Posted on 04/08/2019 5:00:39 PM PDT by edwinland
A US Secret Service agent inserted a USB drive infected with "malicious malware" into his laptop after the hardware was confiscated from a Chinese woman who was arrested late last month after attempting to gain entry to President Donald Trump's Mar-a-Lago resort.
Agent Samuel Ivanovich testified in court on Monday that he put the thumb drive into his own computer, and it began installing files in a "very out-of-the-ordinary" way. He quickly stopped his analysis of the drive, the Miami Herald reported.
(Excerpt) Read more at businessinsider.com ...
Billy, dont be a hero, come back to me! Great song BTW.
There has been no secure chain of custody for the USB drive. Will it still be admissible as evidence against the spy?
Yes. In fact you can build a "thumb drive" which carries along a simulated keyboard and use it to enter any commands you want, as well as deliver code.
The software that supports USB devices is not designed to be a hardened interface point to a computer.
Thanks for the link. The Smart Guys think its a serious threat.
But ...I still wonder how even a custom thumb drive with a built in CPU can start the execution of a file on that same thumb drive given an operating system that will not execute anything without user action.
But what Im really wondering is: Did the idiot Secret Service Guy try to run one of the files on the thumb drive.
Yes. In fact you can build a “thumb drive” which carries along a simulated keyboard and use it to enter any commands you want, as well as deliver code.
+++++
Yikes. Now Ill never look at thumb drives the same way I did
Best explnation Ive read..
” using special tools on hardened and isolated laptops.”
What if an Agent wants the FBI to buy him a new laptop?
:-)
Relatively harmless to computers not involved in uranium enrichment.
When it infects a computer, it checks to see if that computer is connected to specific models of programmable logic controllers (PLCs) manufactured by Siemens. PLCs are how computers interact with and control industrial machinery like uranium centrifuges. The worm then alters the PLCs' programming, resulting in the centrifuges being spun too quickly and for too long, damaging or destroying the delicate equipment in the process. While this is happening, the PLCs tell the controller computer that everything is working fine, making it difficult to detect or diagnose what's going wrong until it's too late.
Unlikely as it would most likely be re-formated, re-imaged and returned to the agent.
It will not work as this functionality was disabled to stop spreading malware.
So I assume he clicked on something to make it run. But if he was not connected to anything then just his computer is infected with the malware, period.
good points but i didnt mean to allude to the actual virus Stuxnet but to its assumed method of communication to the not-web-connected Iranian nuclear program. its alleged that the virus was put on a usb drive and left in the facility for some unsuspecting employee to insert into a computer out of curiosity.
p
I find it nothing short of amazing that anyone using a laptop in a professional setting like that wouldn’t have AutoStart disabled for USB.
There are security flaws in the underlying standard for USB devices.
Your "given" isn't really given.
The "AutoStart" setting in a Windows system becomes completely irrelevant in this condition. So does all of the file protection features.
You can never fully trust a computer system once it has been compromised. There are specialized malware payloads which can survive even reformatting and re-imaging, because they modify the firmware BIOS of the system.
Compromised systems used in critical security applications would most likely be physically destroyed as a matter of policy. Surely, the Government has lots of money for replacements....
That’s all good, but since Windows 7 you could no longer have an autorun.ini automatically run from a USB as that functionality was disabled to prevent the spread of malware through a USB. The Iran computers were first infected in 2007 and not discovered until 2010. The Windows operating system being used in 2007 was pre Windows 7. Thus you can’t do it by just inserting it anymore. He had to have clicked on something that started the attack on his computer.
My estimation was not based on what should be done, but rather based on my level of experience with FBI / SS IT personnel.
Makes one wonder how long this bozo has been on the job. Sounds like some of obamy’s guys.
“Something doesnt sound right. Her cover story is TOO thin to be a real spy.
Does she work for Huawei?
Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
FF???
Competitor of huawei?? maybe?
You are confirming my vague impression that the bureaucrats do not consider operations of the Secret Service to be a "critical security application".
I hope there are some changes going on right now behind the scenes.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.