Forgot your password?
typodupeerror
Crime Security IT

Malaysian Indicted After Hacking Federal Reserve 132

Posted by kdawson
from the tip-of-the-proverbial dept.
wiredmikey sends along a security story that looks like it could be one to watch. Lin Mun Poo was arrested shortly after arriving at New York's John F. Kennedy International Airport in late October, traveling to the US on business. The 32-year-old resident of Malaysia was observed by an undercover Secret Service agent selling stolen credit card data in a diner. After arresting him and seizing his laptop (which was "heavily encrypted"), authorities discovered evidence of far more serious security breaches. According to documents from the Department of Justice, Lin Mun Poo had hacked into the Federal Reserve Bank of Cleveland and stolen over 400,000 credit and debit card numbers. Also, according to authorities, Mr. Poo managed to hack into FedComp, a data processor for federal credit unions, enabling him to access the data of various federal credit unions. He also hacked into the computer system of a Department of Defense contractor that provides systems management for military transport and other military operations, potentially compromising highly sensitive military logistics information.
This discussion has been archived. No new comments can be posted.

Malaysian Indicted After Hacking Federal Reserve

Comments Filter:
  • This story... (Score:1, Insightful)

    by Anonymous Coward

    is a load of Poo.

    • Re: (Score:1, Funny)

      by Anonymous Coward

      Nah, it's just the minimum dose of crap.

      • Re: (Score:1, Funny)

        by Anonymous Coward

        You might say people are lining up for this minor load of poo

        You might also say that these are neither puns, nor funny.

    • Re:This story... (Score:5, Insightful)

      by falsified (638041) on Monday November 22, 2010 @01:24PM (#34307716)

      It kind of is. Can we stop putting things like this under "Your Rights Online"? The person was observed breaking the law in a restaurant, not online, and it sounds like subsequent searches were above the board and revealed some pretty egregious shit. He's also confessed to at least some of the charges.

      Does Slashdot have a grouping named "People not yet convicted of breaking the law, but ehhhhhh, it really looks like they did"? Otherwise it looks like we're arguing that people should have a protection against being observed by the Secret Service when there's reasonable suspicion of illegality. This wasn't exactly warrantless wiretapping.

      • It's kdawson - what else did you expect? And why do I not have a filter on his/her posts?
      • Does Slashdot have a grouping named "People not yet convicted of breaking the law, but ehhhhhh, it really looks like they did"?

        A new grouping named 'Crime' would fit the bill imo.

      • A story about "hacked" credit card numbers DOESN'T deserve the "Your Rights Online" tag?
      • Actually, it would probably fall under it because credit identity is part of your rights. Originally, it was "Life, Liberty, and Property", not "Life, Liberty, and the Pursuit of Happiness". Someone stealing your property is basically going against your rights, because the right to property doesn't mean you have the right to everyone's ELSE'S property.
  • Stolen squared (Score:5, Interesting)

    by hendrikboom (1001110) on Monday November 22, 2010 @12:45PM (#34307248)

    He stole stolen credit card numbers? They ended up being twice stolen? And why was the Federal Reserve Bank harboring stolen numbers anyway?

    • Re: (Score:3, Insightful)

      For the same reason Comcast blocks bittorrents.
      Because they are both private, corporate monopolies and
        there's nobody willing to stop them. (Look how the Audit the Fed bill died.)

    • I believe the submitter misread the article. Everywhere else is saying that he hacked the Cleveland Reserve and separately stole the credit cards. The Fed banks have no reason to keep credit card numbers.

      • by durrr (1316311)
        I don't know why but i read the same as op that the cleveland reserve credit cards he stole were stolen, but going back and rereading i find nothing wrong.
        There's a brickwall in front of my window too suddenly, i think we need to reboot the reality servers.
      • by slick7 (1703596)

        I believe the submitter misread the article. Everywhere else is saying that he hacked the Cleveland Reserve and separately stole the credit cards. The Fed banks have no reason to keep credit card numbers.

