In 2019, a Chinese woman, Yujing Zhang, entered President Trump’s Mar-a-Lago resort claiming she was there to use the swimming pool. However, following further questioning, since she did not come with a bathing suit, Zhang claimed that she was there to attend a United Nations Chinese American Association event. This event did not exist. Suspicion regarding her true intentions led to her arrest where it was found that Yujing Zhang was carrying two Chinese passports, a laptop, four phones and a USB drive.
Mar-a-Lago Rogue Device Based Attack
Subsequent to the discovery of the USB device, Secret Service agents tested it only to find that, when plugged into a computer, it began immediately downloading files, indicating that the USB was infected with malware. This presents two risks: humans and infected peripheral devices.
Infected peripheral devices are those which act with malicious intent but are recognized by both the human eye and the host PC as a genuine device, thereby not raising any suspicions about its true intent. As such, these devices are able to carry out their attacks whilst going undetected.
To the human eye, the device looks like a regular USB and, to the host PC, it is recognized as a fully functional HID keyboard. Rogue devices, such as the RubberDucky, can use keyboard emulation to execute a covert channel communication stack. By creating an out-of-band connection using the device’s wireless interface, an air-gap can be bypassed. Spoofed peripherals require minimal current consumption, which can be supplied by the host PC, allowing perpetrators to perform Network Packet sniffing and to exfiltrate information out-of-band remotely due to the integrated WiFi functionality. The information that could have been obtained in this case could be extremely sensitive, since this is the resort belonging to the President of the United States and a place he was visiting at the time of the attempted attack.Download Case Study