricted-Data (Nuclear Weapon Design).

There are a menagerie of controls that don't rise to classification, like NOFORN, Law Enforcement Sensitive, For official use only, etc.

Code word compartments cut horizontally across the Confidential/Secret/Top Secret hierarchy. I’ve seen stuff that was classified Confidential, but also in a code word protected compartment. I had a TS/SCI/SI/CT/NATO/ATOMAL clearance when I worked for the Defense Information Systems Agency in the Pentagon. Many times over the past 25+ years I have had to correct people who think the compartmented stuff is classified at a level “above Top Secret”, when in fact the compartments just cut horizontally across the hierarchy.

Below Confidential exist other “unclassified” states, like “For Official Use Only” and “No Foreign” (a.k.a., NOFORN). Then, regardless of the classification, you should also have to prove “Need to Know”.

I don't dispute that, I was trying to present a somewhat simplified view of this in a succinct comment.

To me, the most interesting aspects of classification were that the title, content, and classification level itself don't necessarily share levels.

CUI -- Controlled, Unclassified Information (formerly FOUO - For Official Use Only)

As others have pointed out, Confidential is classified, the lowest classification level.

Those were the terms we used at an investment bank but I imagine different institutions use different classifications.

Metaphorically speaking. I.e. not quite DnD, but likely would want to be contained

security policy for documents

Maybe stealing it also removed a bunch of foreign operative bugs and keyloggers :)

"How can we remove this compromised system from the building without letting on that we know"

"just have a 'theft' remove it!"

Didn't one of the insurrectionists arrested require a Russian translator at his booking?

For those downvoting this comment, here's a source: https://www.washingtonpost.com/local/legal-issues/capitol-si...

Hilarious, but definitely not a spy. The Russians aren't so amateur as to send an undercover agent to the US who can't speak English.

If they missed the opportunity at the Capitol the other day to plant listening devices though, they must be kicking themselves now.

You say that, but they have had spies being exposed for a lot of stupid reasons. Like having their address on driving licenses be the FSB headquarters to avoid getting traffic tickets.

Also, it seems entirely possible to me that they would do that not for the purposes of spying, but to sow chaos.

Seems like the kind of expendable person they might send for what is basically a smash-and-grab.

How undercover does he need to be if American citizens are openly planning online to storm the Capitol? He just needs to wear a MAGA hat and walk in with them.

Ok, probably not a spy, but who knows?

I'd say Russia definitely has at least a subset of very amateurish spies. An example coming to mind is the Skripal poisoning in Salisbury, UK.

Isn't Stalin rumored to have said, "There's a certain quality in quantity" in response to criticism that quality beats quantity? I think the quote is one of those unproven maybe-it-happened-but-we-have-no-solid-evidence things, but it seems to sum up the Russian approach to tanks and troops in WWII well enough, and from stories I've read, seems to be reflect their approach in the spy world as well. They are immensely practical.

How was that amateurish? Acquiring and handling such a substance would not be easy.

They left a pretty clear trail, and they didn't actually succeed in killing the target. Sounds amateurish to me.

That sounds intentional. The only reason to use novichok as the weapon is precisely so everyone knows who did it. It's meant to be an example to others so they don't cross the Russian government.

Spies aren't the same as we see in the movies. Remember CIA field operatives used chip bags to hide their cell phones' signal.

Clearly they never tried calling those phones to test...

To be fair the CIA operatives likely saw the chip bag trick in a movie. Art emulates life emulates art.

Why would a Russian spy not want Russian translators and lawyers?

I think it would just be easier if someone "accidently" spilled coffee on it.

"3rd system we've lost this month!"

That would be the machine to keylog.

Space. Space. Space. Backspace. Space.

OTOH, if it is set up such that presenters need to log in with their official credentials to access their shared documents, it would actually be the machine to keylog.

Are you creating the Election_Fraud_Evidence.doc file?

Why do you think any of your rogue nation club have any interest hacking US politicians, except for, probably, blackmail?

US is an open society, and most US politicians speak what they think, or at least you can guess, or even ask them yourself! Those people are like open books.

Unlike of your usual cabal totalitarians, who either don't speak at all, or purposefully try to hide their real aims by engaging in double speak, triple, quadruple speak.

I can't imagine you really believe that. The US may have an open society, but the US doesn't have an open government. Look at just the tiniest amount of publicly known items from Snowden and Wikileaks. Those alone indicate a greater iceberg of secrets.

Very good argument, but I cannot believe that anything of Wikileaks leaks would be really new, or of much value to Russians, or Chinese.

US diplomatic talks with sketchy regimes? I bet China, and Russia would've not needed any spies there really.

US sales of weapons? US sells them everywhere, and they don't need spies to know the bottom price, when most of weapon buyers would just tell them that themselves. You don't have too much alternatives in a duopoly market.

US spies on Russian, or Chinese soil? You don't need to tell regimes like that of them being penetrated. Xi, and Pu realize perfectly well that they are surrounded by thousands of sketchy, and unreliable officers.

Seems safe to assume that the Speaker of the House and her aides would have access to classified national intelligence that might not be open to the world, and would be valuable in it's own right. Things like progress and updates with Covid vaccines, their deployment plans, and lack of security around them would make information like it ripe for the black market and adversary governments in these times.

Access to classified intelligence means that they are allowed to enter a secure room/facility and view the material. They still should not be taking said material out into an unclassified environment.

There are different levels of classification that carry different restrictions. Also, govt infosec being what it is, there are likely plenty of lapses.

Even the lowest level of classification (confidential) means that the data should not be stored on an unclassified system, and has additional physical storage requirements that Pelosi's main office doesn't meet.

At worst, the laptop had FOUO/CUI (for official use only/controlled unclassified information) data. Not great for that to get leaked; but not that scary from a national security perspective (we're pretty aggressive about classifying stuff).

If anything damaging comes out of this, I would expect it to be of a political nature; where something that Pelosi and friends would prefer to keep secret gets leaked, but doesn't have much influence on national security.

Sure. Unless their security policies are completely broken, any laptops they are using should also have disk-level encryption.

Black market? Legislators use that info on the stock market. Somebody is going to go Robinhood on defense, construction and pharma stocks with that laptop.

What would enemy spies get out of that.

Even prima fascie top military secrets like battle plans (those must be updated and shuffled regularly to prevent a situation exactly like that) have very little immediate usefulness.

It's 21st century, it's beyond anybody's ability to hide things like size, dislocation, and basic capabilities of your force

Just wondering, small thing; did you mean to type "disposition" instead of "dislocation"?

No, I mean dislocation, as in military dislocation.


Oh you think the generals readily involve old Pelosi with the battle plans? I sort of doubt they would trust her with anything digital that’s supposed to be a secret.

Pelosi just had a confidential conversation with the general in charge of US nuclear codes.

I think the same, and I very much doubt US general staff being inept to a point of holding war plans on a computer.

Intel reports? Again, most real deal intel sources would be either kept real deal secret, or really not being such.

IT should be able to revoke any access the machine has, so the only compromise would be what was already on the machine; which would be the case regardless of security policy, as they could just access the harddrive directly regardless of OS security policy.

In practice, it wouldn't suprise me if that computer was locally storing passwords that were not specific to that machine, which might mean needing to revoke a bunch of passwords

> as they could just access the harddrive directly regardless of OS security policy.

I think that's wrong if you consider disk encryption.

From what I've read, full disk encryption was optional in the House until very recently. If this was a shared machine it's almost certainly not encrypted.

full disk encryption is also possible with a shared computer. TPM and PBA are some keywords

Absolutely it's possible, but as it was a shared computer, it's also likely to be one of the oldest in the fleet. It's also likely to be one that no one bothers to ask for specific attention to. As a result, it's likely that no full disk encryption was ever applied.

Possible? Very. Likelihood of the computer's login password and thus hard drive decryption key attached to the computer's screen with a post-it note thus obviating the protection gained from full disk encryption? On a shared computer, high.

For a computer most will use the back of the keyboard :)

reminds me of this xkcd: https://xkcd.com/538/

The user doesn't need to enter a password if they are using a TPM.

If they stole the laptop, they also stole the TPM inside the laptop, so having the key stored there doesn't help.

True. I was thinking they'd be using their centralized accounts once they reach the OS logon screen, thus no post-it necessary, but maybe that's not the case.

1st time that laptop reaches out to the internet should be the last time, if security is worth it's own salt.

That assumes it can talk to IT's systems, and it's done before the computer is "inspected". For a corporate laptop, that can easily be unlikely.

I'm not talking about telling the laptop that it's access is revoked; I'm talking about just revoking it's access, so if it every tries to connect to the House's intranet, it would have no more permissions than any other laptop.

If IT wanted to wipe the drive, then they would need the laptop to phone home in some way.

That assumes files weren’t downloaded. Even if access is revoked, saved copies still are accessible.

>which might mean needing to revoke a bunch of passwords

That doesn't help much because many people use patterns to their passwords and use the same passwords elsewhere. Seeing the expired passwords of many important people would have a very high chance of having a few which would be of use in breaking into accounts even if they were already expired.

If it’s a shared machine for projecting notes, chances are it has nothing stored locally.

Optimistic thinking. Chances are it has many PDF and PowerPoint files scattered on it. And probably a shared user account where the files fill up a Windows desktop.

That is so...

... realistic

yeah, i bet it has every presentation ever done sitting in good ol' ~/Documents or the desktop.

Does anyone use /Documents? That's just a folder where Apps like Acrobat put garbage files.

I'm on Mac OSX and almost all my non-programming files are in /Downloads. Maybe some other HN-ers have a better folder management technique than mine (which basically is absent), I'm curious what that is.

Honestly I make pretty heavy use of /tmp. Almost all downloads go there, along with anything that I won't be using again after the next hour. Self-cleanup whenever I reboot (which is rare).

Anything of importance, I have broad directories under Documents, and then sub folders. Or sometimes I'll put them on my fileserver with similar directory structure. The Documents folder is backed up with Spideroak.

I have the opposite problem. I abhor things sitting in Downloads because I pretty frequently wipe out that folder to clear out the garbage.

But I struggle to follow a consistent structure, so it could be in Documents or Notes, or a random folder somewhere else because I ignored my hierarchy in a hurry.

Honestly, now if I need to make sure I keep something, I upload it to Google Drive. It sucks for privacy, but their search is good enough that I rarely need to use the hierarchy. The hierarchy is now mostly to group things I want to perform actions on together.

Of course. Everyone knows everything sits in /Downloads nowadays, whether it came from the Internet or not.

Well back in Win 98 I used "My documents" a lot ahah. Now on Windows 10 Documents/ is often automatically backed-up in Onedrive (it is for me) so I started using it for saving some documents that I want to back up in the cloud.

on my laptop that's the default when i do save-as. I see someone plugging in a jump drive, opening the presentation, and then doing a save-as to Documents so "it runs faster"

It's also filled with Zoom transcripts.

almost certainly on a server hosting roaming profiles.

And if not, then they should hire me and I'll set it up for them. :D

Pelosi is old enough for typewriters being new technology, I don't trust in her having the hand over it personally.

But after the number of big hacks in the last few years I'd hope the guys in charge of general security laid down some ground rules.

I wouldn't be surprised if Pelosi doesn't really use a computer much (at work), and to the extent that she does it is completely managed by her aides.

If I had to bet:

-- someone accidentally stored something

-- that thing is no big deal, perhaps technically a secret

-- people who get ahold of it and read it will make up conspiracy theories about it

People who make up their truths that can't be disproven already have all that they need. a missing laptop.

Honestly, those people didn’t even need that. They need nothing founded in reality to make up their conspiracy theories, which is why no argument from reality can weaken them.

One of the most intelligent programmers who has been in the game since the early 80s posted the he is refusing to ever vote again till he knows his vote isn't stolen.

They WON in 2016 House Senate and Presidential and claimed MILLIONS of votes were fraud and the commission setup by Republicans found nothing and went away.

