advertisement
Forums

 

AAPL stock: Click Here

You are currently viewing the 'Friendly' Political Ranting forum
Annals Of The Police State, Secret Service edition.....
Posted by: max
Date: April 08, 2019 10:25PM
Quote

AMATEUR HOUR
Techies Snicker at Secret Service Agent’s Mar-a-Lago Malware.
A Secret Service agent investigating Yujing Zhang’s visit to Mar-a-Lago infected one of the agency’s own computers with the malware carried in by the unannounced Chinese national, a move that provoked wide derision Monday from computer security professionals.

“You don’t put an unknown USB into your computer,” said Chris Wysopal, chief technology officer at Veracode. “That’s in all the training everyone gets, even in your dumb corporate training. You even tell your mom that.”....
In a sworn affidavit filed at Zhang’s arrest, the agency said it discovered the “malicious malware” during a “preliminary forensic examination” of the thumb drive. The new details that emerged at a hearing in West Palm Beach sound a lot more like the Secret Service just plugged the USB drive into one of its computers.

The biggest giveaway is that the review was cut short when the examining agent noticed “a file” installing itself on the agent’s machine. “He stated that he had to immediately stop the analysis and shut off his computer to halt the corruption,” testified the Secret Service’s Samuel Ivanovich, according to The New York Times. The thumb drive’s behavior was “very out of the ordinary,” Ivanovich added.
Options:  Reply • Quote
Re: Annals Of The Police State, Secret Service edition.....
Posted by: cbelt3
Date: April 09, 2019 08:58AM
All silly snickering aside, but what he did is EXACTLY what you do as a first check for malware. Of course you do it on a disconnected 'clean' computer which is maintained specifically for that purpose. And you run a load of monitoring stuff on that test computer. Which they did.

Sounds like good computer forensics to me.
Options:  Reply • Quote
Re: Annals Of The Police State, Secret Service edition.....
Posted by: Blankity Blank
Date: April 09, 2019 11:33AM
Quote
cbelt3
All silly snickering aside, but what he did is EXACTLY what you do as a first check for malware. Of course you do it on a disconnected 'clean' computer which is maintained specifically for that purpose. And you run a load of monitoring stuff on that test computer. Which they did.

Sounds like good computer forensics to me.
Is there any way to sandbox questionable devices by running virtual machines on the ‘mother’ air gapped hardware and using one of the VMs as the device handling the foreign device?
Options:  Reply • Quote
Re: Annals Of The Police State, Secret Service edition.....
Posted by: max
Date: April 09, 2019 04:35PM
Quote
cbelt3
All silly snickering aside, but what he did is EXACTLY what you do as a first check for malware. Of course you do it on a disconnected 'clean' computer which is maintained specifically for that purpose. And you run a load of monitoring stuff on that test computer. Which they did.

Sounds like good computer forensics to me.

Not really, cbelt, not on your own computer, it was anything but good computer forensics....
Quote

“You don’t put an unknown USB into your computer,” said Chris Wysopal, chief technology officer at Veracode. “That’s in all the training everyone gets, even in your dumb corporate training. You even tell your mom that.”
Wysopal’s tweet highlighting the apparent gaffe earned more than 3,000 retweets Monday, as the computer security community executed a collective face-palm. “Whoa! Never seen that USB execution thing before!” quipped Kaspersky researcher Kurt Baumgartner. “Sounds like an agent trying to crack the case before the cyber team got there,” opined Eric O’Neill, a former FBI surveillance specialist.
In a sworn affidavit filed at Zhang’s arrest, the agency said it discovered the “malicious malware” during a “preliminary forensic examination” of the thumb drive. The new details that emerged at a hearing in West Palm Beach sound a lot more like the Secret Service just plugged the USB drive into one of its computers.
The biggest giveaway is that the review was cut short when the examining agent noticed “a file” installing itself on the agent’s machine. “He stated that he had to immediately stop the analysis and shut off his computer to halt the corruption,” testified the Secret Service’s Samuel Ivanovich, according to The New York Times. The thumb drive’s behavior was “very out of the ordinary,” Ivanovich added.
Forensics examiners don’t usually interrupt malware when it’s in the middle of giving itself away, security experts point out. “For all you know, if the thing is doing something, and you pull it out, it might detect that it’s been seen,” said Wysopal. “Forensically it makes no sense.”
“Let it run,” said Michael Borohovski, co-founder of Tinfoil Security and an intelligence-community veteran. Borohovski notes that a professional forensic environment runs within a virtual machine where there’s no concern of infection. “Watch it run. Attach a debugger. Then restore your safe snapshot and do it all over again to your heart’s content.”




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"We know that no one ever seizes power with the intention of relinquishing it. Power is not a means, it is an end.
One does not establish a dictatorship in order to safeguard a revolution;
one makes the revolution in order to establish the dictatorship."
Options:  Reply • Quote
Re: Annals Of The Police State, Secret Service edition.....
Posted by: Speedy
Date: April 09, 2019 07:22PM
Should have used a Mac.



Saint Cloud, Minnesota, where the weather is wonderful even when it isn't.
Options:  Reply • Quote
Re: Annals Of The Police State, Secret Service edition.....
Posted by: bfd
Date: April 10, 2019 12:29AM
Quote
Speedy
Should have used a Mac.

And was probably using a 20-year-old Treo or Blackberry…
Options:  Reply • Quote
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 314
Record Number of Users: 52 on November 20, 2014
Record Number of Guests: 2330 on October 25, 2018