        Except to zero out everyone's accounts when the balloon goes up.

    • How d How you think black-ops operations get financed?
      • by bsDaemon (87307)

        slush funds in off-shore accounts which are replenished via under-the-table arms and narcotics deals? Or is that too 1980s to be relevant anymore?

        • by slick7 (1703596)

          slush funds in off-shore accounts which are replenished via under-the-table arms and narcotics deals? Or is that too 1980s to be relevant anymore?

          More like 1984.

    • Use your Federal Reserve MasterCard/Visa and earn Bail Out Points to help you avoid bankruptcy. Pay zero % interest for the first election cycle on balances up to 2 Trillion!
    • by bmk67 (971394)

      How could he have possibly stolen credit card numbers? After all, the original owner still has them, all he did was copy them! It's infringement, not theft!

      /sarcasm

    • by slick7 (1703596)

      He stole stolen credit card numbers? They ended up being twice stolen? And why was the Federal Reserve Bank harboring stolen numbers anyway?

      Exactly, the fed banksters are the true criminals. They hide behind the government and stab that same government in the back with unreasonable interest rates. Now, they are in possession of "stolen?" numbers. I guess the fed can't print enough money 24/7/365, so the have to steal money to pay off the bought dogs in D.C.
      Now that the left hand puppet has wrested control from the right hand puppet, everything should be under control. N'est-ce pas?
      It's time to return to the precious metal standard and rid ourse

  • by digitaldc (879047) * on Monday November 22, 2010 @12:47PM (#34307270)
    ...Lin Min was always so much more misbehaved than his brother, Hu Flung Poo?
    • Re: (Score:3, Funny)

      by ilsaloving (1534307)

      I heard that when he initially refused to give up his passwords, they threatened to throw him into a fan.

  • I'm guessing they used the standard government decryption algorithm HWBUO (Hit With Brick Until Open)?

    • by BruiserBlanton (133306) on Monday November 22, 2010 @12:54PM (#34307360)

      You know that's not the plan.

      Obligatory XKCD
      http://xkcd.com/538/ [xkcd.com]

    • Re: (Score:3, Funny)

      by Peeteriz (821290)

      According to early data security research performed by KGB, thermorectal cryptoanalysis (involving a penetration test with soldering iron) can reveal encryption keys of any length within a couple of minutes.

      • Re: (Score:1, Informative)

        by Anonymous Coward

        Had his laptop been heavily encrypted, they wouldn't have gotten anywhere. This is an attempt at undermining cryptography.

        • Re: (Score:3, Insightful)

          by Zed Pobre (160035)

          Oh, I suspect that he might very well have been using full-disk encryption, which would meet the definition of 'heavily encrypted'. The lesson to take away here is that it doesn't matter how heavily you encrypt your data if you let your device get captured after you've logged in. From the motion for detention, he made a sale at a diner while being watched by Secret Service agents and got picked up 'shortly thereafter', whatever that means, and if he failed to completely power down his laptop between sale

          • by bberens (965711)
            Meh, he was clearly under surveillance. They likely just watched him type in his password and/or had previously installed a keylogger.
        • Had his laptop been heavily encrypted, they wouldn't have gotten anywhere.

          You know how they say you can root any system as long as you have physical access to the machine and enough time?

          You can break any (practically useful) encryption, as long as you have physical access to a person who knows the key and are willing to attach a car battery to their gonads. The classic "Jack Bauer" style of crypto-hacking, if you will.

  • Why are these things even connected to the internet if there is the danger of cracking them?