2018 They kept the Senate and lost the house by a smaller number then anticipated

2020 Republicans WON seats though it was expected to lose seats. They "Kept the Senate" just had a run off in Georgia. November 2020 was a good night for Republicans minus President Trump who is a love him or hate him person. Republicans didn't vote for Trump and is why he is out.

One of the most intelligent programmers who has been in the game since the early 80s posted the he is refusing to ever vote again till he knows his vote isn't stolen.

At that point, if you have the laptop and are willing to admit it you can just make a conspiracy document and say you found it on it.

Same chances are it has every presentation done in the last 5 years copied to the desktop, in order to give presenters their USB sticks back.

Or everything from everybody.

We just don't know.






caterpillar french fry funny.bmp

and so on...

> caterpillar french fry funny.bmp

Literally laughed out loud, as my grandma had actually sent me that comic just a month ago. It's the quintessential Forward From Grandma.

Pretty sure that one's been floating around the Internet since the 90s at least, and likely existed way before then.


opening this doc opens a video of a guy singing about never giving up

That's why you jave to open deep-state-war-plans.doc:ze_real_plans

Damn alternative data streams.

Speaking of which, I always wondered why windows didn't make better use of those. Seems like it would cut down on the FS bloat.

These folks don't trust one another with information, so it seems unlikely that they'd pass around a laptop loaded with one anothers presentations.

These folks are also among the most tech-unsavvy people on Earth...

I don’t think it’s too much of a conspiracy theory to think that some foreign intelligence operative might have sensed a opportunity on Wednesday.

This would require them to be in the front line early. I think it's more likely that somebody was randomly there and saw the opportunity. If you look at the videos most seem to be surprised to be in some of low manner. If you have some operative in there you increase chaos by creating some small fire or something ...

Would they have had to be there early? Russian embassy isn't that far away and I think rioters were in there plenty long (wasn't it a couple hours?) for someone to walk over, pay 20 dollars for a trump flag, and walk in unnoticed. I wouldn't be surprised if our embassies and CIA outposts have people ready to take advantage of such situations in other countries.

You have to get through the crowd, and you have to be there before somebody else stole it and in time before police manages to lock down critical offices. Quite some effort.

Compare it to a random person suddenly standing in front of an unprotected laptop from those "bad politicians" ...

This laptop is probably used by staffers in their 20s and 30s. It's not like Nancy Pelosi is administrating IT security.

Uh... their staffers have been caught with their pants down on multiple occassions..



So yeah, pardon if I'm not full of confidence in the levels of discretion these guys exercise.

Except cookies for a whole bunch of websites. Maybe even saved passwords in the browser, etc.

There's a lot more value to a conference room PC than residual files.

It's a machine probably on the same LAN as a lot of the meeting attendees in the conference room, probably has Bluetooth radio as well, may have wifi radios, probably has access to a calendar of meetings and attendees (as a defined room resource). Depending on how the PC is used (a room system vs the ol' conference room PC) it may also a key logger would be valuable.

Reminds me of the scene in Firefly: "let me get this straight, you put multiple high-ranking intelligence officials in the same room as a psychic??" https://www.youtube.com/watch?v=AC9SF7TOyHQ

Or, we get some really good transparency regarding the affairs of elected officials, and the workings of Congress.

Wikileaks? It will be dismissed as Russian misinformation.

The presentation machines at my workplace (in addition to being desktops in a locked cabinet, because why would they leave the room?) just allow you to remote desktop back to your real workstation or to a VM. They have nothing locally.

I think that's a good solution to avoiding over-granting privileges.

I would absolutely hope that it behaves like a dumb terminal but honestly you never know.

Well I guess gov knows.

How can you lock up Windows like that?

there are a few ways to do it:

- (W10) Assigned Access - microsoft's solution to kiosk computers. You can make the app run on top of the lock screen, so users can use their one app without actually needing privileges on the computer.

- Software Restriction Policies - You can whitelist select applications or publishers and every other executable will fail to launch. requires enterprise licensing.

- Mandatory Profile - You log in to a temporary profile. All changes are lost when you log out.

- Deep Freeze - 3rd party variant of Mandatory Profile. Can be made to roll back the whole operating system to a given snapshot.

- Non-persistent VDI - You actually log in to a Virtual Machine. When you log out, that VM is deleted and recreated automatically.

Additionally, many antivirus solutions have some capability.

I'm guessing ours is software restriction policies + mandatory profile: I log in with my network credentials, but I don't get my usual desktop / home directory and the only apps installed on the system are Remote Desktop and Citrix Receiver. Since I don't have either physical access or a web browser I have no way to try to get new files/apps on it but I assume it would be locked down too.

You can lock up windows to where all a user can do is shut the computer down. Group policy, etc.

When our company used conference room PCs (instead of room systems) we had a program that would reboot them nightly to reload the known good image. I suppose some risk of file recovery was present, but this was also a half-way decent approach as long as the machine wasn't deeply compromised (bios level or something).

I don't know what the best practice for doing this would be but I would change the default shell from explorer to mstsc (the terminal services/remote desktop client) and disable task manager and internet explorer. I don't think that would perfectly lock it down, but it would do the job for ~90% of use cases.

Right, the goal is not to prevent a malicious user from running things, it's to make a usable environment for non-malicious users (via giving them Remote Desktop) so they don't feel the need to install anything that someone else could later attack.

Thin clients are the easiest way to handle it, all they can do is connect to a terminal server, no local storage.

roaming profiles is one common way.

I've seen it done badly a number of times, and I've seen it done correctly, and work really well.

bregma 16 days ago [flagged]

If you can separate children from their parents and lock them in cages you are probably ready to go one step further and lock up Windows too.

Please don't break the site guidelines like this, regardless of how right you are or feel you are. The idea is to not have every thread turn into the same flamewar.


If it was a shared machine in a conference room, wouldn't it already physically be accessible to e.g. cleaning and other staff?

Cleaning and other staff for secure locations still get background checks, training, etc. extremely different situation than people off the street.

That all may be true, but what are the odds they didn't enable some kind of remote wipe on there?

Remote wipe only works if you can communicate with the device. If it’s in some backwoods Appalachia klan den I’d imagine there isn’t good connectivity.

"no big deal"

A stolen laptop is usually not considered "no big deal" basically everywhere I worked.

Really? Every place I have worked with more than about 50 employees has used full drive encryption, so a laptop being stolen is not an infosec risk at all.

FDE only works if the machine is powered off. If a machine is stolen while it is still running there's a risk the user account could be compromised. Depending how sophisticated your adversary is they could potentially completely compromise the machine and extract all of the data. When you have physical access and no time pressure the options are vast.

FDE could be made to protect the data when the machine is out of range of its secure home network too.

Leaving it on, the machine would detect loss of home network fairly quickly and lock itself.

The FDE key would depend on a key server on the home network, so it could not be rebooted and unlocked just with the physical on-board devices.

If some parts of the FDE were handled on the storage itself and required a periodic end-to-end refresh with the home network key server, then even freezing main RAM (literally) to extract keys later would not work.

More generally, the FDE key could be split over a number of components on the machine, all of them requiring end-to-end periodic refresh from the home network key server, making it extremely difficult to freeze all on-board devices effectively enough to extract the whole key and decrypt the storage contents. Add RAM encryption to complete the job.

> Depending how sophisticated your adversary is

The videos I saw don't inspire much dread, there, but they may give the laptop to someone that can do digital forensics. Lots of LEOs in that lot. They would be smart enough to stay out of the building, but might have been waiting for someone to come out with something like that.

But, as someone pointed out, a lot of the folks wouldn't bother trying to read anything. They'd probably try to plant their own fantasies onto it, and send it to Rudy The Hair Dye Man.

Are you sure?

Most of the rioters seem like herpa-derpers, but some came there on a mission, like this guy: https://www.thesun.co.uk/news/13690389/us-capitol-rioters-zi...

(those are not regular zipties, but the "taking hostages" kind)

On another note, the same publication (a redtop, so the language is rather "pithy") has this story[0], in which the "Fine People on All Sides" smeared feces around the place.

They have a photo of a guy on his hands and knees, cleaning the place. He's a congressman.[1]

[0] https://www.the-sun.com/news/2105149/trump-supporters-smeare...

[1] https://www.cnn.com/2021/01/08/us/congressman-capitol-trash-...

I also notice he’s masked. That was unusual for that lot.

There were definitely some folks there with mayhem in mind.

Yes it would be really interesting to find out who those guys were, were they Proud Boys, Antifa, foreign agents, undercover domestic agents, etc?

There have been several arrests already. Thus far it seems to be right wing extremists.

For example, the lady who was shot trying to enter the VP bunker has a social media profile with extensive Qanon related postings.

Another was a Republican member of the House of Representatives. He was caught because he livestreamed himself breaking the law, as all genius criminals do.

The story about Antifa being in the riots was made up out of whole cloth by the Washington Times. The company they cited put out a press release saying that they had done no such thing and the whole story was a fabrication.

They'll probably give it to that computer repair guy in Deleware so he can pull off all of the emails from March of 2021 and somehow lose them in the mail when he tries to send them to Fox News.

Time to update your internet boogeymen memes. Fox News and Trump are enemies. He's into Newsmax now.

I was making an allusion to the actual Hunter Biden laptop story.


Who is to say that a few opportunistic spies weren't in that push looking for anything of interest? Historically, this has been the case during these sorts of events. When the Stasi HQ was overwhelmed by protestors, Western intelligence agents were the first in the building securing lots of information.

Really? When I worked at one of the Big Four a stolen/lost laptop was DefCon 4, despite all of the security precautions. We were actually required to notify a partner in the firm before contacting law enforcement.

me too, i have a special "corporate 911" card that i've been informed during onboarding is the "real" 911. No matter the emergency, lost/stolen passports, lost/stolen corp computer, place crash, car crash, anywhere in the world the company does business, i've been told to call it first before doing anythign else.

Of all the cyberpunk trappings, a Trauma Team card was not what I expected to exist in real life.

I"ve used the number, they'll bail you out of anything.

Not to detract from the point you're trying to make with meaningless pedantry, but minimum DEFCON is 5, current is 4, we spend most of our time swapping between the two. I assume what you mean is 2.

Thanks for the correction. I just used the DefCon as a catchphrase.

Uh.. I think it's standard security policy in most enterprises to discuss matters internally before getting law enforcement involved. That's just prudent. If I walked into a company where the policy was "let IT staff talk to LE first, then notify chief counsel" I'd change that on day 1.

Full disk encryption is only as good as the TPM and I’d imagine that nation states have plenty of exploits they could use to bypass them.

Not to mention cold boot attacks if the laptop was still running.

And this is the one situation where the 'nationstate adversary' is pretty much the expected thing and not the exception.

If they have the laptop, they also have the TPM. It doesn't prevent decryption if you have the TPM.

Yeah, me too. If they don't have this in 2021 their IT staff should be fired.

The link appears to be some sort of live news feed and right now unrelated stuff about covid, articles of impeachment, and Trump's power to launch nukes is dominating the page, you really have to scroll to get to the laptop story

I think this is the direct link: https://www.theguardian.com/us-news/live/2021/jan/08/donald-...

The "story" is also really just a link to this tweet: https://twitter.com/Drew_Hammill/status/1347598063620206592?...

Thanks. I did post the direct link but it seems to have been truncated

Here is the actual source of information which should be the link: https://www.reuters.com/article/us-usa-election-cyber/laptop...

edit: it's confusing as to what the actual, documented source other than "he said she said" is after looking at all three

edit edit: a previous HN submission which didn't gain comment traction pointed at Reuters: https://news.ycombinator.com/item?id=25688418

Myself, I would be more worried about any keyloggers, or wifi/cell interception, "man-in-the-middle" devices being left behind...

While not congress, so I can't say for sure, I have been around government and other enterprise systems. Some measures they had in place:

- Disabled USB Ports (except whitelisted peripherals)

- User accounts don't have permission to install anything at all

- If you plug a deceive with a different mac address than expected into an ethernet port the port locks down until a sysadmin verifies it and manually unlocks it

- Remote imaging of systems, including remote system verification

- No wifi on actual network

While its all a pain in the ass to deal with. Hopefully at least some of that is in place and reduces the likelihood of many of those issues.

> If you plug a deceive with a different mac address than expected into an ethernet port the port locks down until a sysadmin verifies it and manually unlocks it

Reckon they'd immediately block this laptop's MAC address after it gets reported stolen? If not, that's reason enough to steal it - clone the MAC address and plug in your own device which is now whitelisted. Of course this isn't enough on its own and you likely need some compromised credentials too.

Probably would remove it as soon as its reported yes. Even if they didn't you would still have to take the device back in the building to that same exact port to connect.

Probably (let's hope - but, if I have seen anything in the last 4-years, it has been a constant, non-stop erosion of competency in the US government) - and, most likely the insurgents just didn't plan anything "long-term" or tricky.

Question though... Don't hardware-based keyloggers present as a "keyboard", and isn't that a generic device which would probably be whitelisted?

Definitely possible, nothing is perfect. Just Lots of things that make it harder, but not impossible, to do bad stuff. Some places still use PS/2 devices for those peripherals as well, though that's much less common these days.

Was curious, looks like there are a lot of pass through USB keyloggers that probably show up like the original whitelisted device. So definitely a risk there. I know I would want every single device there manually looked over, but I don't know how long that would take with a likely pretty limited staff.

I'm afraid that simply discarding all these devices and replacing them with new devices instead of inspection will be not just safer, but also cheaper.

At my old job, even if you plugged a generic keyboard that you'd already been using with the computer into the wrong USB port it wouldn't work. I believe you can set this stuff all up to be looking for very specific pieces of hardware on specific USB ports.

I know someone who had their government laptop taken from them (then they came back with it), when going through customs of another country. The first thing their bosses told them was do not turn it on. The laptop had very sophisticated encryption and I would assume they just straight out destroyed it. They got an exact replacement.

If this is how Uncle Sam reacts to one of his laptops being "borrowed" at foreign customs, why does he expect civilians to simply accept the situation when their laptops are "borrowed" at US customs?

Close enough (was UK). Very similar protocol in both countries.

Regarding your point, it is also done to a smaller degree here too. I agree, is not good or good example.

did you see the photos of the rioters? Do you really believe they are that tech-savy?

One or two hiding in the crowd could be enough. I wouldn’t be surprised if there was at least one spy from some adversarial nation.

From a security perspective, I think they will need to assume everything is potentially compromised and go from there. Remote wipe, scan for microphones and cameras, etc.

The idea here is some foreign actor agent (that could be a U.S. citizen by the way) could have participated in storming/ breaking and entering the capitol.

Looks can be deceiving.

It happened in Russia, when KGB agents got access to the US embassy as firemen during an actual fire


It happened in east germany when western intellegence agents were the some of the first to enter the Stasi hq

Do you often judge people by their appearances ?

I saw highly compensated business owners, lawyers, and IT professionals in the mob.

Probably not, they planned all of this on open sites/forums/social-media platforms, so they are not the smartest people...

How was every person leaving the building not searched by police as a condition of exit?

The kettling and taking of details of (even peaceful) protesters in the UK is pretty standard now (I don't like it, but it is what seems to happen) - so why did they just let these people leave unchecked?

Presumably the same reason police moved barricades, waved them in, and took selfies with them.

I’m sorry but if you’re a couple of police officers in a room full of literal terrorists, of course you’re going to try to be as restrained and friendly as possible. You’re horribly outnumbered.

They would be murdered if they tried to take on the crowd. They needed to wait for reinforcements to arrive, and meanwhile do their best to keep the crowd from going fully insane.

They managed the situation with very few people getting hurt, and protected the politicians. Which is pretty good considering how few police there were.

The main issue is why were there so few police there to begin with, so this could’ve been prevented in the first place.

They had no problem tear gassing protesters this summer even though they were outnumbered.

I agree, that was an insane thing to do for those protests. It still bothers me.

But I think we should all be in favor of the police response being more restrained and minimizing force, like we saw this week. We should be advocating for more of this in general.

I am in favor for the police having a more intelligent response and careful use of force. But I think it is significantly more important that they are consistent; playing favorites seriously undermines their credibility and by extension the safety of all of us.

I am also in favor of protecting our legislative process with absurd levels of security when there is a known risk and tensions are so high. The police really screwed this up royally. I would like to know why. And not conspiracy theories, but actual root cause.

A big source of confusion was authority.

While the Congressmen were hiding in the bunker for an hour, they sent out many phone calls pleading for help.

* Pentagon / DoD didn't want to get involved.

* Maryland's Governor didn't want to get involved without DoD approval.

* Eventually, they got to Mike Pence who authorized the DoD to help out. Once the DoD deployed the National Guard, Maryland / Virginia was willing to help out too.

* The Mayor didn't have power to deploy the Guard. Only the President had that power.

The uh, selfie thing though..

So pictures were taken in selfiedefence?

A "tactical retreat" has always been a thing, but 2021 brought us the new concept of a "tactical selfie".

God help us all.

If they are terrorists, would you support police opening live fire on them. Just curious. Seems like all the SJW are now advocating for a Tiananmen square massacre of unarmed protesters, just because the TV told them who to hate.

As soon as they crossed the outer barricades, I support the use of tear gas, pepper spray, and rubber bullets, just like the police would use on leftist protesters. Inside the building, when they are about to breach the chambers of congress -and- there are legislators inside, I support the use of deadly force. When they attack democracy, they are attacking all of us. And I don't care what their ideology is.

If the building is empty, then I think deadly force is unwarranted.

I don't recall the Tiananmen Square student protestors storming the National People's Congress.

Also, these insurrectionists were armed with bombs and had planned on taking hostages as pictures show.

Lol no of course not. They tried to use force to terrorize the US government, so they could get their way. But they should be stopped with the minimum necessary force to prevent harm to others.

So I think the individual police officers (mostly) acted appropriately for the situation. The police organization’s planning was beyond negligent though.

You make a good point about some people’s response — the insanity caused by polarization clearly goes both ways, if there’s people saying everyone should’ve been shot. I’m kind of surprised more people weren’t shot though tbh. I always thought there were snipers and armed guards ready 24/7 around that whole area

"if they are terrorists"

Absolutely. Moreover, why are the Capitol Police Chiefs singled out? Could they have asked for, say, the National Guard? Were they supposed to go to the leaders of Congress the days before the certification to make it happen? I was always of the idea that federal authorities would be tasked with such planning, enrolling (among others) the Capitol Police.

> Could they have asked for, say, the National Guard?

They declined the help, and that of the FBI


With all the context the police got and repeatedly turning down help, at this point I think the extra support should be mandatory. He ordered guards for other protests but not this? We can’t let the system protecting our government rely on one person’s decision like that. It’s so abhorrent it makes me paranoid thinking he was a part of it

Oh, that's... puzzling, then. Thanks for the source.

Reportedly the Capitol Police turned down offers for help both before and during the event. Best source I could find: https://nypost.com/2021/01/07/capitol-police-nixed-fbi-natio...

EDIT: The other comment has a better source

Capitol Police got 2 200 officers.

Clearly the police were outnumbered to a degree that they couldn't prevent them from getting inside in the first place, so why would they have sufficient forces to search these individuals on exit?

Because hundreds of additional police officers and members of the national guard arrived in order to secure the building?

They were clearly outnumbered, so we're supposed to believe they were not "afraid for their safety" from an angry mob, but yet they can use that defense when a single indvidual that happens to be not-white confronts them? Please

Didn't fit the perp profile police expect (race)

Are you suggesting that the profile for hackers isn't "white male"? Or are you just trying to ham-fist "cops are racist" into the convo?

you missed the part where the cops let them in and took selfies

It was also pretty standard for the Black Lives Matter protests in DC earlier this year.

Realistically, it was a chaotic situation. I can only imagine it would be easy to slip into the crowd during the pandemonium.

> How was every person leaving the building not searched by police as a condition of exit?

The same reason they weren't searched on the way in. It was a security failure.

They'd have needed two perimeters: inner, keeping the mob out of buildings, plus outer, to enforce search.

Way beyond their organizational readiness at the time.

It was apparently stolen from a conference room and used only for presentations. Still a bad look for Capitol Police and physical security operations.

I can't even count the number of times I have seen privileged information dropped onto a "presentation" laptop during a meeting. I hope they are better at controlling that than most.

Yep, plus the configuration of the laptop could possibly be of value. Depending on how it's setup, you could see the AD domain name, naming pattern of usernames and domain computers, setup and names of network drives, group policy settings, etc. Nothing too crazy on its own but could help facilitate a larger breach. Having a portable computer that's already configured to connect to the network you want to breach is possibly pretty useful.

Let's hope the drive is encrypted and that it has a half decent boot password on it.

Snowden's leaks were largely NSA presentation materials. Not implying that Pelosi had TSCI/noforn materials but just saying, being used as presentation doesn't mean much. Especially if it's connected to internal networks.

Clearly a big deal and congressional IT staff are going to have a crazy few weeks ahead of them. However, my understanding is that any classified information would have to be in a SCIF. I assume that would be the case with congresspeople as well. I've also heard that the congressional paging system locks devices when an emergency is announced, but haven't seen that corroborated anywhere. Anyone know if that's true?

There are lots of different levels of classification. Not all interaction with all classified information needs to happen in a SCIF.

Plus, classification is reserved for government documents, right? If someone's goal was to specifically expose "DNC secrets," a la Watergate, the most damaging information would likely not be "classified" in the formal sense of the word.

The other issues is what "Thing" was left behind in the Capitol.


Imagine something like 'The Thing' but with ~75 years of technological advancement.

The Capitol is going to need to be cleaned for such devices and equipment for a long time before it can be considered secure again.

On the flip side, any devices that may be found are likely to be close to the latest models, and like with project SATYR, the US may have a potential goldmine of new tech in the coming years.

EDIT: Combined with the recent hacking of the US, the synergy of having physical access creates a load of headaches and nightmares. If I were in the federal information security space I would be very interested in visa and flight logs in and out of the US right now.

Only DoD Top Secret data must be stored in a SCIF.

Counter evidence: the protesters were saying that they saw computers unlocked with email still open.

Uhh yeah, probably because the congresspeople were evacuated in a hurry because there was an angry mob storming their building?

I was providing counter evidence to:

> I've also heard that the congressional paging system locks devices when an emergency is announced

If computers locked automatically when an emergency is announced, it doesn't matter if the staffers evacuated quickly.

It takes less than one second to press Windows+L. Certainly they could have accomplished that as they got up from their seats.

I mean, sure, they had time. But clarity of mind during an evacuation is something I imagine is _hard_ for most people. Definitely would be for me.

At least where I work, we're required to configure computers to lock after 10 minutes of inactivity.

Sadly 10 minutes probably not enough time in this case if they had that security feature on.

Unless the user decides to leave Windows Media Player playing in the background in a loop to circumvent the lock.

What is a "SCIF"?

Sensitive Compartmented Information Facility https://en.wikipedia.org/wiki/Sensitive_Compartmented_Inform...

Special room for classified stuff. Even once you're inside the classified room (usually windowless and behind a locked keypad) a lot of stuff is also behind locked filing cabinets.

Beyond the information security risk around the loss of this specific device, what really worries me is the physical security implications here. I'm certainly no expert on the subject, but it seems to me like, in a building like the US Capitol, it should not be anywhere near this easy for unauthorized people to waltz into an office or conference room in the first place. Let alone walk away with items from within that room.

