Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror
Crime Security IT

Malaysian Indicted After Hacking Federal Reserve 132

Posted by kdawson
from the tip-of-the-proverbial dept.
wiredmikey sends along a security story that looks like it could be one to watch. Lin Mun Poo was arrested shortly after arriving at New York's John F. Kennedy International Airport in late October, traveling to the US on business. The 32-year-old resident of Malaysia was observed by an undercover Secret Service agent selling stolen credit card data in a diner. After arresting him and seizing his laptop (which was "heavily encrypted"), authorities discovered evidence of far more serious security breaches. According to documents from the Department of Justice, Lin Mun Poo had hacked into the Federal Reserve Bank of Cleveland and stolen over 400,000 credit and debit card numbers. Also, according to authorities, Mr. Poo managed to hack into FedComp, a data processor for federal credit unions, enabling him to access the data of various federal credit unions. He also hacked into the computer system of a Department of Defense contractor that provides systems management for military transport and other military operations, potentially compromising highly sensitive military logistics information.
This discussion has been archived. No new comments can be posted.

Malaysian Indicted After Hacking Federal Reserve

Comments Filter:
  • This story... (Score:1, Insightful)

    by Anonymous Coward on Monday November 22, 2010 @11:43AM (#34307212)

    is a load of Poo.

  • Re:Stolen squared (Score:3, Insightful)

    by commodore64_love (1445365) on Monday November 22, 2010 @11:47AM (#34307276) Journal

    For the same reason Comcast blocks bittorrents.
    Because they are both private, corporate monopolies and
      there's nobody willing to stop them. (Look how the Audit the Fed bill died.)

  • by HungryHobo (1314109) on Monday November 22, 2010 @12:00PM (#34307452)

    because someone in management thinks it would be cool to be able to access it all from his blackberry from home and a consultant assured him that the system their company was selling would let him do that securely (with of course an explicit clause in the contract which states that they do not guarantee that it will be secure and take no responsibility of any kind if it is not).

    plus of course the banking system is civilian and the costs of running a completely seperate network are prohibative and anyone who wants to use that system has to be connected and if any of them are insecure then someone can get in anyway... etc.

    Finally, security is hard. it was once summed up to me thusly by a lecturer: "if the other guy is a better programmer than you he'll probably get into any system you build eventually, there will always be someone who is a better programmer than you thus assume your system will be breached eventually and build in many many layers of security."

  • by vlm (69642) on Monday November 22, 2010 @12:03PM (#34307508)

    Don't forget that the taxpayers will backstop all losses... Privatize all gains and socialize all losses, thats the American Way (tm)

  • by HungryHobo (1314109) on Monday November 22, 2010 @12:06PM (#34307530)

    Did anyone else notice the lovely little bit of racism at the top of the article:
    "'If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians ... are able to do' "

    With the net someone from anywhere has just as much access to all the information you'd need to learn how to do this.
    there's nothing special about the chinese, the russians or the americans, hackers come from everywhere.

  • by commodore64_love (1445365) on Monday November 22, 2010 @12:12PM (#34307598) Journal

    >>>Privatize all gains and socialize all losses, thats the [Corporatist] Way (tm)

    fixed that for you.
    And of course both parties are corporatist.
    (whispers)
    aka fascist

  • Re:This story... (Score:5, Insightful)

    by falsified (638041) on Monday November 22, 2010 @12:24PM (#34307716)

    It kind of is. Can we stop putting things like this under "Your Rights Online"? The person was observed breaking the law in a restaurant, not online, and it sounds like subsequent searches were above the board and revealed some pretty egregious shit. He's also confessed to at least some of the charges.

    Does Slashdot have a grouping named "People not yet convicted of breaking the law, but ehhhhhh, it really looks like they did"? Otherwise it looks like we're arguing that people should have a protection against being observed by the Secret Service when there's reasonable suspicion of illegality. This wasn't exactly warrantless wiretapping.

  • Re:I'll bet (Score:3, Insightful)

    by Hinhule (811436) on Monday November 22, 2010 @12:27PM (#34307742)

    Like being recruited by the NSA or the Cyber command.

  • by Lead Butthead (321013) on Monday November 22, 2010 @01:02PM (#34308164) Journal

    I think the point was, all races are equally (un)trustworthy.

  • by mysidia (191772) on Monday November 22, 2010 @01:05PM (#34308198)

    "'If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians ... are able to do' "

    No racism there, except for extremely expansive gratuitously warped definitions of racism.

    There are well-known large hacking rings in Russia and China. It is not difficult to imagine that many hackers working together are obviously a potentially larger threat than one hacker, assuming individuals of comparable skill and knowledge; the conclusions are obvious and have nothing to do with race.

    There are some Malaysian hacking rings, but less well known to the public and the popular media.

    Even if the more adept hackers happened to be in China, and it was stated, it wouldn't imply anything about race. As there are other factors involved, such as government being involved and promoting hacking, or there being stronger penalties for hackers in a country. The amount of technology available in a country, and the state of its economy and culture also effect such things.

    In any event, Racism is defined as using power, for example, force, government authority, business decisions, or threat of violence/harm to promote the superiority of one race or to marginilize another.

    Besides race there are a lot of differences between the culture and environment in Malaysia VS Chinese/Russian countries, ability to hide, and access to certain resources.

    There is nothing in the article indicating the Malaysian race is somehow inferior, or evil, or that hackers of the Chinese/Russian race are superior, inferior, or more evil, ergo no racism.

  • by bsDaemon (87307) on Monday November 22, 2010 @01:10PM (#34308276)

    I think the emphasis should be on the "some guy" aspect rather than the "Malaysia" aspect. The fact of the matter is, China and Russia aren't exactly hiding the fact that they have large populations of people who are basically dedicated to computer intrusion, espionage and intelligence gathering, many of whom receive partial or full government support, or are in fact government employees. While we have our own NSA, Russia and China seem to have lots of general citizens who are engaging in such activities for avowed nationalist purposes. I have a somewhat hard time believing that if I started hacking foreign governments and then went down the road here to share what information I may have gleaned that I'd be welcomed with open arms.

    Malaysia isn't a country one generally hears about engaging in this type of activity. He could have been from Andora for all it matters, and the message would be the same: if one guy, no matter where he's from, without the support of his own government intelligence agencies, is able to obtain this type of information and access, then malicious state actors should have no trouble doing so. Also, the fact that his access to logistical information wasn't noticed until the course of what started out as a simple criminal investigation by the appropriate authorities (Secret Service being under the authority of the Treasury Department), that's kind of scary. It means that the Russians, Chinese, Iranians, or anyone else might also have had access to that same data and no one was apparently paying any attention, or there are unknown security flaws which were exploited and thus there were no IDS/IPS rules to catch the activity and raise any flags.

    This dude is somewhat irrelevant compared to the wider implications of the non-credit-related activities, which are also pretty much straight up crime.

  • by Zed Pobre (160035) on Monday November 22, 2010 @01:10PM (#34308278)

    Oh, I suspect that he might very well have been using full-disk encryption, which would meet the definition of 'heavily encrypted'. The lesson to take away here is that it doesn't matter how heavily you encrypt your data if you let your device get captured after you've logged in. From the motion for detention, he made a sale at a diner while being watched by Secret Service agents and got picked up 'shortly thereafter', whatever that means, and if he failed to completely power down his laptop between sale and arrest, it's game over. Lesson for the day: if you're carrying evidence that will destroy your life, remember that closing the lid on your laptop doesn't actually wipe its memory.

    As an aside, I also suspect the motive for the phrasing is less 'undermining cryptography' as 'look how awesome we are'. Almost all documents by any law enforcement agency on a major bust puff up how devious and sophisticated the bad guy was, so they can imply that they were even better.

  • by nedlohs (1335013) on Monday November 22, 2010 @02:06PM (#34309022)

    Clearly it means 'If one guy from a "friendly" country can do that, imagine what agents of the "unfriendly" countries can do with the backing provided by the state'.

  • by goodmanj (234846) on Monday November 22, 2010 @02:47PM (#34309494)

    Seriously, why does the Federal Reserve have consumer credit card numbers? We're not talking about TJ Maxx here: unless I'm mistaken the Federal Reserve only does business with banks, they have nothing to do with ordinary consumers and their silly bits of plastic.

    People putting their income tax payments on plastic, maybe? I'm stumped.

  • by Anonymous Coward on Monday November 22, 2010 @02:51PM (#34309540)

    stolen over 400,000 credit and debit card numbers

    So the owners of the cards opened their wallets and found no numbers left on their cards any more? Since the numbers were stolen.

Our policy is, when in doubt, do the right thing. -- Roy L. Ash, ex-president, Litton Industries

Working...