Technology
Yes, officials plugged in the malware-laden USB seized at Mar-a-Lago
The first thing you want to do when you pull a USB drive off someone allegedly lying their way into presidential hangout Mar-a-Lago is plug it in your computer. Oh, wait, maybe don’t do that?
A woman by the name of Yujing Zhang was arrested on March 30 attempting to bluff her way into Donald Trump’s private Florida club. In addition to two Chinese passports, the New York Times reported that she carried with her four cell phones, a hard drive, and a USB drive infected with malware. And, according to the Miami Herald, U.S. government officials straight up plugged that bad boy into a computer — a bit of news that generated some serious double takes in the infosec community.
“[Secret Service agent Samuel Ivanovich] stated that when another agent put Zhang’s thumb-drive into his computer, it immediately began to install files, a ‘very out-of-the-ordinary’ event that he had never seen happen before during this kind of analysis,” reports the Herald. “The agent had to immediately stop the analysis to halt any further corruption of his computer, Ivanovich said.”
in todays episode of: the government discovers a thing that hackers have been using as a tool and in awareness training for almost ten years…
— D̒͂̕ᵈăᵃn̕ᶰ Ť̾̾̓͐͒͠ᵗe͗̑́̋̂́͡ᵉn̅ᶰtᵗl̀̓͘ᶫe̓̒̂̚ᵉrʳ (@Viss) April 8, 2019
Pretty sure this is not what they meant when they said “taking a bullet for the president.” This is infosec training 101, and could have just as easily corrupted the evidence as the other way around. pic.twitter.com/ME2RWqTyjV
— briankrebs (@briankrebs) April 8, 2019
It’s widely understood that plugging in random USBs is never a great idea, as they have a non-zero chance of containing malware. So, it’s of course possible that Zhang’s thumb drive was just like every other thumb drive and happened to contain some malicious files — as opposed to malware specifically designed to spy on the president or the club where he spends so much of his time.
It’s possible, but as the New York Times reported on April 8, Zhang’s hotel room contained some other interesting items discovered in a search that suggest it’s also decidedly not possible. Namely, nine additional USBs, five SIM cards, $8,000 in cash, and a radio-frequency device used to find hidden cameras.
However, all may not be terrible in the land of U.S. government cybersecurity. While at first glance plugging in Zhang’s sketchy USB drive may look like a case of a monumental security screw-up, if a cybersecurity expert were to plug it into a specific computer with the goal of checking it for malware, then we would say they were doing their job.
This, thankfully, looks to be what happened here — a fact made clear by a clarifying sentence in a New York Times article.
“Mr. Ivanovich testified that the computer analyst who reviewed Ms. Zhang’s devices said that the thumb drive she was carrying had immediately begun installing a program on his computer,” it explains.
In other words, a computer analyst plugged the device in specifically in order to review it. Which, hey, perhaps all is not lost after all.
-
Entertainment7 days ago
‘Only Murders in the Building’ Season 4 ending explained: Who killed Sazz and why?
-
Entertainment6 days ago
When will we have 2024 election results online?
-
Entertainment5 days ago
Halloween 2024: Weekend debates, obscure memes, and a legacy of racism
-
Entertainment6 days ago
Social media drives toxic fandom. Is there a solution?
-
Entertainment5 days ago
Is ‘The Substance’ streaming? How to watch at home
-
Entertainment5 days ago
M4 MacBook Pro vs. M3 MacBook Pro: What are the differences?
-
Entertainment3 days ago
Menendez brothers case reignites online: The questions that keep resurfacing
-
Entertainment4 days ago
‘A Real Pain’ review: Jesse Eisenberg and Kieran Culkin charm as odd-couple cousins