Secret Service Agent Infects Own Computer With Mar-a-Lago Malware, and Tech Community Snickers – The Daily Beast

Secret Service Agent Infects Own Computer With Mar-a-Lago Malware, and Tech Community Snickers – The Daily Beast

A Secret Service agent investigating Yujing Zhang’s visit to Mar-a-Lago infected one of the agency’s own computers with the malware carried in by the unannounced Chinese national, a move that provoked wide derision Monday from computer security professionals.

“You don’t put an unknown USB into your computer,” said Chris Wysopal, chief technology officer at Veracode. “That’s in all the training everyone gets, even in your dumb corporate training. You even tell your mom that.”

Wysopal’s tweet highlighting the apparent gaffe earned more than 3,000 retweets Monday, as the computer security community executed a collective face-palm. “Whoa! Never seen that USB execution thing before!” quipped Kaspersky researcher Kurt Baumgartner. “Sounds like an agent trying to crack the case before the cyber team got there,” opined Eric O’Neill, a former FBI surveillance specialist.

In a sworn affidavit filed at Zhang’s arrest, the agency said it discovered the “malicious malware” during a “preliminary forensic examination” of the thumb drive. The new details that emerged at a hearing in West Palm Beach sound a lot more like the Secret Service just plugged the USB drive into one of its computers.

The biggest giveaway is that the review was cut short when the examining agent noticed “a file” installing itself on the agent’s machine. “He stated that he had to immediately stop the analysis and shut off his computer to halt the corruption,” testified the Secret Service’s Samuel Ivanovich, according to The New York Times. The thumb drive’s behavior was “very out of the ordinary,” Ivanovich added.

Forensics examiners don’t usually interrupt malware when it’s in the middle of giving itself away, security experts point out. “For all you know, if the thing is doing something, and you pull it out, it might detect that it’s been seen,” said Wysopal. “Forensically it makes no sense.”

“Let it run,” said Michael Borohovski, co-founder of Tinfoil Security and an intelligence-community veteran. Borohovski notes that a professional forensic environment runs within a virtual machine where there’s no concern of infection. “Watch it run. Attach a debugger. Then restore your safe snapshot and do it all over again to your heart’s content.”

The Secret Service didn’t respond to inquiries for this story.

Government agencies have been rightfully leery of USB drives since a Russian virus used them to infiltrate U.S. military networks on a massive scale in 2008. The same technique was also used against Iran in a partially successfully cyber attack on a uranium enrichment facility that was reportedly engineered by the U.S. and Israel.

You May Missed

Category Latest Posts