Digital threats don’t always arrive via email or complex hacks. The arrest of a Chinese citizen carrying a malware-infected thumb drive at Mar-a-Lago is a reminder that candy drops remain an effective hacker tactic.
Rob Thubron with TechSpot released the details on the possible candy drop: Court documents allege that 32-year-old Yujing Zhang approached secret service agents at a checkpoint outside the club on March 30, claiming she was a member and wanted to use the pool. She used the two Chinese passports she was carrying as identification, and “due to a potential language barrier issue,” staff believed she was related to a club member with the same family name and let her in.
Zhang changed her story when she made it inside, telling a receptionist that she was there to attend a “United Nations Chinese American Association” event supposedly taking place that evening, but no such event was scheduled. She then claimed to have arrived early so she could “familiarize herself with the property and take pictures.”
This obviously made the receptionist suspicious, so Zhang was escorted off the property and taken to the local secret service office for questioning. She said someone called “Charles,” whom she only knew through a Chinese social media app, told her to travel from Shanghai to the non-existent UN event. The affidavit said Charles had also asked Zhang to speak to a member of Trump’s family about Chinese-American economic relations.
Malware USB Drive
In addition to the malware-loaded USB drive and two passports, Zhang was also carrying four mobile phones, a laptop, and an external hard drive, but no swimming gear. She also appeared to struggle with English at first, but “freely and without difficulty conversed” with agents later, becoming “verbally aggressive.”
While Trump was staying at Mar-a-Lago at the time, he was at his International Golf Club when Zhang arrived. It appears the pair were never close to each other at any point.
Zhang is charged with making false statements to federal agents and illegally entering a restricted area, for which she could face five years in prison. Her true motives remain unclear.
Don’t Fall For Simple Tricks
According to Joseph Marks with PowerPost, Zhang’s suspicious cargo serves as a reminder that sometimes even simple tricks can be incredibly effective at stealing information or disrupting data. It also underscores the complexities of providing cybersecurity for a president who loves to visit his other properties.
Thumb drives remain a popular method for digital attacks because they get around common computer defenses that are more likely to trust something a person inserts directly into the computer.
While secure sites such as the White House are likely well-protected against thumb drive attacks, Mar-a-Lago has to balance security with the convenience of a lot of guests who aren’t the president of the United States, notes Mark Rasch, a former federal computer crimes prosecutor.
Candy Drop Threat
“You’re only as secure as your weakest link,” Rasch told PowerPost, “Thumb drives have become such a common method for spreading malware that digital investigators have given the tactic a name.”
They call it a “candy drop” when intelligence agents or criminals leave infected thumb drives in an organization’s parking lot — hoping people who work there will pick them up and plug them into computers.
As of 2011, USB tactic was quite effective
That year, the Homeland Security Department tested government employees by leaving flash drives in parking lots, according to a Bloomberg News report. The results: About 60 percent of the devices were plugged into computers, and that rose to 90 percent if the devices had an official government logo on them.
Malware-infected thumb drives are so common, in fact, that someone who’s caught with one is as likely to be a victim of hacking as a perpetrator, cautioned Rasch.
Marks, Joseph. (2019, April 3). The cybersecurity 202: Arrest at Mar-a-Lago spotlights simple but pervasive threats of thumb drives. PowerPost.
Thubron, Rob. (2019, April 3). Chinese woman carrying malware-loaded USB drive arrested at Trump’s Mar-a-Lago resort. TechSpot.