I've traveled to countries before whose offices of government are behind very large fences, protected by unfriendly looking men standing behind heavy machine guns in armored vehicles – and the guide books are very clear that you are not to take photos of them.

I much prefer the approach taken in the USA, where our offices of government are accessible to the people that the government serves. It's very good that I can protest out front without worrying about that unfriendly man with his finger by the trigger to the Browning M2.

Seems like it ought to be possible to have both, to some degree. I don't want the capitol to be a fortress, but they need to prevent stuff like this. I mean... the US spends massive amounts of money on the police and military.

I think it should be kind of like a non-Newtonian fluid. Walk in slowly and peacefully and it's ok. Try and punch it, it solidifies quickly.

American history[1] shows this probably isn't a requirement - beyond a foreign military attacking, which is clearly out of scope of policing, the other attacks were acts carried out by isolated people. "Storming the gates" hasn't happened before now.

I suspect the main reason that this hasn't happened before is that very large protests/gatherings are often met with a large show of police force to ensure the protestors know this isn't an option. Why that didn't happen today will be interesting to investigate. We all probably have a theory, but what comes out of the inevitable hearings on this will be interesting to see.

[1]: https://www.cnn.com/2021/01/07/us/us-capitol-violence-histor...

They’re often not met with a show of police force. Here’s a picture of the Million Man March in the 1990s: https://images.app.goo.gl/WSvMYDK4asyav5HX7

There are hundreds of thousands of people behind the camera, going all the way to the Lincoln Memorial. You can see some security milling around, but no large show of police force.

The Million Man March's attendance didn't include people with an established history of bringing weapons and wearing body armor at ostensibly peaceful demonstrations.

That couldn't be further from the truth. A large group of Black Panthers armed with assault weapons stormed the CA capitol in 1967 as part of a protest.


That was almost 3 decades before the Million Man March, and a completely different organization.

The Fruit of Islam weren’t there?

The Bonus Army protests weren't entirely without conflict.

I think the reality is that we could have prevented it. We just chose not to murder half the crowd. Preventing it without using lethal force requires a much larger force than you want to keep on hand.

I actually really like this analogy. I'm curious if there's there's a term for that kind of playbook for folks who are more familiar with building security.

The only analogue that comes to mind is in financial fraud detection: moving money slowly or in a predictable pattern (monthly rent payments etc.) triggers no alarms, but large or unexpected transfers raise alarms.

I remember when I left my last job that my manager cautioned me against making any large file transfers since it would trigger IT alarms about employees trying to steal the company's IP.

Clearly, he didn't think I was a threat, or if I was, that I would have been smart enough to do it long ago, and slowly :-)

If the people really want to overthrow the government, some jacked up defenses around capitol buildings won't stop anything imho, it just means the resistance will bring heavier weapons to match.

Occupying buildings is, honestly, pretty silly if your goal is to overthrow the government.

A few years(?) ago, Mitch McConnell's dinner at a restaurant was interrupted by protestors yelling at him. And that was after what happened to Gabby Giffords.

Targets with higher ROI are available to people willing to take, ahem, kinetic actions.

There are, for instance, buildings with large areas that are open to the public and other areas which hold large amounts of money that are very important to protect.

> I don't want the capitol to be a fortress, but they need to prevent stuff like this.

And they would have, had the Trump Administration not denied the D.C Mayor's request the day before for the D.C. National Guard to be deployed.

The Administration also delayed approval of requests by Virginia and Maryland to send Guard units to the Capitol in response to urgent calls for aid from Congressional leaders when it became clear the MPD and Capitol Police were overwhelmed.

Of course, it's a problem when the person inciting the insurrection has authority over important components of the security against it.

Do you have a source for this? I read that it was actually the other way around:

> A new report Thursday revealed that Sund turned down an offer from the FBI and the National Guard to help cops in the event of unrest.


They (the people inciting it) were literally dancing and having a party and watching the start of the chaos on livestream while it went down: https://www.youtube.com/watch?v=mZQDgBSSYjI

> I think it should be kind of like a non-Newtonian fluid. Walk in slowly and peacefully and it's ok. Try and punch it, it solidifies quickly.

I love that so much.

As a huge democrat (lower case d) I totally agree. Locking down the Capitol is antithetical to the notion of open democracy. Lawmakers and the law making process needs to be physically accessible by the People. This was what the Founders intended. Of course there is some risk here and Jefferson himself noted this.

That’s the price we pay for living in an open and transparent society. While I don’t condone or support what happened this week, the building belongs to the People and not the government and the People have every right to enter the building and demand accountability.

The way the US Capitol is right now feels very police-state to me compared to how it used to be. I have memories of running around the Capitol building with my Cub Scout pack including ending up in private areas. There were no assault weapons and we weren’t met with police. We were politely shooed away.

Today you cannot walk up the steps of the Capitol building. It’s fenced off and manned by armed guard. Last time I was there I stepped aside to let some people pass in a crowded area and crossed some arbitrary unmarked do not cross line but about 12 inches. I was physically grabbed by Police.

To quote Donald Rumsfeld “freedom is untidy.”

> the People have every right to enter the building and demand accountability.

the "People" can't just do whatever they want just because they feel like it. Can they go and bang hammers on nuclear warheads because the warheads "belong to the People"? Storm the doors of JPL and play horsey on the Mars Rovers?

When some subset of the "People" attempt to overthrow the duly elected government of the other 99% of the People, they are traitors, and should be erased from society.

The security risk is also less of a problem in a mostly rational society, which is what we have had for a long time. You'll get lone wolves, but finding a group of people so angry with a politician they're willing to conspire to kill them? Very, very rare. Violence is a last resort for people who feel totally powerless. So, in a dark way, easy access keeps politicians from pissing off their constituents too much.

Which is why the stream of "fraudulent election" lies is so dangerous. A person in a position that confers trust is telling people the government is openly defying them. For people who believe that, violence is the only logical way to affect politics.

Compare a similar issue with schools; in the 80s, teenagers left their guns in their cars while they went to class. Now, schools are basically a rights-free zone.

Totally agree, great point! The fear mongering is only useful for states to impose more draconian rules. Its likely if there are further lockdowns, and more livelihoods are destroyed during the Biden admin, more people will be revolting. We don't want to give them the moral authority to Tiananmen square unarmed protesters, just because they fear their own people

I think that's nonsense. Access to a lawmaker or representative in a village may work like that. When you represent a state of 20 million, access means making an appointment and going through security clearance. There is a voting mechanism, a free press and various other mechanisms to back me up if I am consistently deterred from speaking to my public representative. But I'm in no way expecting to just walk in there, unannounced, without security clearance, at any time of the day, to demand attention.

Might as well argue that you should be able to just walk into the white house and speak to the top public representative.

I also walked into my congressperson’s office when I was on a field trip as kid. The security was similar to going to the airport.

> Might as well argue that you should be able to just walk into the white house and speak to the top public representative.

Entirely different situation. The reason that people need to talk with the legislature is because those are the people’s representatives.

> Entirely different situation. The reason that people need to talk with the legislature is because those are the people’s representatives.

Totally different, were it not for the fact the president is also the Chief of State: The chief public representative of a country.

Besides, even if this wasn't the case, humor me and suppose it was (which it actually is), would you then conclude that the president should simply be accessible at will by 300 million Americans? It makes absolutely no sense.

Just because something is publicly accessible doesn't mean you throw all reason out the window. Plenty of national parks are simultaneously open to everyone, as well as require registration and some basic ground rules to entrance. Similarly, it's entirely uncontroversial to argue that accessing the capitol is freely available to all, but there will be some minimum security checks, and some areas (e.g. private offices or places holding confidential data) are off-limits. Virtually all democracies have no problem separating visitor's areas from private working offices, and implementing appropriate controls in both.

The notion that the speaker of the house's laptop could be casually stolen by people without heavy equipment walking in is a joke, pure and simple. Claiming it has something to do with the fact she's a representative thereby implying her laptop should just be freely accessible instead of secured by some basic measures, as some (not you) have done in this thread, makes no sense if you ask me.

> Totally different, were it not for the fact the president is also the Chief of State: The chief public representative of a country.

It’s kind of a stretch to frame it that way. The president quite literally represents the states, not the people. The US does not require that states assign electors by popular vote, states have chosen to do that. And in the past, they have chosen to do it other ways. Before the civil war, there were states that selected electors without conducting a popular vote.

The way the US government is architected, the legislature is the extent of federal representative government.

6 of the 13 original states held a popular vote for president Washington.

But to respond to the bulk of your statement: it was like airport security back when I was a kid, and I don’t see any reason why that wouldn’t also be appropriate on any other typical (i.e. not a special event) day. Angry mobs should never make it to the building in the first place. Crowd control happens outside of the building.

I think you’ve mischaracterized the discussion.

Where did anyone say any of the things you are claiming?

The statement was simply that the People have a right to entry into the building and physical access to lawmakers and the law making process. Further, the statement is that access is a foundational principle to the US implementation of liberal democracy since our Nation’s founding. It’s so foundational that it’s also quite literally built into the building as there are galleries for public viewing of Senate and House proceedings.

It is also an ideal that we strive for like equality and justice. We recognize our union as imperfect yet these ideals are what drive us as a Nation.

Your comment I feel confuses implementation with the discussion of ideals. The implementation should follow the ideals as guiding principles with access being the default.

Lastly, historically the building and lawmakers were much more accessible. This was during my lifetime. We had lots of people then too.

No, now you're mischaracterising me. All this while I've spoken about implementation, I've never claimed that the public should not have access to representatives. I've claimed that it must be implemented according to the conditions necessary to ensure it is orderly and secure.

Indeed, access is the default. And in a village with a handful of visits and no armed psychopats plotting to kill your local representative, that default is all you need and may proceed as such.

But as you'll agree, the chief public representative (the president) lives in a different reality. Public unfettered access is a threat to his life. And while the public should have a form of access regardless, practically a 300 million to 1 communication relationship doesn't work, so you must implement it accordingly, differently. That's why most presidents had a habit of spending an hour a day reading letters from citizens, hosting debates, participating in public forums, holding press conferences, inviting people to the white house to discuss, speaking to various organisations representing people's causes etc. But walking into his office at 4PM to speak to the president? That's a joke. I'm fully aware that in a democracy a public servant works for the public, no need to discuss the ideal. I'm discussing the practical implementation, which is why I started with the village vs capitol example, which sees different outcomes on the basis of the same principles, which is exactly because the ideals are the same but the implementation cannot be. Similarly, you would organize access to certain parts of the capitol in a secure manner, e.g. those parts of the capitol holding a laptop of the speaker of the house.

In a post 9/11 world you cannot just say the capitol belongs to the people and access should be free (again, obviously talking about practice, not ideals, here), without concluding in the same breath that it should be freely accessible to any terrorist as well. And it's just an example. This week it were people thinking they were sent by Q or incited by Trump to de-facto participate in a coup (i.e. storming the capitol to prevent an elected official from being confirmed, while spreading propagandistic lies that the election was stolen, a direct attack on the democracy if you ask me). Next week it might be a psychopath thinking he is doing god's work. And yes, times have changed, if you're also interested in discussing how airport security used to be different back in the day, be my guest, I don't see the point.

Plenty of countries have well-functioning (and by many subjective and objective measures, better functioning) democracies, with high-level access to public representatives, while taking proper security and practicality measures.

> It’s so foundational that it’s also quite literally built into the building as there are galleries for public viewing of Senate and House proceedings.

You say some of these things as if access to public viewing of proceedings isn't the norm in countless democracies worldwide. But if I go to a viewing, I go through this: https://news.ycombinator.com/item?id=25690107

Not because I don't have access, but precisely because I do, as does everyone else, and that creates risks, which can be mitigated without reducing access. A basic measure which would've prevented the debacle at the Capitol altogether.

Edit: whooshed by his royal cleverness.