    • Re: (Score:3, Insightful)

      by HungryHobo (1314109)

      because someone in management thinks it would be cool to be able to access it all from his blackberry from home and a consultant assured him that the system their company was selling would let him do that securely (with of course an explicit clause in the contract which states that they do not guarantee that it will be secure and take no responsibility of any kind if it is not).

      plus of course the banking system is civilian and the costs of running a completely seperate network are prohibative and anyone who

    • by mckinnsb (984522)
      Likely because:
      1. The federal reserve bank may have been testing a new system which would allow financial institutions to access a list of stolen credit cards via a web or network interface for electronic transactions in order to safeguard them.
      2. FedComp is (likely) already a subscription service which is accessible via the internet for employees of said federal credit unions.

      I don't think there's anything to see here. The guy stole "already stolen" credit cards and tried to sell them for a profit. He's a con

      • by Dare nMc (468959)

        > The guy stole "already stolen" credit cards
        still sounds valuable, IE if a scammer buys a list of stolen cards, you wouldn't know how many people that was already sold to. IF you mask it with a current FBI... list, and get matches: what you have is likely worthless, or not worth making cards from. If however it comes back clean, you at least know the Feds are not yet "onto your list." And likely have some time to use them.
        I would think (for this reason) the service would be to check your numbers, no

      • by dave562 (969951)

        methinks its all just a lot of FUD in order to ply the citizenry into allowing "greater government oversight" of the internet and private networks.

        +1.

        If the media has mentioned it more than once, you can safely assume that there is an agenda there. All of these stories about "cyber security" that have surfaced in the last few months are all about regulating the internet. Between the corporations, *AA organizations and the telcos, everyone is doing a full court press on internet regulation. Nobody wants t

      • by slick7 (1703596)

        Likely because: The federal reserve bank may have been testing a new system which would allow financial institutions to access a list of stolen credit cards via a web or network interface for electronic transactions in order to safeguard them.

        Yeah, the same way the Japanese safeguard whales by collecting "scientific" samples. Yum Yum.

    • ...he allegedly tapped into the secure computers of a large Defense Department contractor that managed systems for military transport movements and other U.S. military operations?

      ...he had gotten the credit and bank card data by tapping into the computer networks of "several major international banks" and companies

      In large part these are the networks of companies, which, while it makes sense for them to be online, doesn't make it easier to swallow.

      To be honest, though, I think the worst part of the article is this:

      "If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians, the people with real capabilities, are able to do," said one former senior U.S. intelligence official...

      Training is everything. It doesn't matter whether you're from Russia or China or Malaysia or Sweden, what you know and how you know it is everything. It might be easier to be from one country or another, but once you get there nationality means nothing. This kind of ignorant and racist Cold War thinkin

    • Re: (Score:3, Interesting)

      Why are these things even connected to the internet if there is the danger of cracking them?

      For the same reason commercial power plants, including nuclear plants, are on the internet and running on stock Windows.

      Because many of the people in charge of making these decisions are imbeciles.

  • by Anonymous Coward

    "Lin Min Poo had hacked into the Federal Reserve Bank of Cleveland and stolen over 400,000 stolen credit and debit card numbers."

  • Mr. Poo. (Score:4, Funny)

    by roman_mir (125474) on Monday November 22, 2010 @01:00PM (#34307460) Homepage Journal

    I feel like it's an episode of South Park - hey there, Mr. Poo.

    From TFA:

    "To have the skills to break into highly sensitive systems like that is an impressive level of criminal activity," said Kurt Baumgartner, a senior security researcher for Kaspersky Lab, a computer security firm.

    - yeah, I bet it takes impressive level of criminal activity consisting of some 'LOL Cat' or maybe a 'Hot Malaysian Massage' screen saver and off the shelf 'back-orifice' of some sort.

    But anyway, what did this guy do that the Fed isn't doing anyway?

    traveling to the US on business

    - that right there is a punishable offense, well at the very least your 'junk' may have to be touched.

    The 32 year-old resident of Malaysia was observed by an undercover Secret Service agent

    - they are making it sound much dirtier than it was.

    selling stolen credit card data in a diner

    - stay classy Mr. Poo. At a diner?

