Technology
Yes, officials plugged in the malware-laden USB seized at Mar-a-Lago
The first thing you want to do when you pull a USB drive off someone allegedly lying their way into presidential hangout Mar-a-Lago is plug it in your computer. Oh, wait, maybe don’t do that?
A woman by the name of Yujing Zhang was arrested on March 30 attempting to bluff her way into Donald Trump’s private Florida club. In addition to two Chinese passports, the New York Times reported that she carried with her four cell phones, a hard drive, and a USB drive infected with malware. And, according to the Miami Herald, U.S. government officials straight up plugged that bad boy into a computer — a bit of news that generated some serious double takes in the infosec community.
“[Secret Service agent Samuel Ivanovich] stated that when another agent put Zhang’s thumb-drive into his computer, it immediately began to install files, a ‘very out-of-the-ordinary’ event that he had never seen happen before during this kind of analysis,” reports the Herald. “The agent had to immediately stop the analysis to halt any further corruption of his computer, Ivanovich said.”
in todays episode of: the government discovers a thing that hackers have been using as a tool and in awareness training for almost ten years…
— D̒͂̕ᵈăᵃn̕ᶰ Ť̾̾̓͐͒͠ᵗe͗̑́̋̂́͡ᵉn̅ᶰtᵗl̀̓͘ᶫe̓̒̂̚ᵉrʳ (@Viss) April 8, 2019
Pretty sure this is not what they meant when they said “taking a bullet for the president.” This is infosec training 101, and could have just as easily corrupted the evidence as the other way around. pic.twitter.com/ME2RWqTyjV
— briankrebs (@briankrebs) April 8, 2019
It’s widely understood that plugging in random USBs is never a great idea, as they have a non-zero chance of containing malware. So, it’s of course possible that Zhang’s thumb drive was just like every other thumb drive and happened to contain some malicious files — as opposed to malware specifically designed to spy on the president or the club where he spends so much of his time.
It’s possible, but as the New York Times reported on April 8, Zhang’s hotel room contained some other interesting items discovered in a search that suggest it’s also decidedly not possible. Namely, nine additional USBs, five SIM cards, $8,000 in cash, and a radio-frequency device used to find hidden cameras.
However, all may not be terrible in the land of U.S. government cybersecurity. While at first glance plugging in Zhang’s sketchy USB drive may look like a case of a monumental security screw-up, if a cybersecurity expert were to plug it into a specific computer with the goal of checking it for malware, then we would say they were doing their job.
This, thankfully, looks to be what happened here — a fact made clear by a clarifying sentence in a New York Times article.
“Mr. Ivanovich testified that the computer analyst who reviewed Ms. Zhang’s devices said that the thumb drive she was carrying had immediately begun installing a program on his computer,” it explains.
In other words, a computer analyst plugged the device in specifically in order to review it. Which, hey, perhaps all is not lost after all.
-
Entertainment7 days ago
OpenAI’s plan to make ChatGPT the ‘everything app’ has never been more clear
-
Entertainment6 days ago
‘The Last Showgirl’ review: Pamela Anderson leads a shattering ensemble as an aging burlesque entertainer
-
Entertainment7 days ago
How to watch NFL Christmas Gameday and Beyoncé halftime
-
Entertainment6 days ago
Polyamorous influencer breakups: What happens when hypervisible relationships end
-
Entertainment5 days ago
‘The Room Next Door’ review: Tilda Swinton and Julianne Moore are magnificent
-
Entertainment4 days ago
‘The Wild Robot’ and ‘Flow’ are quietly revolutionary climate change films
-
Entertainment4 days ago
Mars is littered with junk. Historians want to save it.
-
Entertainment5 days ago
CES 2025 preview: What to expect