[ad_1]
A secret service agent investigating Yujing Zhang's visit to Mar-a-Lago has infected one of the agency's computers with the malicious program carried by the un-announced Chinese national, which caused a mockery on Monday. computer security professionals.
"You do not put an unknown USB stick in your computer," said Chris Wysopal, technology manager at Veracode. "It's in every formation that everyone gets, even in your silly business training. You even tell that to your mother.
Wysopal's tweet highlighting the apparent blunder won more than 3,000 retweets on Monday as the computer security community ran a face-palm. "Whoa! Never seen this USB run before! Lance Kurt Baumgartner, researcher at Kaspersky. "It looks like an agent trying to solve the case before the cyber-team goes there," said Eric O'Neill, a former FBI surveillance specialist.
In an affidavit sworn at the arrest of Zhang, the agency said it discovered the "malicious program" during a "preliminary medical examination" of the USB key. The new details appeared at an audience in West Palm Beach seem much closer to the fact that the secret service has just plugged the USB drive into one of its computers.
The main benefit is that the review was interrupted when the review agent noticed that a "file" was installing itself on the agent machine. "He said that he should immediately stop the analysis and turn off his computer to end the corruption," said Samuel Ivanovich, of the secret service, according to the news agency. The New York Times. The behavior of the USB key was "very unusual," Ivanovich added.
Forensic scientists do not usually stop malware when they are leaving, security experts say. "All you know, if the thing does something and you remove it, it could detect that it has been seen," Wysopal said. "Forensically it does not make sense."
"Let her run," said Michael Borohovski, co-founder of Tinfoil Security and a veteran of the intelligence community. Borohovski notes that a professional forensic environment is running in a virtual machine where infection is not a problem. "Watch him run. Attach a debugger. Then restore your secure snapshot and start again with your heart's content. "
Secret services did not respond to requests regarding this story.
Government agencies have been right to fear USB sticks since a Russian virus used them to massively infiltrate US military networks in 2008. The same technique was also used against Iran as part of 39, a partially successful cyber attack against a uranium enrichment facility allegedly designed by the United States and Israel.
"USB sticks have been implicated in many cases involving the loss of sensitive information," reads in a 2010 advisory issued by the parent agency of the Secret Service, the Department of Homeland Security. "Their small size and increasing storage capacity have largely contributed to the loss or theft of sensitive information on corporate networks."
A former secret service cyber crime officer told The Daily Beast that agents were more likely to control the device to see if it was a fake USB drive hiding some a bad thing, as the TSA's screening officers had already forced travelers to turn on their laptops. When the USB drive turned out to be real, then turned and attacked, they realized that they were above their heads.
"Most of the basic training of agents is about the way the Internet works and the basics of digital media," said Levi Gundert, Vice President of Intelligence and Risk at Recorded Future. "In general, the advice is this: if you're in a complex situation, you need to go to a qualified forensic forensic agent." The agents who practice digital forensics are all they do. "
Yujing Zhang is being detained for making false statements to federal agents and entering a restricted area. Reached by the Daily Beast, the secret services did not comment immediately on this incident. The agency is still in shock after Trump dismissed Monday the Randolph Secret Service Directory "Tex" Alles, as part of a purge of DHS leadership.
[ad_2]
Source link