When a Chinese national was arrested at President Trump’s Florida Mar-a-Lago resort in March, the Secret Service confiscated a variety of devices from her. These included a thumb drive. Now, you might think the one thing you would not do in such circumstances is plug that thumb drive into a Secret Service computer. According to Miami Herald, you’d be wrong.
Secret Service agent Samuel Ivanovich, who interviewed Zhang on the day of her arrest, testified at the hearing. He stated that when another agent put Zhang’s thumb drive into his computer, it immediately began to install files, a “very out-of-the-ordinary” event that he had never seen happen before during this kind of analysis. The agent had to immediately stop the analysis to halt any further corruption of his computer, Ivanovich testified.
Check It Out: Secret Service 101 – Don’t Plug Random Thumb Drives Into the Computer
Reminds me of the scene in a recent Bond movie, can’t remember which one, Quantum of Solace I think, where Q puts the villains laptop into his network and mayhem breaks loose. I’m watching the moving thinking no NO NO!, don’t do that you idiot.. too late…
One simple principle applies: if you don’t know the origin of a data source, beit a floppy disk or memory stick, DON’T plug it in or load it unless you are prepared for the worst. On an isolated system.
I mention the floppy disk because I received one in the post many years ago from an unknown source, 5 and a quarter BTW. I chopped the disk in two and binned it, quipping, that’s cut out the bad sector. A few weeks later, it transpired that a mailing list had been hijacked and used to send floppies out with a Windows virus on.
Since most folk attack the operating systems with the dumbest security, plugging a USB stick into a Unix machine will most likely NOT autoplay the Windows attack vectors, giving you a chance to check the contents at a lower risk – there’s never zero risk BTW.
See what happens… I retire for a few years and these people get stupid!
Neer in my life did I do an investigation that didn’t have a “throw away” PC. I would NEVER use a production system. We would always have a system that could be burned, if necessary. Most of the time we just destroyed the drives and put in new ones.
Stupid is as stupid does!!