Chinese woman arrested at Mar-a-Lago with malware

Mar-a-Lago has become a top destination for Trump tourism. Experts say Mar-a-Lago in particular provides unprecedented levels of access by people to the president.

A Chinese woman carrying a thumb drive loaded with malware was detained at Mar-a-Lago Saturday after trying to gain access to events advertised on Chinese-language social media by Li “Cindy” Yang, the South Florida massage parlor entrepreneur who also ran a business selling access to President Donald Trump and his family.

The woman, Yujing Zhang, has been charged with two federal crimes: making false statements to a federal officer and entering restricted property.

She was carrying four cell phones, one laptop, one external hard-drive and a thumb drive, according to court records. In a charging document, a Secret Service agent said a preliminary forensic examination of the thumb drive showed it contained “malicious malware.” The court filing did not provide further details about the nature of the malware.

Zhang originally told a U.S. Secret Service agent that she wanted to use Mar-a-Lago’s pool, but upon further questioning said she had traveled from Shangahi to attend a “United Nations Friendship Event” between China and the United States. She said she planned to speak with a member of the president’s family about U.S.-Chinese economic relations. Zhang’s arrest was first reported by WPTV. In court records, her birth year is listed as 1986.

There was no United Nations Friendship Event on March 30 at the president’s Palm Beach resort. Trump had been staying at Mar-a-Lago but golfing at one of his nearby clubs at the time of the arrest. However, first lady Melania Trump and other members of the Trump family were there during the incident, according to NBC.

Although no United Nations-related event was on Mar-a-Lago’s social calendar, Zhang may have been referring to two events originally scheduled for that day and promoted by Yang.

One event, a “Safari Night” held to benefit a local youth charity, was canceled after the Miami Herald revealed that Yang – a former owner of the massage parlor where New England Patriots owner Robert Kraft was charged with soliciting prostitution – had taken photographs with Trump and other Republican leaders and used them to advertise her ability to get Chinese clients into events with the president.

On the website for her consulting business, Yang also advertised a March 30 “International Leaders Elite Forum,” calling it a “once-in-a-lifetime opportunity” and the first event at Mar-a-Lago with “the Chinese as the protagonist.” That event also did not take place.

No mention is made of Yang in the court documents charging Zhang.

But Zhang told agents she was invited to Mar-a-Lago by a Chinese friend she identified only as “Charles,” according to court records. Yang worked with a Chinese event promoter named Charles Lee to advertise Safari Night and other galas and political fundraisers featuring the Trump family at Mar-a-Lago over the past year.

Lee runs a group called the United Nations Chinese Friendship Association, similar to the name of the event Zhang said she wished to attend. The group, which is not affiliated with the U.N., has promoted the Chinese Communist Party, and advertised events at Mar-a-Lago as ways for Chinese businessmen to participate in President Xi Jinping’s so-called business diplomacy agenda – essentially, an effort to have Chinese executives make friends with important people abroad.

Lee’s website was taken down after the Herald reported on his activities last week. In a brief interview, he denied knowing Yang.

Terry Bomar, the president of the Young Adventurers charity that was to host the Safari Night event, said Zhang had not been on the guest list. A spokesperson for Yang’s attorney did not immediately respond to a request for comment. The White House referred questions to the U.S. Secret Service, which declined to comment due to the ongoing investigation. A federal public defender representing Zhang also declined to comment.

Whatever the reason for Zhang’s presence, her arrest raises further questions about the degree to which private citizens – and potentially foreign rivals – can access Mar-a-Lago.

“What we’ve seen so far are the theoretical security risks that come from the ease at which people can get proximity to the president and his family based on the semi-public nature of this club,” said Jeffrey Prescott, a former National Security Council aide under President Obama and a senior fellow at the Penn Biden Center. “Now, the potential security risk may be an actual security risk.”

Prescott said it’s too early to tell what Zhang intended to do at the president’s estate, but if it was an effort to leave behind an electronic presence in order to record activities at Mar-a-Lago, “that’s a significant development.”

Malware is any type of software getting into a system that does something the administrator doesn’t want it to do, said Greg Hall, an expert in malware analysis at the University of West Florida’s Center for Cybersecurity. It can be anything from adware – software that automatically displays or downloads advertising material – to more nefarious programs that can enter a system from one computer and take data from other computers.

Trump was in South Florida this past weekend, spending most of Saturday away from Mar-a-Lago at Trump International Golf Club in West Palm Beach until about 3:45 p.m., according to the Palm Beach Daily News. That evening, he was scheduled for a “roundtable discussion with supporters” at Mar-a-Lago organized by Trump Victory, a political action committee supporting his re-election.

Congressional Democrats have called for a counter-intelligence investigation into Yang, who has also donated tens of thousands of dollars to Trump and his campaign.

Zhang may not have gotten the message that the political furor over Yang had led to the cancellation of her events.

She showed up to Mar-a-Lago at about 12:15 p.m. on Saturday, according to court records.

After showing a Secret Service agent two Chinese passports and saying she wished to go to the pool, Zhang was admitted to the club’s main reception area, past several “restricted access” signs. Club staff thought she was a relative of a Mar-a-Lago member with the same surname. But a receptionist soon found she was not on a list of approved guests.

That led another Secret Service agent to begin interviewing her until she was arrested after becoming “verbally aggressive with agents.” She was transported to the Secret Service’s office in West Palm Beach. She could face up to five years imprisonment for lying to a federal officer and one year for entering restricted grounds, and as much as $350,000 in fines, according to federal prosecutors.

“Had Zhang not falsely portrayed herself as a club member seeking to visit the pool, and instead advised she was there to attend the non-existent ‘United Nations Friendship Event’ between China and the United Sates, her access would have been declined by U.S. Secret Service,” according to a sworn affidavit signed by U.S. Secret Service special agent Samuel Ivanovich.

Although Zhang had said she wished to go to the pool, agents found no swimming apparel in her possession.

David Weinstein, a Miami defense attorney and former federal prosecutor, said Zhang’s alleged crime would only have amounted to a simple trespass – were it not for the president’s presence that weekend.

“If he’s not there, it’s just a private club,” he said.

No espionage charges have been filed against Zhang.

“It’s possible she may not have even realized there was malware on the drive,” Weinstein said.

Her detention hearing is set for April 8.

David Kris, an assistant attorney general for national security in the Obama administration and founder of consulting firm Culper Partners, said Zhang “does not sound like some casual visitor.”

The amount of equipment she carried suggests the malware might not have been an accident, Kris said.

“It sounds very much like someone who is equipped to go to work once they breached the perimeter,” he said.