I direct you to the definition of tongue in cheek:


You don't need to fence the whole area off. Just a few reinforced doors at strategic places would have stopped anyone without heavy equipment. Also they would have been a place for the police to stand their ground.

Just all stairs going upwards should be easy to defend if the police stands their ground. Add a few police dogs and the officers wouldn't even have to engage themselves.

There was a smaller crowd trying to enter the German parliament just a few weeks ago, politically pretty close to the rioters of Washington. A whole three policemen were able to stop them by just consequently standing their ground, not armend beyond batons: https://www.youtube.com/watch?v=Pc-56opg-Xg

I agree with the more open approach, but shouldn't her office have a simple keycard or combo lock on the door? Even Starbucks toilets have better security.

From the pictures I saw, she was still logged in and had the evacuation message onscreen. I'm guessing she didn't have 'require login after screensaver' option enabled. If the account is still logged in, this is a massive breach!

> I agree with the more open approach, but shouldn't her office have a simple keycard or combo lock on the door?

Congressional offices are frequent meeting spaces with people who do not work there. Their job, after all, is to represent the public. Locking the public out of their offices is kind of antithetical to the job description.

it was somebody else's account. Also, see @foone's thread here:


tl;dr: the government has appropriate computer security in place to prevent this sort of thing, and it's not clear what the deal was with that particular computer.

Yeah it’s definitiv a different desk than the ohne in the picture with the guy who broke into pelosis office.

how hard is <window key> + L to lock your screen?

When you hear the mob screaming outside, glass breaking, and are likely being told to evacuate by messages on your computer and security outside? I wouldn't bet that I'd remember. Not locking your screen is as expected as it is forgivable under the circumstances.

They should beef up security. And keep it open. And not so obvious.

The simple fact of the matter is that a violent riot stormed the capitol building and nearly overwhelmed local forces. Congress asked for extra help and it wasn't provided. Governors asked if they could send in the guard to help and the man whom stoked the riot gave no permission.

It's a fucking miracle that January 6th wasn't one of the worst days in the history of the US.

Um, the police waved them through. It was in cooperation with Capitol police. No 'overwhelming' necessary. Which is worrisome in a whole nother way. https://twitter.com/bumbera_steven/status/134727096998817382... <edit> video

8 second videos don't tell much of a story. That is them falling back because they didn't have enough people to hold the perimeter.

Here is a longer video of them at one of the entrances of the building: https://youtu.be/cJOgGsC0G9U?t=140

My mistake. It was a chaotic, violent situation. I shouldn't make snap judgements from cherry-picked shots. Sorry.

One gotta love a reply like that these days. Thank you, Thank you, Thank you for being an awesome human being.

You've seen different footage than I have, then.

Look at the videos, no waving through going on, quite the opposite. One woman was shot by police and died.

They should have appropriate security when large events are going on outside. But I sure hope we do not see barricades between representatives and their constituents on a normal day. Democracies rely on trust in both directions.

This is a false dichotomy, though. There is an enormous gamut of security steps in between turning the capitol into a fortress, and locking the door to your office when you're not there.

Not trying to nitpick but they were specifically told to keep the doors unlocked, by security.

> I much prefer the approach taken in the USA, where our offices of government are accessible to the people that the government serves. It's very good that I can protest out front without worrying about that unfriendly man with his finger by the trigger to the Browning M2.

And yet your government offices abroad (embassies) are the most fortified I've ever seen.

I've been to several countries' embassies and the US one was like entering a secret nuclear bunker. There was airport-style security, and everyone I talked to was behind a massive sheet of bullet-proof glass; never mind the gates and moat around the building. This was in a small, US-friendly and highly developed country.

Then there's the excessive amount of security around any US governmental visit to a foreign country.

So I think it comes to a surprise to many outside the US that one of your main government buildings has less security than a museum even when all the most important politicians are inside.

But yes I agree, I think government buildings should be 'friendly'.

Most days that’s fair. This week however, they should’ve had the unfriendly man with the M2. This was a predictable problem to literally everyone but the people in charge of protecting the capital.

According to some reports, the problem was in fact predicted, and that's why the National Guard chose not to prepare for forceful confrontation. Not wanting photos of armed uniformed soldiers in state buildings or some such.

The same was true for BLM protests. So, why the different treatment? Racism is a popular explanation, but is it a true explanation?

I think more core to the issue is status quo bias. Cops are much more likely to agree or strongly agree to questions like “the current US system is fair and just” and similar pro-status quo ideas. Typically speaking left wing protestors are agitating to change the system, especially policing, which is why cops do not respond as well. Is it any surprise that cops respond worse to those protesting against the police, no matter the slogan, than they do against the “blue lives matter” crowd?

Oh, and cop organizations are run through with neo-nazis and white supremacists who have made a concerted effort to make inroads with police departments and military members.

What? This most recent was literally an attempt to take over the Capitol building, presumably to delay one step in the formal recognition of the next President, and perhaps worse.

there's more than a little suggestion that this was the intended outcome for the people protecting the capitol.

By whom?

This makes it sound like the people in charge of protecting the capital did not know that this was a legitimate threat. From the articles I've read, they did in fact help that it was a legitimate threat, which raises the question: why did they do nothing about it?

The only reasonable conclusion I can think of is that the security team had no worry that politicians would be in any danger (e.g. easy, isolated, fast escape routes) and that it would be hard to rationalize to bring out the troops/big security forces with a threat of violence for a group of people that was supported by the current president and a significant fraction of congress and the senate. The whole situation feels very strange and it feels like I'm missing some key facts.

I think there are many plausible (but not necessarily "reasonable") alternative explanations.

As far as I can tell, this event seems to have had an extremely persuasive effect on the psyche and opinions of the average person. Who might benefit from this change in the mental state of the population, and in what ways?

Most people seem to find the very idea of thinking such thoughts to be extremely unpleasant, if not downright inappropriate. But to me, this is simple risk management. The lack of this sort of thinking in society seems downright dangerous to me.

I sometimes wonder what the origin of such norms is - is it organic (a common characteristic derived from evolution), or might it be synthetic?

What? Who?

Hahah, I love the feigned confusion technique.

I truly am struggling to extract any coherent meaning from that comment. Democrats, controlling just the House – when Repulicans are running the federal gov't with the Senate and the presidency – have instituted this event? Some big capitalists maybe? Putin? The Jews?

The Democrat/Republican duopoly is mutually beneficial to both party. Grassroots populist candidates (Perot, Trump, Sanders) are a pain in the ass for both of them, as would future ones be.

Wouldn't it be convenient if a massive spectacle was to occur, whereby the US public could see in 4K HDR the danger that populist political candidates introduce to the system, how it "threatens our most sacred institution: Democracy.

And as luck would have it, along comes a massive throng of obviously angry and delusional Trump supporters, with well advertised (and well known to authorities) plans to descend on the US Capitol, to "rescue Democracy", or some such nonsense.

So, what do you do in a situation where you have hordes of angry (and possibly armed) political extremists heading towards a politically strategic location, on a particularly important day (in your democracy)?

Do you:

a) Beef up security

b) Not beef up security

It seems like option (b) was chosen. Depending on what variable one is optimizing for, this was a terrible choice, or an excellent one.

US embassies just about everywhere are like that. The one in Budapest has two inch thick metal bar gates and guards armed with machine guns. Lesson learned from the embassy hostage crisis in Iran.

Anyway, an angry mob of wacko rioters shouldn't violently force their way into the legislative's building. They should respect the outcome of the democratic vote and vote again in four years. Maybe if this was Iran I would say okay, people are fed up with the ayatollah and the revolutionary guards, but this is the US and the poor buggers are being manipulated, shot tear gas at and four of them got killed. For what? Absolutely nothing. The unfortunate officer died doing his job. This is very sad and scary, it looks like civil war brewing. A really bad thing to happen to a nation armed with nukes. Please do not let it happen, it is within your power to distance yourselves from these people and just say no to violence and vandalism.

> protected by unfriendly looking men standing behind heavy machine guns

Just a few months ago that is exactly what the steps of the US Capitol looked like [1].

Even when disabled people try to protest there they are removed by force [2]

They have no trouble keeping people out they really don't want inside, it seems.

But when people show up wearing body armour and carrying weapons, for some reason they are not stopped.

[1] https://twitter.com/oliviamunn/status/1346933669869481986

[2] https://www.esquire.com/news-politics/a12466578/disabled-pro...

I agree. One of my favorite aspects of visiting DC is the remarkable extent to which ordinary citizens have access to the workings of government. Sure, there's some security, but mostly to keep things orderly, not secret.

So just a couple hundreds of people can protest in front of the building, enter elected official offices and steal laptops most likely containing very sensitive data (hopefully encrypted though)?

I agree with you but I think there ought to be a little more protection of that.

For national security buildings (e.g. the NSA) it is the exact same as your foreign country experience. The guards around the perimeter are very quick to engage and ask what you are doing if you meander around the outside.

The NASA HQ administration building off 4th and E just south of the Mall has no armed guards posted outside, and there's even a NASA public credit union in the building, which does not require passing through the metal detectors or security post just a couple doors away in the same open lobby.

It is visited by plenty of non-NASA, non-government ordinary customers who could easily blend in with official foot traffic on a busy day and make just a dozen paces to the main elevator banks or stairwells looking for an opportunity.

The NSA (National Security Agency) and NASA are very different organizations within government.

I misread the OP as NASA, which was careless but I still think the observation is worth noting. Also worth noting is that there is a museum on the NSA campus (National Cryptologic Museum) that anyone can visit without any clearance, and though there are vastly trickier chicanes to contend with compared to the access at NASA administrative HQ, merely visiting the cryptologic museum ushers one past several otherwise highly restricted perimeter zones.

Yes, it is understandable that security works that way in a building occupied by people whose job it is to keep secrets... but that is not the way security should work at a building of democratic representatives where their job is to be publicly accountable.

Yep, in India they directly detain all protesters anywhere near the parliament area and the immediate surroundings

The Indian parliament was attacked by heavily armed gunmen in 2001, so that's not so surprising.

Unfortunately we don't live in that world anymore.

There is a major opposition movement growing, and it pains me to say it but Trump was right in his last speech.

'This is just the beginning'

All that money, all those guns, all that harassing of random citizens, and this happened. One has to ask “what are we actually paying for?”

Right, the annual Capitol Police budget alone is $550 million.

A police force of 2200, just for one building. Compare that to the Atlanta Police Department which has 1800 officers for a city of 500,000+ people and a size of 136 sq miles.

Not one bldg. There are multiple House and Senate offices and the Library of Congress. It's a huge complex which does not seem well designed from a security standpoint. I don't know if they've fixed that, but after 9/11 it was a mess of access.

Fwiw multiple police/security leaders have been fired or forced to resign due to this.

That’s just how the Capitol (and most US state houses) is. My wife has on multiple occasions waltzed down to the (non-public) underground subway that connects the Capitol to the Senate and House office buildings to chat with members of Congress. The Capitol Police usually say “well you’re not supposed to be here, but I guess it’s okay.”

This is not the information for a public forum, sorry.

I may be paranoid, and thus don't get why the downvotes?

  1. The person specified he has a wife that chats with members of Congress out of usual channels of communications.
  2. The person specified place where it happens in the open.
How hard for some non-friendly party to get there directly given the instructions above, or start tracking his wife through other means and get there through her?

In the Netherlands there are a few entry ways and they look a bit like this:


They're configured one-way only, can be fully opened for high through-put or emergencies, but are otherwise single-person only. They can detect multiple people in various ways. The default for sensitive areas would be biometric (e.g. weight, some parlement members coming back from vacation a little overweight have had to get a manual override in the past). Of course bulletproof, and can be controlled at a distance by an operator.

It makes sense that not everything requires something like this, but the office of the speaker of the house of course should be in any situation. If she wishes to meet people in less-secure rooms it's entirely possible to create meeting rooms with fewer or even no significant entry or security controls if you wish, but your personal office, places where you store sensitive data etc... can't just have em behind a few wooden doors.

