Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Attorney: Mar-a-Lago Infiltrator Had Hidden-Camera Detector

A Chinese woman recently arrested at President Donald Trump’s Mar-a-Lago club lied repeatedly to Secret Service agents while carrying computer malware unlike anything a government analyst had ever seen and had more than $8,000 in cash at her hotel room, along with an electronic device that detects hidden cameras, federal authorities told a judge Monday.

A Chinese woman recently arrested at President Donald Trump’s Mar-a-Lago club lied repeatedly to Secret Service agents while carrying computer malware unlike anything a government analyst had ever seen and had more than $8,000 in cash at her hotel room, along with an electronic device that detects hidden cameras, federal authorities told a judge Monday.

Assistant U.S. Attorney Rolando Garcia told Magistrate Judge William Matthewman during a bond hearing that “there are a lot of questions that remain” about 32-year-old Yujing Zhang

He said the FBI is still investigating whether Zhang is a spy.

Zhang was arrested March 30 after Secret Service agents said she lied to gain admission to the president’s Palm Beach resort and was found to be carrying two Chinese passports, four cellphones, a laptop computer, an external hard drive and a thumb drive containing the malware.

Matthewman adjourned the hearing until next Monday as Zhang’s public defender said he’s still gathering evidence that could justify her release on bail on charges of lying to federal agents and illegal entry to a restricted area. Garcia said he expects Zhang will be indicted by a federal grand jury this week on those charges.

He said Zhang would be a “serious risk of flight” if she were released while awaiting trial, as she has no ties to the United States. The State Department revoked her visa last week, he said, so even if released on bond, she would be detained by immigration officials. She arrived in the U.S. on a flight from Shanghai to Newark, New Jersey, two days before her arrest.

Zhang sat quietly at the defense table during the two-hour hearing, scribbling notes in Chinese characters as she listened to a translator through headphones. She wore a blue jail jumpsuit and her wrists were shackled.

“She lies to everyone she encounters,” Garcia told the judge. He said that not only did Zhang falsely tell a Secret Service agent at a Mar-a-Lago checkpoint that she was a member there to use the pool, even though she had no swimsuit, she told agents she was carrying her computer gear because she was afraid the items would be stolen if she left them in her hotel room.

Advertisement. Scroll to continue reading.

But when agents searched it, they found $7,620 in U.S. currency, another $663 worth of Chinese currency, numerous U.S. credit and debit cards, the device used to find hidden electronics and other computer gear, he said.

Secret Service agent Samuel Ivanovich told the judge that when an agency analyst uploaded the malware found on Zhang’s thumb drive, it immediately began installing on the analyst’s computer and corrupting its files.

“That was something that had never happened before,” Ivanovich told the judge. He said the analyst immediately shut down the computer to protect it. He said the malware’s ultimate purpose remains unknown.

When agents analyze suspicious devices that might contain malicious software, it is done in a controlled environment and not performed on a computer connected to any government networks, according to Secret Service officials.

While questioning Ivanovich, public defender Robert Adler presented Zhang as not fluent in English and suggested she may not have been lying, but misunderstanding agents’ questions. He pointed out that Zhang made no attempt to hide her electronic gear while entering Mar-a-Lago and agreed to be interviewed for almost nine hours.

Adler asked that the hearing be adjourned as he believes he can present evidence next week that would justify her release on bail while assuring she wouldn’t flee.

Zhang’s arrest has raised questions about Mar-a-Lago’s security during the president’s visits. There’s no evidence Zhang ever approached the president and it is believed he was at his nearby golf course when she arrived.

Agents say she wasn’t on the membership list, but a club manager thought Zhang was a member’s daughter. Agents say that when they asked Zhang if the member was her father, she did not answer definitively but they thought it might be a language barrier and admitted her. Zhang is a common Chinese name — about 7% of the country’s population carries it.

Ivanovich told the judge Zhang later told him she was there for a Chinese American event that didn’t exist, contradicting her checkpoint statement. She showed him an invitation in Chinese he could not read.

After being questioned for about 90 minutes at a property neighboring Mar-a-Lago, Zhang was taken to the local Secret Service office for questioning that lasted about seven hours. It was not recorded.

There, Ivanovich said, it became clear Zhang speaks and reads English well. He said Zhang said an acquaintance named “Charles” had invited her to the nonexistent event.

Adler said wire records show Zhang paid $20,000 in February to Charles Lee, a Chinese national, for admission to the event. Lee ran the United Nations Chinese Friendship Association and was photographed at least twice with Cindy Yang, a Republican donor and former Florida massage parlor owner. She recently made news after it was learned she was promising Chinese business leaders that her consulting firm could get them access to Mar-a-Lago and mingle with the president.

Yang previously owned a spa where New England Patriots owner Robert Kraft was charged with soliciting prostitution.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...