Techies Snicker at Secret Service Agent's Mar-a-Lago Malware

[InfoSec News <alerts () infosecnews org>]

https://www.thedailybeast.com/secret-service-agent-infects-own-computer-with-mar-a-lago-malware-and-tech-community-snickers

By Kevin Poulsen
The Daily Beast
04.08.19

A Secret Service agent investigating Yujing Zhang's visit to Mar-a-Lago 
infected one of the agency's own computers with the malware carried in by the 
unannounced Chinese national, a move that provoked wide derision Monday from 
computer security professionals.

"You don’t put an unknown USB into your computer," said Chris Wysopal, chief 
technology officer at Veracode. "That's in all the training everyone gets, even 
in your dumb corporate training. You even tell your mom that."

Wysopal's tweet highlighting the apparent gaffe earned more than 3,000 retweets 
Monday, as the computer security community executed a collective face-palm. 
"Whoa! Never seen that USB execution thing before!" quipped Kaspersky 
researcher Kurt Baumgartner. "Sounds like an agent trying to crack the case 
before the cyber team got there," opined Eric O’Neill, a former FBI 
surveillance specialist.

In a sworn affidavit filed at Zhang's arrest, the agency said it discovered the 
“malicious malware” during a “preliminary forensic examination” of the thumb 
drive. The new details that emerged at a hearing in West Palm Beach sound a lot 
more like the Secret Service just plugged the USB drive into one of its 
computers.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_