Of course some countries opted for the benefit of a modern building. The capitol is more than two centuries old, you can only retrofit it so much.

The US Capitol belongs to the people. There are risks from that which fall on the people who serve there. In counties with monarchs there are different traditions expressed by the architecture of public institutions and the seats of power.

Just because something belongs to the people does not mean that 1,000 of them need to be able to rush into it.

Dutch Parliament has a visitors entrance and is (in non-covid times) easily accessible to the public. But for obvious security reasons their private offices are behind these kinds of locked doors. Since a few years I think you have to go through a metal detector to be allowed into the public areas.

It makes no sense at all that the US Capitol doesn't have stronger barriers between the public areas and the private offices. Every bank or other large company has such a setup for information security reasons.

The offices are public areas because they serve public officials carrying out public office.

But why does a public official's office need to be a public area? I'm sure you're not allowed to walk into it without an appointment, so having appropriate security barriers wouldn't stop them doing their job at all and would improve security.

Without referencing any source I'll just assume you made that up. As far as I know there's no difference between say the French or German republic or the Dutch (symbolic) monarchy in this regard.

Dutch representatives are accessible by the people. They have a walk-in hour, you can call them, email them, write them, you can join hearings and meetings where they're present, they go out into the country to talk to citizens. But what you can't do is waltz into their office. This has obvious reasons in a post 9/11 world, and it has nothing to do with the fact the Netherlands has a king who has a purely symbolic function and does not participate in politics, no different from say France which is a republic, or Germany which saw a mob storm the Reichstag a few months ago and was easily held off by the police, which is also a republic.

The US Embassy in Amsterdam is better protected than the Capitol.

Isn't that the right way around? Embassies in foreign countries need more protection than buildings in your own home country?

I think you should read up on how western countries typically prefer to have very light visible security in front of buildings like these. It sends a message of non-approachability if you have heavily-armed forces out front, which politicans don't like.

I'm assuming a similar security plan is in place in e.g. European countries' parliaments; extracting the high value targets is P1. The building is just a building; if it's damaged it can be repaired. And killing a bunch of people defending a building is a political no-go.

None of this applies to an embassy.

I'm pretty sure, almost every US Embassy, not just in Amsterdam, is better protected.

Apparently there was a joke going around latin america twitter that the coup failed because there is no US embassy in DC to support it.

The correct fix seems to be electing presidents that don’t invite terrorists to do what they did.

And who actually protect the capitol building when it is under attack.

Looks to me like they stood down, being complicit with the insurrection. This often is how 3rd world nations are overthrown by dictators with the militarys help.

To prevent unauthorized entry, Capitol Police would have had to put up a fight. Seems they were unwilling to do so. If America continues down this path Russia (and others) are just gonna have a field day.

Firing on a mob is risky as hell and not morally clear. I can't blame Capitol Police--at least for the actions after it already got out of hand.

If federal security at Court House shoots BLM protestors who are entering a federal court house, those security people would probably get charged with murder.

It's unreasonable to expect Capitol Police to make that sort of moral choice in the moment. And if you give cops the greenlight to shoot people to protect property, there will be a lot of unnecessarily death going forward.

That said, they may (probably?) screwed up containing the crowd contained in the first place. Though to play devils advocate, the President had just told a mob to go "wild." Not sure if Capitol Police could successfully manage that.

> Firing on a mob is risky as hell and not morally clear.

Why do people jump to the most extreme side of things in discussions now a days?

There are many many many ways to disperse of a crowd that doesn't involve firing live rounds at a crowd. In fact: they were able to do it later!

Tear gas, flash bangs, barricades, rubber bullets. None of these were used until well after they made it inside.

Because the security shown on all the videos don't appear to have those ready. That sort of gear isn't typically equipped.

So its sort of irrelevant to what police who were suddenly asked to hold a door from a violent mob.

With hindsight they should have had teargas ready. But they probably didn't expect the President to direct a mob to capture the Capitol.

> If federal security at Court House shoots BLM protestors who are entering a federal court house, those security people would probably get charged with murder.

Probably? Says who? In fact, multiple people have been shot (fatally or otherwise) during BLM protests, and actions against those officers have been very much the exception.

I'm not aware of police using live bullets against unarmed people to prevent them from entering a government facility. Though I could be ignorant of clear examples.

At least in Minnesota and Portland they let looters burn/occupy the buildings without contest.

I think it was a happy accident that possibly being complicit meant this didn't go as bad as it could have. We have a great example of de-escalation working.

>That said, they may (probably?) screwed up containing the crowd contained in the first place.

Certainly with the benefit of hindsight, there should have been a much stronger show of force/barricades/etc. Should that have been obvious even without hindsight? Don't know.

That said, once the Capitol Police were outnumbered and things were getting out of hand, I'm pretty sure the best outcome if they had used deadly force to stop a rush would have been headlines like "Dozens of Trump supporters dead after police open fire on crowd." Worse scenarios include the police getting overwhelmed anyway and many of them killed also leading to a firefight within the capitol.

Hindsight? You have the same kind of folks who showed up at Charlottesville and other altercations and you can’t predict they will cause trouble?

The very idea that no-one could see this coming is ridiculous.

There have been several pro-Trump rallies since the election. The city got locked down hard, but nothing happened. They were much more peaceful than the rallies this summer. (I drove by all of these because my wife’s office is a couple of blocks from the White House).

And the real damage was to our rule of law. That was already accomplished when the supposed President directed a mob against congress.

The actual level of violence done by the mob is relatively tame. Shooting a bunch of people in the halls of Congress isn't going to stop the damage to the rule of law. And it would have what? Prevented a few laptops from being stolen, a couple doors from being broken down, etc. It's not like they torched the place.

I personally don't think violence by a mob is acceptable. But it seems most people do--as long as they are sympathetic to the cause.

There’s photographs of one of the “peaceful” protestors in bdus and a helmet with zip ties, and there was multiple videos of the mob yelling to grab the politicians. It was relatively peaceful because congress was able to evacuate before they could be kidnapped and held hostage, with them safely away the pipe bombs wouldn’t have had much point.

I don’t know anyone calling that peaceful.

Which is contrast of the “mostly peaceful” protests that involved arson and beatings.

This is just as bad but everyone acknowledges it.

I guess? I would have expected the doors to put up a fight, too. But it doesn't sound like there was much forced entry going on beyond getting into the building itself.

At my own workplace, all the areas that are not intended for public use - office blocks and most meeting rooms, for example - are locked at all times and have keycard access. Defense in depth, y'know? And we're not even a juicy target like the US Capitol, we're just some company.

Congress isn't really one office, though. It's hundreds of individually run ones, each intended to serve the public fairly frequently. You can (generally) pop in and see your congressperson and/or their staff if you want.

You can pop in and see me, too. You just need to check in at the front desk, and can't wander around sensitive areas un-escorted.

My office is likely set up the same as yours, or at least close enough to yours. You could absolutely pop in to visit me.

But you could also grab enough of your friends to obtain a decisive numerical advantage – let's say, you and twenty of your closest friends, that probably gets close to what we saw yesterday. Be sure one or two of them are visibly armed.

Once you have your buddies, you can go break through the glass door leading to the receptionist's desk. We saw that yesterday too.

Once you're in, game over: I don't expect Nancy to tackle you at the door, or my friend Brian to kick you when you try to come into the conference room. I expect when you're inside you'll get a guest badge – or an employees – and proceed to go about doing whatever you were interested in doing.

My office's threat model – and yours – is not based on defending against a mob of people storming the building.

> My office's threat model – and yours – is not based on defending against a mob of people storming the building.

That's sort of exactly the point I'm making. My office's threat model isn't even in the same league, and yet it still seems to have more thought put into physical security than the Capitol building. It would appear that, unlike in the hypothetical you're constructing, in the real event, people didn't even need keycards in order to freely move about the building after getting past the exterior doors.

Your office is intended to keep most people in the world out most of the time.

The Capitol is intended to allow most people most of the time.

So Nancy Pelosi's office is generally open to the public, and it's fine for people to go on in whenever they want, even when she's not there?

I've honestly never tried to visit a congressperson in DC, so I suppose I wouldn't know, but it sounds unlikely. My public library is even more intended for public use than the US Capitol, but I still need a key to go back into the offices.

> So Nancy Pelosi's office is generally open to the public, and it's fine for people to go on in whenever they want, even when she's not there?

Generally, yes. Their offices are suites with a reception that'll be staffed for constituent services most of the day. Staff are also typically there all day taking calls from the public.

Found a quick tour of one (small office; leadership will have much larger ones) on YouTube: https://www.youtube.com/watch?v=UnIMUfF3U8I

You're being naive if you believe that Russia and others didn't already have a field day at the Capitol yesterday. I wouldn't worry as much about what these guys took from offices and server rooms as I would worry about what little digital gifts these guys may have left behind in the offices and server rooms.

Yep. The entire building needs to be completely scrubbed down and all tech needs to be taken and destroyed. A complete fresh start. Move operations to a new building while this is happening.

It honestly boggles the mind that capitol police announced the all-clear as soon as they did. I mean they found pipe bombs in the RNC and DNC headquarters. No way did the conduct the kind of thorough search that would ensure that nobody left a pipe bomb in an air vent or in a random filing cabinet.

And that goes double for mysterious flash drives randomly stuck in people's computers, or bugs hidden in planters etc. Just an absolute travesty.

Given the solarwind hack aren't they already in?

The Capitol Police were either incompetent or complicit. There are literally no other options. They knew there would be a big protests, numbers put it around 200k~300k (a tiny percentage of which actually went into the capitol building mind you).

If they weren't prepared for this: incompetence. But there are videos of people getting selfies with guards, and staying within the velvet ropes when coming in. Something isn't right here and no one is talking about it.

They were understaffed, and it was clear that they could not protect both the building and the people. They correctly prioritized evacuating the people.

They turned down an offer from the Pentagon to supplement manpower, days before the protest. Why?

A police department with an intelligence unit couldn't guess that things might get a little out of hand when 3 weeks before, the President publicly used Twitter to ask his followers[1] to attend a "wild" protest on January 6th? Not that an intelligence unit was required as the plans were in the open. I have great difficulty in putting this down to incompetence, all things considered.

1. https://twitter.com/realDonaldTrump/status/13401857732205158...

They turned down an offer from the Pentagon to supplement manpower

Hmm, why turn down an offer of assistance from a military whose commander-in-chief wants to overturn the election? I can think of a few reasons...

I'm curious - what are those reasons, and how would the lack of an invitation thwart them?

Most obviously, if you invite the military in and ask them to secure a portion of the building, you're exposed to the risk that the commander-in-chief will order them out (or order them to stand aside); it's unlikely that forces could be redeployed fast enough to respond to such a defection. (And no, you can't avoid this danger by having all the forces working together everywhere; far too many command-and-control issues arise.) If you don't invite the military to assist in the first place... well, then you're not relying on them to guard your back.

There's also a fundamental democratic issue at stake: It's not by coincidence that the United States Capitol Police answers to the legislature and not to the executive -- indeed, this is seen around the world (e.g. Canada's Parliamentary Protective Service answers to the Speakers of the House and Senate) and arguably the principle that military forces should not be brought to the seat of legislative power dates back to the Roman Republic... which swiftly became the Roman Empire after Caesar crossed the Rubicon with an army at his back.

Those are all valid points. Though I will argue that the assumption that the Capitol Police answers to the legislature is shaky, at best (in practice). If I had to guess who is more likely to refuse an unlawful order, I'd say a member of the military, rather than the police, based on my limited knowledge of their respective cultures. Combined with the idea of police officers who believe they are part of a semi-secret, ad-hoc, patriot's army, things can go wrong indeed.

