Timing of Chinese spy arrested at Mar-a-Lago
The arrest of a Chinese woman at Mar-a-Logo carrying four cell phones, an external drive, and a malware-infected USB drive comes as the U.S. and China negotiate a final trade deal.
With President Trump at Mar-a-Lago on Saturday morning, Yujing Zhang talked her way past a Secret Service agent at the checkpoint outside the president's Palm Beach resort by using a member name and showing a passport that the club manager assumed meant she was a member's daughter.
Zhang (32) pretended to be from Taiwan and have limited English skills and indicated she came to her event early to take a few pictures and familiarize herself with the venue. But once inside the gate, she used perfect English to pass by three roving Secret Service agents and clear another security checkpoint before entering the main clubhouse.
Her story fell apart inside the clubhouse when she gave conflicting statements to staff and Secret Service agents about attending a nonexistent United Nations Chinese American Association meeting and produced a fake invitation written in Chinese. After becoming argumentative when confronted, Zhang was taken in for questioning.
Zhang then changed her story to coming from Shanghai to meet an online acquaintance named "Charles" whom she had instant-messaged with through China's WeChat app. Zhang was arrested on a criminal charge of lying to a Secret Service agent and signing a false affidavit, plus both passports were from the communist People's Republic of China.
The potential Chinese penetration attempt came just before a big move higher for world stock markets this week that the Financial Times attributed to the U.S. and China hammering out final enforcement rules that would lead to China's Pres. Xi Jinping and Pres. Trump signing a high-visibility trade agreement at Mar-a-Lago by June.
The malware was not identified in the criminal complaint, but Geopolitical Futures reported that China's intelligence apparatus, the Ministry of State Security (MSS), in 2017 recruited an employee of a French aerospace company that supplies NATO and gave him a USB drive containing the Sakula "backdoor" malware.
The Sakula "trojan" has exclusively been used by China's Shanghai cyber-espionage unit named Deep Panda (also known as APT19) for nation-state cyber-espionage campaigns. Its most famous hack is the 2014 and 2015 theft of over 21 million government employees' records from the U.S. Office of Personnel Management.
Once Sakula is plugged into a government or company laptop, it will install malware across the target's network. Not only does the cyber-penetration include database information, but Sakula can access other devices for clandestine live or recorded audio or video.
Given that venues for important meetings are vulnerable to surveillance bugs, the Secret Service undoubtedly used technical security countermeasure (TSCM) sweeps ahead of President Trump's morning meetings at Mar-a-Lago. But Zhang was able to freely enter the resort and roam the grounds for hours without being searched.
President Trump's most effective trade negotiation tool has been the unpredictability of his next move. Having real-time cyber-access to U.S. computers and other electronic devices at Mar-a-Lago would allow China to understand if Trump is bluffing or how much pushback the administration is receiving from domestic lobbying groups.