Technology
Yes, officials plugged in the malware-laden USB seized at Mar-a-Lago
Image: Sina Ettmer / EyeEm / getty
The first thing you want to do when you pull a USB drive off someone allegedly lying their way into presidential hangout Mar-a-Lago is plug it in your computer. Oh, wait, maybe don’t do that?
A woman by the name of Yujing Zhang was arrested on March 30 attempting to bluff her way into Donald Trump’s private Florida club. In addition to two Chinese passports, the New York Times reported that she carried with her four cell phones, a hard drive, and a USB drive infected with malware. And, according to the Miami Herald, U.S. government officials straight up plugged that bad boy into a computer — a bit of news that generated some serious double takes in the infosec community.
“[Secret Service agent Samuel Ivanovich] stated that when another agent put Zhang’s thumb-drive into his computer, it immediately began to install files, a ‘very out-of-the-ordinary’ event that he had never seen happen before during this kind of analysis,” reports the Herald. “The agent had to immediately stop the analysis to halt any further corruption of his computer, Ivanovich said.”
in todays episode of: the government discovers a thing that hackers have been using as a tool and in awareness training for almost ten years…
— D̒͂̕ᵈăᵃn̕ᶰ Ť̾̾̓͐͒͠ᵗe͗̑́̋̂́͡ᵉn̅ᶰtᵗl̀̓͘ᶫe̓̒̂̚ᵉrʳ (@Viss) April 8, 2019
Pretty sure this is not what they meant when they said “taking a bullet for the president.” This is infosec training 101, and could have just as easily corrupted the evidence as the other way around. pic.twitter.com/ME2RWqTyjV
— briankrebs (@briankrebs) April 8, 2019
It’s widely understood that plugging in random USBs is never a great idea, as they have a non-zero chance of containing malware. So, it’s of course possible that Zhang’s thumb drive was just like every other thumb drive and happened to contain some malicious files — as opposed to malware specifically designed to spy on the president or the club where he spends so much of his time.
It’s possible, but as the New York Times reported on April 8, Zhang’s hotel room contained some other interesting items discovered in a search that suggest it’s also decidedly not possible. Namely, nine additional USBs, five SIM cards, $8,000 in cash, and a radio-frequency device used to find hidden cameras.
However, all may not be terrible in the land of U.S. government cybersecurity. While at first glance plugging in Zhang’s sketchy USB drive may look like a case of a monumental security screw-up, if a cybersecurity expert were to plug it into a specific computer with the goal of checking it for malware, then we would say they were doing their job.
This, thankfully, looks to be what happened here — a fact made clear by a clarifying sentence in a New York Times article.
“Mr. Ivanovich testified that the computer analyst who reviewed Ms. Zhang’s devices said that the thumb drive she was carrying had immediately begun installing a program on his computer,” it explains.
In other words, a computer analyst plugged the device in specifically in order to review it. Which, hey, perhaps all is not lost after all.
Zomato’s quick commerce unit Blinkit eclipses core food business in value, says Goldman Sachs
Monsta X’s I.M on making music, gaming, and being called ‘zaddy’
Petlibro’s new smart refrigerated wet food feeder is what your cat deserves
The books on your favorite creators’ TBR shelf
Xaira, an AI drug discovery startup, launches with a massive $1B, says it’s ‘ready’ to start developing drugs
Rabbit R1 hands-on review: Something is iffy about this
UK probes Amazon and Microsoft over AI partnerships with Mistral, Anthropic, and Inflection
‘Shōgun’ co-creators break down the finale: ‘It’s a story about death’
Tesla’s new growth plan is centered around mysterious cheaper models
Tesla’s in trouble. Is Elon Musk the problem?
API startup Noname Security nears $500M deal to sell itself to Akamai
US think tank Heritage Foundation hit by cyberattack
NASA discovered bacteria that wouldn’t die. Now it’s boosting sunscreen.
How to watch ‘Argylle’: When and where is it streaming?
Tesla drops prices, Meta confirms Llama 3 release, and Apple allows emulators in the App Store
Tesla layoffs hit high performers, some departments slashed, sources say
TechCrunch Mobility: Cruise robotaxis return and Ford’s BlueCruise comes under scrutiny
Meta to close Threads in Turkey to comply with injunction prohibiting data-sharing with Instagram
Former top SpaceX exec Tom Ochinero sets up new VC firm, filings reveal
Consumer Financial Protection Bureau fines BloomTech for false claims
Zomato’s quick commerce unit Blinkit eclipses core food business in value, says Goldman Sachs
Monsta X’s I.M on making music, gaming, and being called ‘zaddy’
Petlibro’s new smart refrigerated wet food feeder is what your cat deserves
The books on your favorite creators’ TBR shelf
Xaira, an AI drug discovery startup, launches with a massive $1B, says it’s ‘ready’ to start developing drugs
Rabbit R1 hands-on review: Something is iffy about this
UK probes Amazon and Microsoft over AI partnerships with Mistral, Anthropic, and Inflection
‘Shōgun’ co-creators break down the finale: ‘It’s a story about death’
Tesla’s new growth plan is centered around mysterious cheaper models
Tesla’s in trouble. Is Elon Musk the problem?
-
Business7 days agoLangdock raises $3M with General Catalyst to help businesses avoid vendor lock-in with LLMs
-
Entertainment6 days agoWhat Robert Durst did: Everything to know ahead of ‘The Jinx: Part 2’
-
Entertainment6 days agoThis nova is on the verge of exploding. You could see it any day now.
-
Business6 days agoIndia’s election overshadowed by the rise of online misinformation
-
Business5 days agoThis camera trades pictures for AI poetry
-
Business6 days agoCesiumAstro claims former exec spilled trade secrets to upstart competitor AnySignal
-
Business4 days agoTikTok Shop expands its secondhand luxury fashion offering to the UK
-
Business5 days agoBoston Dynamics unveils a new robot, controversy over MKBHD, and layoffs at Tesla