Let's do a thought experiment: let's say there are a few elements in the police who are active QAnon believers, sprinkled in at various levels. Let's also assume some more force members are not believers, per se, but sympathize with the cause, and are willing to look aside since they may dislike some legislators who they see as enabling BLM, Antifa and other un-American actors (in their eyes) and believe that something "weird" happened with the elections and/or the whole establishment is dirty. Would these individuals not listen to the orders of the commander in chief, even when not delivered via the official chain of command?

> Though I will argue that the assumption that the Capitol Police answers to the legislature is shaky, at best (in practice).

It's a matter of law that they answer to the legislature, this isn't an "assumption." Individually they have answered to a not very sharp police chief, and the Sergeants-At-Arms of the House and Senate, who are all in the process of resigning because of how badly they recently screwed up, if that's what you mean.

> It's a matter of law that they answer to the legislature, this isn't an "assumption."

I could have expressed myself better there - I was distinguishing between them being answerable to the legislature (de jure) in the logical, org chat way, and them "answering" to a mercurial president they ideologically agree with (de facto), in the here and now.

For this specific decision I think we can put it down to incompetence over malice - it'd presumably be easy for whoever was co-ordinating it dismiss all the riot talks as bluster and figure it'd just be yet another protest with a lot of shouting. I imagine we'll hear more about it, but I would be surprised if it was a co-ordinated effort in concert with the rioters (I don't know what to call them).

The footage of police opening barriers and stuff, and taking selfies is however a bit more worrying. I think it's pretty well known that individuals within the police could identify or sympathise with Q or the far right - so if it turns out that this footage was exactly what it's seems to be (and we know how easily things can be misrepresented and shown out of context) then I imagine some cops are gonna be in big trouble.

I agree with this take. It's possible that after a year of particularly intense criticism of police department's actions vs protesters across the country they didn't want to appear to be over-reacting (which could fan all kinds of flames) and didn't expect the crowds to be quite so wild.

I don't know what kinds of contingency planning may have taken place, but ultimately this event seems to have been ended and cleaned up pretty quickly compared to some other demonstrations we've seen recently.

Yeah we're definitely in speculation territory here so I'm wary of going too far. But I would imagine it was not a conscious attempt clean up their act and do their job with a less heavy hand. The idea that they'd suddenly decide to have a change of heart and that the first people who encountered this new, soft-touch policing happened to be right wingers - I don't buy it.

> it's pretty well known that individuals within the police could identify or sympathise with Q

This is worrying in its own terms. Policemen are adult, and shouldn't believe in fairy tales.

Being able to use deductive reasoning, understand basic principles of science (like the difference between cheratine and DNA), double-check the facts, and find the truth between the lies is THE work of the police.

Somebody unable to see a hole for years in theories that most 5 Yo curious children could dismantle in a hour is unfit for this kind of work. They simply shouldn't be policemen. Period. Will end distroying the lifes of innocent people.

I'm not so certain; with the possibility of installed loyalists and/or 'regulatory capture' we may have intentional malfeasance to make a troubling situation worse.

If it is reasonable to assume that some individual members of the police force are sympathetic to the Q/Boogaloo cause, who is to say the person responsible for coordinating with the Pentagon wasn't a fellow traveler? Police forces, on the whole aren't exactly politically neutral: during primary season, I recall a republican politician getting a picture taken with a policeman who had a "Q" patch on his uniform.

There is not enough information to come to either conclusion, but I would like to think the DC police leadership didn't/doesn't plumb those depths of incompetence. The public (and congress) deserves answers on what happened and why.

They definitely deserve answers, you are right. But jumping to "This was an op and the DC police as a unit were in on it" is approaching wheelhouse of the crazies who instigated this whole debacle. That runaway cascade of believing lots of little things that could be possible is what led to millions believing in dumb stuff like Mole Children being kept as slaves by Hillary Clinton and friends.

Unless something more sinister emerges the simplest explanation is probably the best - there some cops who are far-right sympathisers and there are incompetently managed and organized Police forces. Both of those things are already demonstrably true and explain how the response quite well without introducing a grand conspiracy.

I was careful to say individuals - my point was that there is no reason to doubt the possibility of those sympathetic individual(s) being decision-makers in the force. I was careful to not suggest it was a group decision.

However, it is no secret that the FBI has long-reported (2006!) on white-supremecist infiltration of police forces[1] - this is not crazy talk. If someone joined the police as a rookie in 2006 to enforce their personal agenda, how far up the leadership hierarchy would they be now?

1. https://www.pbs.org/newshour/nation/fbi-white-supremacists-i...

>I recall a republican politician getting a picture taken with a policeman who had a "Q" patch on his uniform.

This picture?


Yes - that's the one, thank you.

This can be correct, but so can GPs point: two possible findings are that the capitol police were deliberately left understaffed because

* higher level leadership judged the threat of the protestors to be insignificant (incompetence)

* higher level leadership wanted the potential for a mob to enter the building (complicity)

However they found themselves in the position, they did, and once there I think they had an unenviable task. And the fact that the occupants of the building were safely sheltered until a larger force came to clear the building shows that they made a good decision.

Except for that part where they murdered an unarmed Air Force veteran.

It's not murder if it's legal. If you don't want to get shot, don't invade the seat of government during a constitutionally prescribed transition of power, break through a barricade, ignore a cop's orders and approach a cop pointing his gun at you. Hard, I know.

This is almost exactly the same argument that police defenders make when the police shoot an unarmed minority individual in any random city.

I'd agree that police defenders often use the rhetoric of "approaching a cop with his gun drawn" or "being somewhere you shouldn't," but surely we can make a distinction between those killed in public areas versus this woman who was trespassing in a very important federal facility, specifically to impede a very important government procedure.

> trespassing in a very important federal facility

She was part of an armed mob trying in the process of breaking into the speakers lobby that posed an imminent threat to members of Congress, whom members of the mob had moments before loudly expressed concern were trying to leave.

“Trespassing” wasn't at all the issue.

No it's not. Thank you, 2 month old anonymous account, for confusing the issue.

And you assume that's everything that happened? Did she break through a barrier? People were walking right in.You don't know which group she cam in with. In the various videos, she was trying to get out. They all were.

The dude who fired the shot, are you really defending him? A man with no real reasonable threat to his life? None of the people in that shot were shown to be armed.

Honest question, what are your views on Jacob Blake? Do you defend him? Because he sexually assaulted a women who had a restraining order against him, ignored police orders to stop, got up after being tazed twice and reached into a car with children. The DA found the police were completely justified in shooting him 7 times in the back.

This is the double standard. If you say she had no excuse for getting shot, than neither did Jacob Blake, or Breyanna Taylor.

She was climbing through a broken window past a barricade that was the last line of defense to where members of Congress were taking shelter. The guard was pointing his gun at her and other people were warning about the danger. I don’t think she should have been shot, but the guard who shot her acted reasonably. It was a failure of the police present, who should have prevented the situation.

It doesn't matter if she's mother Theresa and came here with the cure for cancer. You cannot interrupt the transition of power. We have laws that must be followed. If you try to overthrow the government you will be stopped. I watched a video of her getting shot. She was breaking through a barricaded door and making her way towards officers with guns drawn.

> And you assume that's everything that happened?

There's multiple camera angles which captured the minutes leading up to her death, posted on major news sites like The Washington Post, so no assumption needed.

I still don't feel the shoot to kill was justified (especially as a shot in an area that would immobilize a person, like the chest or the gut, would've been safer of collateral damage vs a shot to the head, similar to the one taken, which unequivocally is a shot intended to kill), but trying to argue she was not completely and totally in the wrong is just absurd to me.

You betray your ignorance about firearms. You cannot shoot to immobilize. Every shot taken is practically and legally a shot intending to kill. Real life is not a hollywood movie.

> You betray your ignorance about firearms. You cannot shoot to immobilize. Every shot taken is practically and legally a shot intending to kill. Real life is not a hollywood movie.

Someone knowledgeable of the subject, which you imply I am not, would know that shooting someone in the middle of their body is the standard operating procedure (and is potentially less fatal, but yes legally still intended to kill) rather than taking an (essentially) headshot as this officer did.

Also notice I did not say what the officer did was "against policy" or illegal, I simply said I didn't feel it was justified (especially with where the shot hit). It's for the department and the courts to decide if the officer violated his duty.

Could have (likely was) aiming for center of mass but ended up a little high. Real life is not a shooting range with a target that is perfectly still.

Shooting a center of mass is not at all about being "less fatal" it is about it being the biggest target with the biggest chance of stopping your adversary.

> Shooting a center of mass is not at all about being "less fatal"

Did I say it was? I believe I used the word "potentially" in the reply you are commenting to. The officer was shooting from ~6ft away and had a firm grip and was well composed, if they can't hit the chest of a target that was mostly still at the moment of the shot then they need to be spending a lot more time in the gun range (at the absolute minimum).

> they need to be spending more time in the gun range.

Not at all unlikely.

>They were understaffed, and it was clear that they could not protect both the building and the people. They correctly prioritized evacuating the people.

I think it's pretty clear at this point that they would have been overstaffed if the protestors had a different skin color.

> different skin color.

In the 1970s, armed Black Panther members took the California State Capitol and no one died.

At least one officer is dead (this changes daily so who knows) and one protestor (she was unarmed, that's a protestor, trespasser at best) was shot by sorry excuse of a Capitol Officer who shot wildly into a crowd (almost hitting the other Federal Officer behind her!)

Please stop making this about race.

The lady that was shot was attempting to enter a hallway through a window while people in the hallway were pointing guns at her. Just because she didn't have a visible weapon doesn't mean she wasn't a threat. Climbing through a broken window into a hallway protected by a makeshift barricade is itself a threatening action. No one at the head of a mob climbing over a barricade ever did so for innocent and non-threatening reasons. Suggesting otherwise is ludicrously stupid.

Having seen multiple videos of the event it's clear the shooter was not firing wildly into the crowd. They were aiming specifically at the person trying to break into the area. She's dead because of her own actions.

Note that she was wearing a good sized backpack. The shooter was wearing plainclothes- possibly Secret Service. It appears he was protecting something or someone important. Pence?

Pence would not have been in the House Lobby area, he would've been taken directly from the Senate to a secure area.

Let's step back to before this happened. Why did the Capitol Police let people in:


You're not a protester if you are breaking into congress, breaking past a barricade, being told to stop, and walking towards an officer pointing his gun at you. You're suicidal.

But, they let these people in:


Should've shot them too if they refused to back down

I don’t think that’s clear at all. I’ve seen it often repeated by the media, but there is absolutely no evidence to support it. Repeating this is only driving the two sides further apart.

Being understaffed on a day when protesters have warned you they may take direct action is incompetence or complicity. They have agreements with nearby law enforcement who are often deputized in DC, yet didn’t activate those agreements until the perimeter had been fully breached.

> They were understaffed, and it was clear that they could not protect both the building and the people. They correctly prioritized evacuating the people.

This is all true but might be crediting the Capitol Police leadership with a little more coordination and planning than they truly exhibited. There were clearly some law enforcement officers who did not simply step aside and let the rioters have their way once lawmakers had been evacuated.

Based on some of the comments here I get the feeling it's not common knowledge yet that at least one involved law enforcement officer has died [1] and a couple of dozen were injured. Possibly they could have done better for themselves if they'd all been as easygoing about things as the officers photographed in the rotunda.

[1] https://www.washingtonpost.com/local/public-safety/brian-sic...

Incorrect. Capitol police is a 2300 officer department with a huge annual budget. The puppets in place were complicit in letting this happen.

To what end? Certainly the Capitol police leadership wasn't part of some conspiracy to overthrow the government- letting a few hundred protestors in wouldn't accomplish much.

So you are saying that the Capitol police succeeded in creating a honeypot that was meant to embarrass Trump?

I wonder if, since so many on HN feel that they are enlightened people, it is possible for us to give the benefit of the doubt to people who's jobs we don't do and probably know nothing about?