    Why can't you be more respectable and do it like the Fed does, they sell their junk bonds on the bond market, with bells and whistles.

    After arresting him and seizing his laptop (which was "heavily encrypted")

    - with ROT13

    authorities discovered evidence

    - as I said, with ROT13.

    Lin Min Poo had hacked into the Federal Reserve Bank of Cleveland and stolen over 400,000 stolen credit and debit card numbers.

    - BASTARD! How dare he steal the STOLEN credit card numbers? Fed was just going to sell them themselves at a diner.

    Also, according to authorities, Mr. Poo managed to hack into FedComp, a data processor for federal credit unions, enabling him to access the data of various federal credit union.

    - various 'credit union'. Yeah, that one credit union is extremely 'various' indeed.

    He also hacked into computer system of a Department of Defense contractor that provides systems management for military transport and other military operations, potentially compromising highly sensitive military logistics information.

    - well, in his defense, he was just going to sell that highly classified systems management information at a better restaurant, he has SOME standards.

    "If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians, the people with real capabilities, are able to do

    - OMG! Call the Pentagon, they need to check if the database of the stolen mortgage back securities papers hasn't been stolen!

    In fact, the penetration of sensitive national security computers by overseas hackers — many of them believed to be state sponsored — is rapidly emerging as one of the country’s most alarming national security threats, officials said. And the threat is not just from foreign governments and for-profit hackers. Officials have also expressed worries that terrorist groups may be capable of the same sorts of sophisticated penetrations.

    - clearly, more F35s are needed to stop these attacks. What was that about the Republicans voting to STOP pig, I mean pork spending?

    HOW, just HOW will they STOP all that pork spending if there is clearly so much that needs to be done right now, to prevent the terrorists from winning by 'hacking' into the White House and stealing the toilet cleaning schedule?

    Pentagon officials said Sunday they were unable to respond immediately to questions about whether Poo's hacking of the contractor's computers had compromised military troop movements. But spokesman Bryan Whitman said in an e-mailed statement to NBC News: "We are keenly aware that our networks are being probed everyday. That's precisely why we have a very robust and layered active defense to protect our networ

    • by JamesP (688957)

      Stop steering my storen stuff!!!!

    • hahaha, I needed those lulz this morning, and your post delivered. Thanks.
  • Mr. Poo forgot to 'Wipe' the data off hist laptop.

  • For what its worth, his name Lin Mun Poo, not Lin Min Poo

    POO lin Mun indictment [scribd.com]

    Although I am curious to know if his name is being reported correctly. Is Poo his family name or is it Lin? Can anyone familiar with Malaysian names give an opinion?
    • Re: (Score:3, Informative)

      by tangent3 (449222)

      It's a Chinese name (there's a large community of Chinese in Malaysia)
      Lin is the family name, Mun Poo is the given name.

      • by OzPeter (195038)

        It's a Chinese name (there's a large community of Chinese in Malaysia) Lin is the family name, Mun Poo is the given name.

        Thanks - That's what I thought, but even the indictment has POO in all caps rather than LIN

        • by OzPeter (195038)

          Thanks - That's what I thought, but even the indictment has POO in all caps rather than LIN

          Ooops .. I take that back. It is Scribd that has POO in all caps, the indictment has the complete name in caps.

          • by slick7 (1703596)

            Thanks - That's what I thought, but even the indictment has POO in all caps rather than LIN

            Ooops .. I take that back. It is Scribd that has POO in all caps, the indictment has the complete name in caps.

            When your name is all in upper case, this is a case of Capitus Diminutio Maxima, meaning that you have no rights and are a slave to the state.
            Don't believe it? Then look at every governmental and corporate document in your possession.

    • by Viceice (462967)

      Lin is his Family/surname. I initially wasn't sure, but then I found a local news report citing a police official using his given name as "Mun Poo".

