Secret Service learns why you don't plug strange USB drives into computers

Well, the FBI, CIA, and NSA should. I’m not sure the Secret Service should be doing any kind of investigation.

I probably should have just used a picture of his toilet.

There was a missing > that turned a line into a HTML tag. I fixed it.

Hey you! We are the secret service! We are detaining you because you seem to be carrying something that looks like unidentified drugs!

Following procedure, I’m going to ingest samples, here on the spot, of all the substances you carry, just to make sure they are drugs!

The stick detected that the laptop was running Windows and was preparing to upgrade it to Linux.

I… actually quite like them. They put me in mind of the decorations in mosques for some reason.

Just one little character can fuck everything up.

Ars has an update to the story here, although the SS’s version still seems off :

"A Secret Service official speaking on background told Ars that the agency has strict policies over what devices can be connected to computers inside its network and that all of those policies were followed in the analysis of the malware carried by Zhang.

“No outside devices, hard drives, thumbdrives, et cetera would ever be plugged into, or could ever be plugged into, a secret service network,” the official said. Instead, devices being analyzed are connected exclusively to forensic computers that are segregated from the agency network. Referring to the thumb drive confiscated from Zhang, the official said: “The agent didn’t pick it up and stick it into a Secret Service network computer to see what was on it.” The agent didn’t know why Ivanovich testified that the analysis was quickly halted when the connected computer became corrupted."

But that’s what cops do in the movies. Cocaine? Om nom nom.

Apparently 86 people asked Microsoft why Windows 10 wouldn’t automatically mount their usb drives https://answers.microsoft.com/en-us/windows/forum/windows_10-hardware/windows-10-does-not-automatically-mount-my-usb/f190dcbb-6a4c-414e-a5de-ca7269e7b656

Other than the clashing plinths and foliage covered statues on the sides, i quite agree with you. The main structure is nice.

this one time I was in Vegas? … it was like, Defcon or something?

there were free USB keys scattered everywhere… i dont know why.

It’s been argued that this “Secret Service guys are doofuses” story was deliberately tossed out there right at the same time the Tangerine Shaitgibbon did his DHS purge, including the head of the Secret Service.

Yeah, it was so not “very out-of-the-ordinary” that I question the competence of the agents involved here. And everything they’ve revealed about this woman has innocent explanations. It really feels like a misunderstanding that they’re trying to turn into a major security threat to save face. (Wouldn’t be the first time that happened.)

I’m surprised they aren’t plastered with the family coat of arms he stole. (He bought Mar-a-Lago from someone who had their family crest on display there. He liked it so much, he started using it for his businesses, despite the fact that it’s not his to use…)
But yeah, Trump is the ultimate believer in “dictator chic.”

You joke, but I’ve heard more than one story about cops up into the '80s doing that - touching the drugs and tasting them to identify, probably because they saw it in a movie. Which turned out hilariously when the drug was LSD - hippies driving off after being pulled over, the cop tripping balls by the roadside.

There’s all sorts of fishy about this, including four hours of missing recorded interrogation audio.

“As part of Monday’s hearing, Secret Service agent Samuel Ivanovich testified about his questioning of Zhang and acknowledged a major misstep in the investigation’s early hours. The agent said he documented about four hours of questioning on video, but when investigators played it back, they realized audio of the conversation had not recorded.”

If I wanted to view the contents of an unknown USB stick (having previously taken it apart to ensure it’s clearly digital logic and not a DC-DC converter or voltage multiplier) I would use a system that is running Linux, with automounting disabled and no network connection.

More important than the OS is the architecture: not x86, x64 or ARM; Instead SPARC, SuperH or Power, which would probably be some of the safer options as they are very uncommon, and the likelyhood that any present malware (or USB stack exploit + payload) would be able to run on them low.

What seems to not be cropping up in a lot of the reporting is that it was.

New York Times’ Nicholas Fandos tweeted on Monday that a “law enforcement official familiar with the investigation” had clarified the machine in question was a “controlled, off-network device” at the Secret Service field office in Miami, and that no sensitive system would have been compromised.

The issue seems to be that it wasn’t one of these.

Sounds like they were checking the suspicious thumb drive on the computer you check the suspicious thumb drive on. But he did it wrong.

They were actually founded specifically as a federal agency to police and investigate counterfeiting of US currency, and it’s still part of their purview. But I dunno that they’re exactly set up for the whole “cyber” thing. Should have called Baron.

Secret Service agent Samuel Ivanovich

One of Vlad’s boys?

How does malware install itself by the act of mounting a usb drive? I’ve never understood how that works.

Someone mentioned up above that it’s installing device drivers, but surely you wouldn’t go to the USB drive itself and ask it for the proper device driver. Maybe the OS has inspected the USB interface profile and began downloading RNDIS or CDC-ECM drivers on order to mount the drive? But that’s not executing code on the drive itself.

USB is fairly neutral from a security standpoint (unlike FireWire which actually allowed peripheral-side DMA to and from kernel-space memory.) The big danger used to be plugging in phones and other hardware to anonymous USB charging stations.

Unless Microsoft still uses auto-run installers? OMFG. That would be so hilarious. The more things change, the more useless Microsoft becomes.