Computing

After collaring a woman who got past security at Mar-a-Lago (described by Chris Hayes as President Donald Trump’s “bribery palace“) the Secret Service found a USB drive in her possession. So they stuck it in a computer to see what was on it.

From the Miami Herald:

Secret Service agent Samuel Ivanovich, who interviewed Zhang on the day of her arrest, testified at the hearing. He stated that when another agent put Zhangs thumb-drive into his computer, it immediately began to install files, a very out-of-the-ordinary event that he had never seen happen before during this kind of analysis. The agent had to immediately stop the analysis to halt any further corruption of his computer, Ivanovich said. The analysis is ongoing but still inconclusive, he testified.

Experts say don’t do that.

Jake Williams, founder of Rendition Infosec and former NSA hacker, criticized the agents actions threatened his own computing system and possibly the rest of the Secret Service network.” …

Williams said the best way to forensically examine a suspect USB drive is by plugging the device into an isolated Linux-based computer that doesn’t automatically mount the drive to the operating system.

We would then create a forensic image of the USB and extract any malware for analysis in the lab, he said. While there is still a very small risk that the malware targets Linux, that’s not the normal case.

Read More

Welcome to Washington IT Solutions