The first thing you want to do when you pull a USB drive off someone allegedly lying their way into presidential hangout Mar-a-Lago is plug it in your computer. Oh, wait, maybe don't do that?

A woman by the name of Yujing Zhang was arrested on March 30 attempting to bluff her way into Donald Trump's private Florida club. In addition to two Chinese passports, the New York Times reported that she carried with her four cell phones, a hard drive, and a USB drive infected with malware. And, according to the Miami Herald, U.S. government officials straight up plugged that bad boy into a computer — a bit of news that generated some serious double takes in the infosec community.

"[Secret Service agent Samuel Ivanovich] stated that when another agent put Zhang’s thumb-drive into his computer, it immediately began to install files, a 'very out-of-the-ordinary' event that he had never seen happen before during this kind of analysis," reports the Herald. "The agent had to immediately stop the analysis to halt any further corruption of his computer, Ivanovich said."

in todays episode of: the government discovers a thing that hackers have been using as a tool and in awareness training for almost ten years... — D̒͂̕ᵈăᵃn̕ᶰ Ť̾̾̓͐͒͠ᵗe͗̑́̋̂́͡ᵉn̅ᶰtᵗl̀̓͘ᶫe̓̒̂̚ᵉrʳ (@Viss) April 8, 2019

Pretty sure this is not what they meant when they said "taking a bullet for the president." This is infosec training 101, and could have just as easily corrupted the evidence as the other way around. pic.twitter.com/ME2RWqTyjV — briankrebs (@briankrebs) April 8, 2019

Reminder: USSS has a big piece of computer crime investigations.



😨 https://t.co/RMCMD7ErLM — emptywheel (@emptywheel) April 8, 2019

You would think after the Brazil incidents the secret service would have better dongle protocol https://t.co/G9SEZ5Wskq — zedster (@z3dster) April 8, 2019

It's widely understood that plugging in random USBs is never a great idea, as they have a non-zero chance of containing malware. So, it's of course possible that Zhang's thumb drive was just like every other thumb drive and happened to contain some malicious files — as opposed to malware specifically designed to spy on the president or the club where he spends so much of his time.

It's possible, but as the New York Times reported on April 8, Zhang's hotel room contained some other interesting items discovered in a search that suggest it's also decidedly not possible. Namely, nine additional USBs, five SIM cards, $8,000 in cash, and a radio-frequency device used to find hidden cameras.

However, all may not be terrible in the land of U.S. government cybersecurity. While at first glance plugging in Zhang's sketchy USB drive may look like a case of a monumental security screw-up, if a cybersecurity expert were to plug it into a specific computer with the goal of checking it for malware, then we would say they were doing their job.

This, thankfully, looks to be what happened here — a fact made clear by a clarifying sentence in a New York Times article.

"Mr. Ivanovich testified that the computer analyst who reviewed Ms. Zhang’s devices said that the thumb drive she was carrying had immediately begun installing a program on his computer," it explains.

In other words, a computer analyst plugged the device in specifically in order to review it. Which, hey, perhaps all is not lost after all.