Posted on 04/08/2019 5:00:39 PM PDT by edwinland
A US Secret Service agent inserted a USB drive infected with "malicious malware" into his laptop after the hardware was confiscated from a Chinese woman who was arrested late last month after attempting to gain entry to President Donald Trump's Mar-a-Lago resort.
Agent Samuel Ivanovich testified in court on Monday that he put the thumb drive into his own computer, and it began installing files in a "very out-of-the-ordinary" way. He quickly stopped his analysis of the drive, the Miami Herald reported.
(Excerpt) Read more at businessinsider.com ...
I worked for a company and was known to be tech savvy. And one day the Credit Manager came to me and asked if I had a virus checker and if I would check his machine. Sure enough he had a virus.
The computer security guys had come around with a floppy drive insisting on checking everyone’s computer. The Credit Manager had protested because he doesn’t connect to anything with that PC, but they insisted.
Turns out they were using an unprotected floppy to check everyone’s computer and they were spreading the virus as they went.
Classic!!!
I hope and pray that former agent was not part of their IT or technical services group. Those guys have to, have to be smarter than that. With an unknown entity like a drive from a suspected agent you would not touch it until you had an isolated and locked down system. On unix or linux that would mean not even mounting it. First step would be to create an image then lock away the drive as evidence. Then start analyzing copies of the image. But always on an isolated system.
I think this is part of the reason Trump canned the SS head. An obvious lack of proper procedures and evidence-handling protocol.
Firings will continue until performance improves.
Dont be a hero!
What a moron. You know they have to have NSA geeks on call 24/7/365 for just such situations.
No, you cannot let anything execute from the drive. First thing it might do is load into memory then wipe the contents of the drive. That’s a great way to destroy evidence. I would image the drive then analyze copies in isolation. Maybe, eventually “load” a copy on an isolated and instrumented system to see what it tried to do.
Gub’ment employee.
It very likely was a system with no data on it and not connected to the internet.
I had a friend who picked up a stalker this way.
I used one of my nothing computers I could easily wipe clean afterward to test it.
It helped find the stalker.
He should serve time.
I am a computer moron and even I know that you do NOT ever, ever, ever insert a strange USB.
I think I’ll try to get an interview with USSS.
Unless he knew it was a secured PC, am I right?
Read a more complete article. According to the Fox News article, it was a stand alone computer not connected to any network.
Makes me wish for the days when these clowns just cavorted with hookers. Then, they could only infect themselves with a virus.
Hilarious!!
Wonder which OS?
I worked in IT Security with some spooky dudes, including some who were quite famous. Even tho pretty much every company has someone with IT Security in their title or job description, the fact of the matter is that the bulk majority of the “security professionals” in the US today are woefully undertrained and lack useful experience. If you really want to find out how good someone is, ask if they have done 1) a physical security assessment of their company (i.e, they know how someone can physically compromise building security). 2. Managed and external threat assessment (i.e, hired a company to see if they can break in and how they did it). 3. Have an active response team, and have participated in Red Team/Blue Team exercises (Red Team employees pose as hackers and try to breach the company systems while Blue Team employees monitor for attacks and actively work to foil attacks). Finally, what do they do to train non-security staff in how to minimize exposure thru Security training. If you get blank looks on any of these, find another candidate.
And Billy, keep your head low.
Of more concern are USB drives that destroy a computer via a burst of high voltage from a specialized capacitor. Rare, but these malicious USB sticks exist.
re: your 1) - I worked at a company about a decade ago where our office security could be compromised with a manila folder. I proved it to some of my coworkers one afternoon and they decided not to leave anything of personal value at the office after that.
Yet another example of Secret Service ineptitude. So happy the President has acted to replace a director who apparently had retired in place.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.