Senate staffers received an email Monday evening with the subject line “What not to do...”
An image of the message, obtained by Roll Call, shows that a Senate IT Security listserve sent staffers a message pointing out some don’t-try-this-at-home (or work) cybersecurity behaviors.
“One of the Secret Service agents stuck a flash drive taken off a suspect into their computer,” read the email.
It included an excerpt of a Miami Herald story about the federal investigation into Yujing Zhang — the Chinese woman arrested last month trying to enter President Donald Trump’s private Palm Beach Mar-a-Lago club.
The story pointed to testimony from Secret Service agents during a detention hearing at the federal courthouse in West Palm Beach, Monday. It provided a cautionary tale to staffers, warning them to think, before they put a random USB-drive into their computer.
The email to Senate employees included the following:
Secret Service agent Samuel Ivanovich, who interviewed Zhang at Mar-a-Lago, testified at the hearing. He stated that when another agent put Zhang’s thumb-drive into his computer, it immediately began to install files, a “very out-of-the-ordinary” event that he had never seen happen before during this kind of analysis. The agent had to immediately stop the analysis to halt any further corruption of his computer, Ivanovich said. The analysis is ongoing but still inconclusive, he testified.
The email concluded with a succinct sign off: “Doh.”
The Senate Sergeant-at-Arms, which manages technology support and cybersecurity for the chamber, has been under pressure in recent weeks to provide extra protection to lawmakers and staff against attempted intrusions.
The SAA’s office offers regular cyber awareness trainings to staff in lawmakers’ offices, on committees and in their home states.
But Democratic Senator Ron Wyden of Oregon, and Arkansas Republican Tom Cotton want to allow the Senate Sergeant-at-Arms to provide “voluntary cybersecurity assistance” to lawmakers and certain Senate staff to secure accounts and personal devices.
The pair introduced a bill authorizing the SAA to use official Senate funds to secure personal accounts. They also wrote a letter calling for an annual report from the SAA on when Senate computers and smartphones have been compromised, and when hackers have otherwise gained access to sensitive Senate data.
They urged the Sergeant-at-Arms to notify Senate leadership, members of the Senate Rules and Administration Committee and the Senate Intelligence panel about any breaches on Senate computers within five days of discovery.
Also watch–Lieu: ‘Of all the people that Republicans could have selected, they pick Candace Owens’