The already suspicious account of a Chinese national who allegedly carried four cellphones, a thumb drive containing malware, and other electronics as she breached security at President Trump's private Florida club just grew even more fishy.Zhang was in court Monday to decide if she gets bail. The Feds argue that she's a flight risk because she has no ties to the US and (direct quote), "She lies to everyone she encounters." None of this seem particularly weird.
The possessions in Zhang's hotel included five SIM cards, nine USB drives, yet another cell phone, and a signal detector that could scan an area for hidden cameras, according to reports widely circulated Monday. In addition to the electronics, Zhang's hotel room also contained more than $8,000, with $7,500 of it in US $100 bills and $663 in Chinese currency, The Miami Herald reported.
The first thing that seems weird is that in addition to the "signal detector that could scan an area for hidden cameras" (probably something like the eBay "bug detectors" that receive on frequencies common cameras use) is the sheer volume of hardware she was carrying. When she was first stopped, she was carrying two Chinese passports, four cellphones, a laptop computer, an external hard drive, and a thumb drive. Back at the hotel where she was staying they found a fifth cellphone, five SIM cards, and nine more thumb drives. $7500 in $100 bills and another $663 in Chinese currency seems like expense money. The thing that stands out as really unusual is the particularly nasty malware on that thumb drive they grabbed a Mar-a-Lago. According to Ars, quoting the transcript from the hearing:
Secret Service agent Samuel Ivanovich, who interviewed Zhang on the day of her arrest, testified at the hearing. He stated that when another agent put Zhang's thumb-drive into his computer, it immediately began to install files, a "very out-of-the-ordinary" event that he had never seen happen before during this kind of analysis. The agent had to immediately stop the analysis to halt any further corruption of his computer, Ivanovich said. The analysis is ongoing but still inconclusive, he testified.I'm nowhere near expert on tradecraft and I couldn't tell you if this seems like she's a Chinese agent, a freelancer, or working for a domestic Democratic candidate. It does seem like this is a bit more than casual. A noteworthy exchange during the bond hearing went like this
Adler, Zhang’s attorney, pushed back during the hearing on the idea that she was a spy.Adler's line is stupid. A pencil can be "associated with espionage activities". Garcia saying, "we never said she was a spy" is also stupid. Especially because he also said he wouldn't rule out charging her with that later, or "more serious charges."
“She did not have the type of devices that can be associated with espionage activities,” he said.
Garcia, the prosecutor, replied that “there is no allegation [in the criminal complaint] she was involved in espionage ...”
This is the very beginning of the beginning; think page 2 of a 400 page novel. I wanted to believe that agent Ivanovich's partner, the one who plugged the USB stick into a laptop, wasn't using just a regular agency laptop, but rather one that was air gapped to any other SS machine, and was to be used for this purpose. However, he specifically said, "... had to immediately stop the analysis to halt any further corruption of his computer" and that quote doesn't go together with using a special computer designed for forensic examinations.
I'd like to think the Secret Service is not so dumb they're going to plug a piece of irreplaceable evidence that could contain anything into a plain agency laptop, but it seems like they did. Jake Williams, a former hacker for the National Security Agency who is now a cofounder of Rendition Infosec, said on Twitter, "As a taxpayer, I'm very concerned about where Agent Ivanovich's laptop is and where it's been since he plugged a malicious USB into it. If this was the Secret Service quick reaction playbook, perhaps Zhang planned to get caught all along (not joking)."
A Secret Service official speaking on background told Ars that the agency has strict policies over what devices can be connected to computers inside its network and that all of those policies were followed in the analysis of the malware carried by Zhang.I've never seen a word about any computers being compromised at Mar-a-Lago, although I seriously doubt they would tell us. Oh, and "they say" that the head of the Secret Service, Randolph ‘Tex’ Alles, stepping down has nothing to do with this.
"No outside devices, hard drives, thumbdrives, et cetera would ever be plugged into, or could ever be plugged into, a secret service network," the official said. Instead, devices being analyzed are connected exclusively to forensic computers that are segregated from the agency network. Referring to the thumb drive confiscated from Zhang, the official said: "The agent didn’t pick it up and stick it into a Secret Service network computer to see what was on it." The agent didn't know why Ivanovich testified that the analysis was quickly halted when the connected computer became corrupted.
Again, it's very early in the story. Everything we think we know is probably wrong.
Mar-a-Lago, White House Photo