In the Wrong Hands, Pelosi’s Laptop Could Contain a Wealth of Information.
In the wake of the 2021 storming of the United States Capitol, it was reported that a laptop was stolen from the office of House Speaker Nancy Pelosi. The individual alleged to have stolen the laptop has been arrested, but the device has not yet been reported to be found.
Speaker Pelosi’s Deputy Chief of Staff, Drew Hammill, wrote in a statement that this laptop was “only used for presentations”. However, even if this is true, the device in the wrong hands could pose security concerns. Putting the content of such presentations aside, this computer could contain sensitive data such as passwords, network/IT protocol information, emails, and confidential documents.
If the device is ever retrieved, it will likely be turned over to a Digital Forensic Examiner to conduct an investigation of the laptop’s hard drive. A Digital Forensic Examiner will search the drive for user activity and evidence of data exfiltration to determine the full extent to which sensitive information may have been disseminated or transferred.
As Digital Forensic Experts, we at Cornerstone Discovery routinely collect, preserve, and analyze digital evidence, like the stolen laptop, for a variety of intel and insights. Forensic methods allow examiners to not only see the files and folders that reside on a computer hard drive but retrieve deleted content such as fragments of email that were deleted years prior. A thorough analysis can uncover disturbingly detailed records of a user’s actions, including the serial numbers of every device ever connected to the computer, when they were connected, and what files were on the devices at the time, even after the device is long gone. A user’s web and search history, file access logs, and even location information are all up for grabs.
In the case of the stolen laptop, there is a fear that the device could end up in the possession of a bad actor intending to cause harm. At this time, it is unclear what protective measures were employed on the laptop. Nevertheless, this case highlights a grave security concern not just for legislators at the Capitol but for anyone with access to high-value data (such as CEOs, CFOs, Sales personnel, and other employees of companies large and small). Physical security of devices is important, but digital security measures like full-disk encryption, strong passwords, 2-factor authentication, and proper cleansing of secure, confidential, and classified data ensure that this information is never accessed by an unauthorized user.