      Anyway, it's a chinese name and when written in mandarin, surnames come before given names. Confusion arises when the name is romanised (often times in a shoddy manner, so you can't tell just by reading it) and then the surname is moved to the back as is the formal english style. It gets worse in documents where the comma or uppercase seperating first and last n

  • I'll bet he will serve a far harsher sentence than rapists and child diddlers, because this involves the almighty dollar.

    • Re: (Score:3, Insightful)

      by Hinhule (811436)

      Like being recruited by the NSA or the Cyber command.

    • I'll bet he will serve a far harsher sentence than rapists and child diddlers, because this involves the almighty dollar.

      After someone empties your bank account, let me know how you feel.

      • by Noughmad (1044096)

        After someone rapes you/your wife/daughter, let me know how you feel.

        • by pspahn (1175617)

          For those not keeping up, here are the options:

          1) Have your money stolen from your bank account.

          2) Have the female loved ones in your life raped.

          If someone is coming around, snatching up money and people, instead of arguing over which is worse, you better just hide your money, hide your wife, hide your kids...

      • by dave562 (969951)

        I've had it happened and it sucked for about 24 hours. I called up Wells Fargo, they investigated and determined that my account was compromised and they gave me my money back. Now granted, it was only a couple thousand dollars, but it was still all of the money that I had.

        You're just ignorant to compare a minor inconvenience like not having access to money for a couple of days, to physical assault and rape. In the latter case, you're completely helpless and at the mercy of someone else. In the former,

  • How could those companies that were in charge of military intel have been so loose as to place the computers that are to contain the intel that is lcassified to access the internet so easily. That is 1) prob right there....secondly, the banks again should not have their main data available to the web as well, although seeing some of the banks today using everything web faced, I can not really blame them, they are all just sheeping along...but military should have known better.

    This guy is a bad apple, but do

  • This is why we should just replace the internet with a big swimming pool that we can all enjoy. The most you'd possibly lose is your bathing suit, and that's generally fun for everybody.
    • The most you'd possibly lose is your bathing suit, and that's generally fun for everybody.

      Go to a public swimming pool, look at the people there, and let us know if you still stand by that statement.

  • ...wondering why the hell the federal reserve knows anything about our accounts? While I understand that the fact that this was, in fact a security breach, the problem isn't how the hacker got in, but why the data was there for him to steal in the first place! I saw somewhere (I think maybe even here on /.) that world governments apparently buy more digital storage every year and it had a figure for what percent of produced storage governments bought. Does anyone have any doubts about what they are storing
  • "Watch out where those Huskies go and don't you eat that yellow snow" - FZ
  • Incidents like this demonstrate that when the Government says they'll keep your data secure and private (body scanner data, for example) that it's representatives are either intentionally lying or naive, or both.

    But they still demand more "tools" (ie- power) and insist that they are competent custodians. No government should ever be trusted this much, no matter how just and righteous it is.

  • by goodmanj (234846) on Monday November 22, 2010 @03:47PM (#34309494)

    Seriously, why does the Federal Reserve have consumer credit card numbers? We're not talking about TJ Maxx here: unless I'm mistaken the Federal Reserve only does business with banks, they have nothing to do with ordinary consumers and their silly bits of plastic.

    People putting their income tax payments on plastic, maybe? I'm stumped.

  • by Anonymous Coward

    stolen over 400,000 credit and debit card numbers

    So the owners of the cards opened their wallets and found no numbers left on their cards any more? Since the numbers were stolen.

  • So, the guy was smart enough to hack into a federal reserve and get 400 k card nos, smart enough to hack into a dod contractor and acquired sensitive budgeting and military information, but, he was stupid enough to come to usa to sell a number of credit card numbers at a FUCKING DINER.

    excuse me, but that kind of bullshit can only make idiots believe itself. anyone who has the slightest understanding of tech world will know that the person at a caliber like the above will never leave deep, unreachable rec
  • The Federal Reserve hacked into US Dollar savings and stole $4 trillion.

Real programs don't eat cache.

Working...