Yottabytes: Storage and Disaster Recovery

Apr 16 2019   9:09AM GMT

Dear Secret Service: Don’t Poke USB Sticks in Things

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

Tags:
government
Security

The Secret Service is scrambling to prove that its agents are, too, competent and know better than to poke USB sticks in things.

As you probably know, a Chinese woman was caught at President Donald Trump’s Mar-a-Lago resort with four cellphones, nine thumb drives, a laptop and an external hard drive, as well as multiple passports and so on. In the initial reportage of this, there was a throwaway line about the Secret Service discovering that the USB stick had malware –not just malware, but “malicious malware,” because that’s worse — by putting it in one of their computers and then yanking it out again.

Because that always works.

“Secret Service agent Samuel Ivanovich, who interviewed Zhang on the day of her arrest, testified at the hearing,” wrote the Miami Herald. “He stated that when another agent put Zhang’s thumb drive into his computer, it immediately began to install files, a ‘very out-of-the-ordinary’ event that he had never seen happen before during this kind of analysis. The agent had to immediately stop the analysis to halt any further corruption of his computer, Ivanovich testified.”

Predictably, the Internet had kittens about how insecure that was and didn’t the Secret Service know better than to poke strange USB sticks in things?

At this point, the Secret Service started protesting. No, no, no, the Secret Service guy didn’t put the USB stick in his own laptop! He knows better than that! He meant to do that! It was a separate laptop with nothing in it and not hooked up to the Internet!

“A law enforcement source tells me that investigation was conducted according to protocol: A Secret Service agent loaded the drive onto a stand-alone computer that was segregated from government networks and watched as it did what malware is supposed to do — infect files and try to steal information,” writes Joseph Marks in the Washington Post.

Okay, says the security community. If that’s the case, and he did it on purpose, then why did he yank it out again, as if in a panic? Why didn’t he leave it in to finish seeing what the malware would do?

“In a lab, you want that malicious behavior to happen to its full level of badness so you can study how it operates,” Jake Williams, founder of the cybersecurity company Rendition Infosec, told Marks. “If he yanked the USB drive out to prevent further contamination, that’s highly indicative this wasn’t in a lab.”

There hasn’t been an answer to that one. “The Secret Service declined to comment about the disconnect between the agent’s actions and what cybersecurity experts described as standard procedure when investigating malware, citing the ongoing investigation,” Marks writes.

Incidentally, the head of the Secret Service, Randolph Alles, has lost his job, but we’re told that that was happening anyway and wasn’t related to this. “Alles was asked to plan his departure prior to Zhang’s arrest, two people familiar with the matter said,” writes Fortune. Oh, good. That’s reassuring.

It should really go without saying at this point: Don’t poke strange USB sticks in things.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: