It turns out that Yujing Zhang, the Chinese woman arrested when she tried to enter President Donald Trump’s private Mar-a-Lago club in Palm Beach, Florida, on 30 March, had a number of suspicious devices in her hotel room – as in, tools good for inflicting malware and spying, and more than $8,000 in cash, all suggesting that she was here for espionage.
As it was, she was carrying four cellphones, a thumb drive containing malware, and other electronics when she breached security at President Trump’s private Florida club. In getting past multiple security checkpoints, she first told US Secret Service agents that she was bound for the hotel’s pool.
Then, supposedly confused by a language barrier that came and went as Zhang used and then apparently forgot competent, nuanced English, Mar-a-Lago staff thought she might be the daughter of a club member with the same last name – one that’s common in China. Next, Zhang told Secret Service agents that she was headed for some kind of United Nations Chinese American Association event that night… or, as she said in her next version, a “United Nations Friendship Event” between the US and China.
As the Miami Herald reports, during a bond hearing in a Florida federal court on Monday, federal prosecutor Rolando Garcia said that a search of Zhang’s room yielded still more gadgetry: a “signal-detector” device used to reveal hidden cameras, USD $7,500 in $100 bills, $663 in Chinese currency, nine USB drives, five SIM cards and other electronics.
…and no swimsuit.
CNN quoted Garcia during the hearing, which was held to determine whether Zhang would be released on bail:
She lies to everyone she encounters.
Zhang was charged with two counts: making false statements to federal authorities and a misdemeanor offense of entering a restricted area without authorization. She hasn’t been charged with offenses that could be associated with international spying, but an FBI counterintelligence squad is investigating the incident as part of a broader investigation into Chinese espionage, and prosecutors are treating Zhang’s case as a national security matter, sources told the Miami Herald.
Malware-containing thumb drive
At Monday’s hearing, Secret Service agent Samuel Ivanovich – who interviewed Zhang on the day of her arrest – testified that when a Secret Service agent plugged Zhang’s USB drive into his personal computer, it immediately began to run a program. From the Miami Herald:
[Ivanovich] stated that when another agent put Zhang’s thumb-drive into his computer, it immediately began to install files, a “very out-of-the-ordinary” event that he had never seen happen before during this kind of analysis. The agent had to immediately stop the analysis to halt any further corruption of his computer, Ivanovich said.
Ivanovich said in an affidavit that a preliminary forensic examination of the thumb drive has determined that it contained malware.
Zhang’s federal public defender, Robert Adler, denied that his client had any devices that could be used for spying.
Why would anybody plug that drive in outside of a forensics lab?
According to Ivanovich’s court testimony, an agent plugged an unknown, potentially malware-carrying device into a computer that presumably was used for official Secret Service work, instead of into a system rigged up for computer forensics – hence, what sounds like a hasty pull-out of that drive when it started running a program.
The apparent lack of security hygiene used by the Secret Service is concerning. Jake Williams, a former hacker for the National Security Agency (NSA) who’s now a cofounder of Rendition Infosec:
As a taxpayer, I'm very concerned about where Agent Ivanovich's laptop is and where it's been since he plugged a malicious USB into it. If this was the Secret Service quick reaction playbook, perhaps Zhang planned to get caught all along (not joking).https://t.co/Vz9qiuKvFM pic.twitter.com/M5mwBm6wam
— Jake Williams (@MalwareJake) April 8, 2019
If the drive had been plugged into an air-gapped system, the agent wouldn’t have had any reason to pull it out to “halt any further corruption of his computer,” Williams points out. He compared it to the USB drive that carried the Stuxnet malware. Both Stuxnet and Conficker could execute malicious code even with AutoRun and AutoPlay disabled, without user interaction.
Ivanovich testified on Monday that the analysis of the thumb drive is “ongoing but still inconclusive.”
According to the Washington Post, a law enforcement official said the computer wasn’t part of a government data network, and no sensitive information was put at risk.
Mr McNoname
WTF was a Secret Service agent trying to access that drive on his issued PC? What a f***ing idiot….. Secret Service…. The secret is they are inept and bumbling. How did that woman get passed the front gate?!
Dave
So you are surprised that someone working for Trump was incompetent at his job?
Anonymous
Y’know, I don’t really care which political figures people like or don’t like… I’ve got friends on the Left and the Right and plenty in the middle. The one thing I appreciate about the Spiceworks community forums is that they seem to be the one last public space devoid of the INCESSANT snarky comments and condescension (in both directions) that are now hopelessly endemic to every single other platform. Please don’t start making this place like everywhere else.
B.K.
Yes Dave everyone working for Trump is incompetent of course…or it could have been an Agent hired under the previous Admin. You think they all get changed out with a new POTUS. That’s some real critical thinking there… Your shoes are Velcro aren’t they?
Anonymous
was gonna say the same thing. Why the hell would they test it on their company PC? Lmao, pretty sure thats the same reason the villain in Skyfall was able to hack the entire system in the movie.
Anonymous
She got by the front gate very easily, she acted like she belonged there. That’s 1/2 the battle in social engineering.
Rama Wilson
To be fair, there are probably a lot of foreign agents visiting Mar-a-lago … ;)
Kim K
Several years ago when we moved to our house in the country, my husband and I were walking in the woods and came across some racoon scat. For reasons I still do not understand, my hubby was fascinated and smelled it — then continued to pester me to smell it, claiming some insight / information could be gathered this way. When we returned to the house, I looked up racoons in one of those small animal guide books. THE VERY FIRST LINE of the description said “Do not smell racoon scat. You could get sick.”
So I guess this was one of those “Don’t smell the poop” moments we often laugh about now. Where your better sense leaves, temporarily.
Bryan
Great story–and oddly topical–thanks for sharing!
The very first instruction is to not smell the poo? I’ve been doing the outdoors wrong the whole time.
Anonymous
USB Thumb Drive Analysis as seen in Skyfall before…