By now you’ve probably heard about last week’s security incident involving Trump National Golf Club Mar-a-Lago in Florida. According to the Secret Service, a Chinese national named Yujing Zhang illegally entered the club with two Chinese passports, four cell phones, a laptop computer, an external hard drive and a USB drive – some of which contained malware.
News outlets reported that Zhang was allowed past security because club managers believed was related to another member with the same last name. But, after she said she wanted to use the pool, her story apparently changed and Zhang became verbally aggressive with agents, telling them she wanted to speak with the member of the President's family about Chinese and American foreign economic relations. Federal prosecutors have filed charges against Zhang; a forensic team is examining her hard drive and USB drive, which apparently contained and installed malware on a Secret Service computer. Authorities also searched Zhang’s Palm Beach hotel room after her arrest and found nine more USB drives, five SIM cards, another cellphone, a device to detect hidden cameras, and more than $8,000 in cash.
This security incident illustrates three interesting points:
- The incident shows that cybercrime is the new geopolitical battleground. President Trump was golfing at Mar-a-Lago when this occurred, but the woman made no attempt to contact him physically. Security experts speculate that she was targeting a system close to the highest level of government. From there the malware would extract information or move to other systems.
- The incident demonstrates where enemies are devoting their efforts today. IT security isn’t just about hackers swiping credit card numbers. It’s also about protecting human lives, governments and global economics. Attacks with even the smallest malware code can be both subtle and potentially devastating.
- The incident functioned as a mirror of an attacker using stolen credentials to penetrate a network. Zhang passed herself off as a member’s relative, using the same last name, to get inside the club. But as soon as her activity triggered suspicion, the Secret Service acted immediately to stop her – using the same security protocols that we do at SecureAuth.
The layered security rationale
Jonathan Wackrow, a retired Secret Service agent and current Managing Director of Teneo Risk, referred to the Secret Service’s Mar-a-Lago strategy on CNN as a layered approach to access control, which he described as “concentric rings of protection that are around the protectee.”
Zhang went through two physical screening checkpoints; both she and her bag were searched. But her activity tipped off a receptionist that she was not a legitimate guest, which alerted the Secret Service to intervene and isolate her for questioning.
At SecureAuth, we approach identity security in the same way: through layered controls that secure access to applications and resources. Users pass through multiple security checkpoints, just as Zhang was caught at Mar-a-Lago’s second layer of physical screening. SecureAuth leverages telemetry data, origination data and user risk, based on previous user behavior, to create strong security profiles. Those profiles can define a user’s identity, whether it’s a customer, employee or business partner.
SecureAuth’s layered approach means we can elevate the security profile without impeding the user’s productivity and transactions. Our security checks are imperceptible for a smoother user experience, unless risk is detected and the user needs to confirm their identity. As the incident at Mar-a-Lago shows, it’s an approach that really can stop malicious actors in their tracks – and keep valuable assets protected.
To learn more about implementing layered security without increasing user disruptions, download this white paper.