Just because we work in tech does not mean we know everything, and not having been there means we don't know the circumstances anyway. It is disgustingly arrogant of any of us to proclaim that these people must be incompetent or complicit like some armchair quarterback.

Christ, I mean, this is roughly the same mentality as the people who think the election was stolen based on some anecdotes and bullshit despite what election officials, courts, and other experts are saying.

Indeed, the hyperbole and conspiracy theories on all sides have lead me to detach myself from politics. There were a few hundred/thousand people who rioted at the Capitol, law enforcement in riot gear fought them with clubs and pepper spray, got overwhelmed, fell back, regrouped, and responded with a lot of force a couple hours later. One of the rioters was shot, dozens were arrested. Not a good scenario, but I've seen a lot of people who I had thought were more measured yelling about how police were assisting with an attempted coup attempt (even supposedly respected news stations were going off the deep end). It feels like the 24/7 news cycle has fried a lot of people's minds and turned everything into a final battle between good and evil.

If it's any consolation, US Capitol Police chief Steve Sund was forced to resign by Congress. Seems like it's not just armchair quarterbacks who were let down by their shitty response.

No doubt you are aware of the concept of a face-saving resignation. I'm not saying this is what happened here, I'm just saying the resignation itself is not really meaningful without more context.

The Capitol Police seem to be a facade and don't stop crowds. Here's a different example from 2 years ago:

"@womensmarch just took the Capitol. Women, survivors, and allies walked straight past the police, climbed over barricades, and sat down on the Capitol steps."


This Twitter thread is a gold mine for anyone looking for perspective on what happens when the “right” group versus the “wrong” group storms past baracades and into the Capital, while describing it as “taking the Capital”.

It's also possible they were competent but don't have the required staff to handle a large protest. Under normal circumstances, they might request help from other groups (DC police, national guard, whatever) but due to jurisdictional restrictions help can't come unless it's approved at high levels and no approvals were given.

In other words, they may have been set up to fail.

(There's still the issue of that video of protesters being let in, which would imply that capital police do have some explaining to do.)

They took selfies with the insurrectionists. They were complicit.

> insurrectionists

Peaceful protestors.

Were the BLM people who stormed city hall in Seattle insurrectionists? Where the Black Panthers who took the California State Capitol in the 1970s insurrectionists?

Stop with the bullshit name games. These were not rioters. They didn't set anything on fire. They should not have stolen or broken anything. That's wrong and bad and should be condemned. Those people should get federal time

But man...you have to admit...there is something beautiful about the peasants entering the royal court, and the town idiot putting his feet up on the table that belongs to the Hand of the King.

The villagers entered the royal court and the senators clutched their pearls.

America has had a long history of occupying federal buildings. This is certainly not unprecedented.

These people were not a coup or insurrection. They had no plan. There was no person with a new founding document they were going to read. They didn't bring in an armed force and take and occupy the capital.

The overreaction to what happened is fucking insane, especially compared to what actual Rioters where allowed to get away with for the past year. In May, DC was literally on fire from the BLM riots, and we didn't see this type of DoubleSpeak.

Storming the capitol to stop the certification of an election whose result t hey didn't like is the very definition of an attempted coup d'etat.

They had zip ties meant for the purpose of taking hostages: https://twitter.com/Adiscen/status/1347189171362918400

IEDs were found at the DNC and RNC: https://www.nytimes.com/2021/01/06/us/politics/pipe-bomb-rnc... https://abcnews.go.com/Politics/abc-news-exclusive-photo-sus...

They were let in. The guy with the zip ties is likely an undercover agent.

> The overreaction ... In May, DC was literally on fire from the BLM riots

Speaking of overreactions ...

> They didn't set anything on fire. They should not have stolen or broken anything. That's wrong and bad and should be condemned.

Okay, so to be clear, there's a difference between breaking things with your hands and setting it on fire. One is "bad", and one is "rioting". Huh, interesting.

Black Panthers were literally insurrectionists and wore that badge with pride.

> Were the BLM people who stormed city hall in Seattle insurrectionists? Where the Black Panthers who took the California State Capitol in the 1970s insurrectionists?

No, because their goal wasn't to overturn a legally held election.

> They had no plan.

You got that part right.

> No, because their goal wasn't to overturn a legally held election.

When BLM stormed and occupied the city hall in Seattle, their primary demand was to remove the mayor.


“Hey hey. Ho ho. Jenny Durkan’s got to go!”

Some were armed and an IED was found. I recommend avoiding identity protective cognition when analyzing these events.

People planted pipe bombs in the capitol building. Wow, such peaceful, much protest.

> The overreaction to what happened is fucking insane, especially compared to what actual Rioters where allowed to get away with for the past year. In May, DC was literally on fire from the BLM riots, and we didn't see this type of DoubleSpeak.

Not really when you consider that the protests in may were for the correct side with the media and elites fully on board. They were for all intents and purposes sanctioned events. The 6th mob was absolutely terrifying for the media and elite since they had zero control over it. What looks like just another mob riot to a common peasant appears to be an actual threat to those which never see threats.

> But man...you have to admit...there is something beautiful about the peasants entering the royal court, and the town idiot putting his feet up on the table that belongs to the Hand of the King. >The villagers entered the royal court and the senators clutched their pearls.

I agree. Although I’m definitely anti-Trump and condemn his garbage about the election being stolen, and while I don’t condone the behavior of the protestors, I don’t really see how this so much worse than business owners who had their livelihoods destroyed during the BLM riots over the summer. I don’t remember CNN or Democrats tripping over themselves to see who could use the harshest language for what had happened.

Again I’m not condoning this, but honestly, given what happened, the only real tragedy was a woman was shot because a jumpy police officer shot blindly into a crowd. Our pride was embarrassed but that’s ok. Let’s learn from this and make sure it doesn’t happen again.

The real problem with what happened is Trump incited it. But that’s another story.

Haha yeah, there wasn't this much outrage before because it was the peasant's businesses being destroyed. Protesting is now bad because it actually affected the rich, political class.

Look at how different the MSM response was. Destroyed businesses and disruption to innocent people's lives was a necessary sacrifice for BLM riots. And best of all, covid is only dangerous depending on what you're protesting for. But some people going into a building?! No! Stop that!

I don't understand how people can confidently draw such equivalencies. Just looking at the frequency of the two types of events.


How many is that? I can't even count. More than 50, less than 100? Versus 10, possibly way less, depending on what kind of comparisons one wants to draw? [1]

Doesn't this point exactly to the significance of what happened on the 6th? Race riots have been happening in the United States for a hundred some years. They are obviously not significant in achieving the goals of the rioters. Meanwhile the storming of seats of power by an ousted leaders' supporters has the potential to change history. The former is a passing event, the latter is a rare event with some potential to change global history.

[1] https://www.livescience.com/political-violence-us-capital.ht...

I could pull up pictures of police kneeling with BLM this summer.

Inviting insurrectionists into the capitol to stop the certification of an election they didn't like by force is different from... giving their support to people who are against unarmed black people being murdered on sight.

Yeah, they kneeled for the photo op, then deployed tear gas an hour later.

Deploying tear gas like they did in the Capitol here:




I saw a video yesterday of tear gas being used inside the capitol building but today I was only able to find videos of when it was used outside.

200 - 300k is hilarious, 20 - 30k is much closer to a reasonable guess.

The Capitol Police generally don’t (and aren’t equipped to) repel a mob entering the building. That wasn’t just for this event. It’s always like this.

Trump’s “show of force” during the BLM protests (where he brought in the national guard) was an aberration for that reason.

This isn't the first mass protest in DC. Why is this the first time they were able to get into the Capitol while in session?

Typically they don't try to. But people have gotten into the capitol to interrupt things before.

Five Congressmen were shot by Puerto Rican nationalists on the floor of the house in the 50s.

Protestors interrupt things fairly often. Happened during the Kavanaugh confirmation hearings and again during the vote.

This is probably the most overwhelmed the Capitol has been since the British captured it.

Here is a great link from downtrend: https://twitter.com/EgSophie/status/1048634940169048064

It would be interesting to see exactly how often the capitol police have been overwhelmed and civilians have entered the building or chosen not to.

Wasn't a protest, it was an attempt at a coup. And the president set the game to easy level.

> attempt at a coup

You have a very very low bar for what you think an attempted coup was.

Chased congress out their chambers while they were preparing to certify the next president. Murdered a police officer in the process.

Your definition of a low bar different than mine.

Who knows what Trump was attempting. He should definitely be investigated.

But the riot was a riot. There was no organization and no attempt to take the government and rule it. It was vandalism.

Something isn't right? Perhaps that nearly half of the elected officials present were either complicit or actively encouraging what happened?

You're being downvoted, but it's been proven police helped the rioters and even took selfies with them.

It has not been proven. This is false. Please stop spreading it. Multiple people were killed in clashes with the police. They did not help the rioters. This is the type of misinformation that caused all these problems.

Re the second one - I also saw some footage where a couple of police were, I dunno, ushering them or encouraging them through barriers towards the building. Like "come on, come on!" - that kind of gesture.

I have to stress though that I agree with "danaris" one level up from from this comment - it seems perfectly believable that individual police sympathised and aided these people. However it's not "The Police" as an entity as some others are suggesting, that's venturing into Q territory and is a bit Conspiracy Theory for me.

Here's another video of cops letting people in.


Here are videos from 2 locations where protestors fought the police and pushed past them. That is the opposite of letting them in. IMO I think the instances where they were "letting people in" were because the barriers had already been breached on other sides so there was no point holding lines where there would already be people in behind them.



This is the video that really got me thinking about this: https://old.reddit.com/r/PublicFreakout/comments/kt2u9v/conf...

Not sure what happened, I hope we find out, but this video is especially damning.

This is the YouTube channel that came from. Lots of other videos there like talking to the MAGA crowd after the riot.


The video (letting them in) doesn't show what you think it does. Capital Police leadership planned poorly and their leadership is at fault. They had to fall back to more secure chokepoints because they were outnumbered and overwhelmed. The cops didn't let anyone in. They killed someone and one of them was killed in the fighting. Please don't stir up trouble with fake conjecture over a 30 second clip that doesn't show what really happened. It is what caused a lot of these problems. You are making it worse.

No... if those officers had fallen back, sure, all good. I don't see an issue there. But literally you have an officer (and yes, I get it, individual versus collective) who moves gates, and starts waving protestors through.

If you're falling back because you're overwhelmed by a surge, the last thing you do is _remove obstacles between you and the surge_!

Regarding the second video, there were already protesters behind the barrier so those police may have been ordered to move back to another area.

The bigger concern for me is the understaffing and declining of offers of assistance made by other police departments.

Without any specific knowledge on this case one way or the other, both of these things can be simultaneously true: Some Capitol police stuck to their duty and tried to keep the insurrectionists out, while others agreed with them, let them in, and took selfies with them.

"The Capitol Police" is not a single, monolithic entity; it's made up of individual people, with their own political views.

> Multiple people were killed in clashes with the police.

"Multiple"? Do you have proof of this? There was one woman who was shot by police.

As far as I know, it is not yet clear how the others (excluding the Capitol officer) died. I've seen reports that one man got a heart attack after tasing himself and another fell off some scaffolding.

ProAm 16 days ago [flagged]

Ha! These people are in their 70's and 80's, getting any legitimate security is near impossible. Try telling your grandparents not to play flash games on their computer. The best security should have been by the entrances of the building.

Edit: Pelosi is 80 years old.

Age isn’t the problem, lack of digital security literacy might well be.

My dad was born in ‘39, he did a degree in electrical engineering, and it took until something like his second job after graduation for his employer to send him on a two-day training course for the new-fangled [0] invention of something called “software”. He then worked in software from that course until retirement.

However, he never understood RSA despite working on UK military IFF systems.

[0] “new-fangled” was his description; the closest he came to acknowledging Ada Lovelace before I learned of her was to complain about the language Ada.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact