Malaysian Indicted After Hacking Federal Reserve 132
wiredmikey sends along a security story that looks like it could be one to watch. Lin Mun Poo was arrested shortly after arriving at New York's John F. Kennedy International Airport in late October, traveling to the US on business. The 32-year-old resident of Malaysia was observed by an undercover Secret Service agent selling stolen credit card data in a diner. After arresting him and seizing his laptop (which was "heavily encrypted"), authorities discovered evidence of far more serious security breaches. According to documents from the Department of Justice, Lin Mun Poo had hacked into the Federal Reserve Bank of Cleveland and stolen over 400,000 credit and debit card numbers. Also, according to authorities, Mr. Poo managed to hack into FedComp, a data processor for federal credit unions, enabling him to access the data of various federal credit unions. He also hacked into the computer system of a Department of Defense contractor that provides systems management for military transport and other military operations, potentially compromising highly sensitive military logistics information.
This story... (Score:1, Insightful)
is a load of Poo.
Re:Stolen squared (Score:3, Insightful)
For the same reason Comcast blocks bittorrents.
Because they are both private, corporate monopolies and
there's nobody willing to stop them. (Look how the Audit the Fed bill died.)
Re:So much for security through obscurity... (Score:3, Insightful)
because someone in management thinks it would be cool to be able to access it all from his blackberry from home and a consultant assured him that the system their company was selling would let him do that securely (with of course an explicit clause in the contract which states that they do not guarantee that it will be secure and take no responsibility of any kind if it is not).
plus of course the banking system is civilian and the costs of running a completely seperate network are prohibative and anyone who wants to use that system has to be connected and if any of them are insecure then someone can get in anyway... etc.
Finally, security is hard. it was once summed up to me thusly by a lecturer: "if the other guy is a better programmer than you he'll probably get into any system you build eventually, there will always be someone who is a better programmer than you thus assume your system will be breached eventually and build in many many layers of security."
Re:So much for security through obscurity... (Score:3, Insightful)
Don't forget that the taxpayers will backstop all losses... Privatize all gains and socialize all losses, thats the American Way (tm)
Re:You can't trust Asians (Score:2, Insightful)
Did anyone else notice the lovely little bit of racism at the top of the article: ... are able to do' "
"'If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians
With the net someone from anywhere has just as much access to all the information you'd need to learn how to do this.
there's nothing special about the chinese, the russians or the americans, hackers come from everywhere.
Re:So much for security through obscurity... (Score:5, Insightful)
>>>Privatize all gains and socialize all losses, thats the [Corporatist] Way (tm)
fixed that for you.
And of course both parties are corporatist.
(whispers)
aka fascist
Re:This story... (Score:5, Insightful)
It kind of is. Can we stop putting things like this under "Your Rights Online"? The person was observed breaking the law in a restaurant, not online, and it sounds like subsequent searches were above the board and revealed some pretty egregious shit. He's also confessed to at least some of the charges.
Does Slashdot have a grouping named "People not yet convicted of breaking the law, but ehhhhhh, it really looks like they did"? Otherwise it looks like we're arguing that people should have a protection against being observed by the Secret Service when there's reasonable suspicion of illegality. This wasn't exactly warrantless wiretapping.
Re:I'll bet (Score:3, Insightful)
Like being recruited by the NSA or the Cyber command.
Re:You can't trust the white man... (Score:3, Insightful)
I think the point was, all races are equally (un)trustworthy.
Re:You can't trust Asians (Score:4, Insightful)
"'If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians ... are able to do' "
No racism there, except for extremely expansive gratuitously warped definitions of racism.
There are well-known large hacking rings in Russia and China. It is not difficult to imagine that many hackers working together are obviously a potentially larger threat than one hacker, assuming individuals of comparable skill and knowledge; the conclusions are obvious and have nothing to do with race.
There are some Malaysian hacking rings, but less well known to the public and the popular media.
Even if the more adept hackers happened to be in China, and it was stated, it wouldn't imply anything about race. As there are other factors involved, such as government being involved and promoting hacking, or there being stronger penalties for hackers in a country. The amount of technology available in a country, and the state of its economy and culture also effect such things.
In any event, Racism is defined as using power, for example, force, government authority, business decisions, or threat of violence/harm to promote the superiority of one race or to marginilize another.
Besides race there are a lot of differences between the culture and environment in Malaysia VS Chinese/Russian countries, ability to hide, and access to certain resources.
There is nothing in the article indicating the Malaysian race is somehow inferior, or evil, or that hackers of the Chinese/Russian race are superior, inferior, or more evil, ergo no racism.
Re:You can't trust Asians (Score:4, Insightful)
I think the emphasis should be on the "some guy" aspect rather than the "Malaysia" aspect. The fact of the matter is, China and Russia aren't exactly hiding the fact that they have large populations of people who are basically dedicated to computer intrusion, espionage and intelligence gathering, many of whom receive partial or full government support, or are in fact government employees. While we have our own NSA, Russia and China seem to have lots of general citizens who are engaging in such activities for avowed nationalist purposes. I have a somewhat hard time believing that if I started hacking foreign governments and then went down the road here to share what information I may have gleaned that I'd be welcomed with open arms.
Malaysia isn't a country one generally hears about engaging in this type of activity. He could have been from Andora for all it matters, and the message would be the same: if one guy, no matter where he's from, without the support of his own government intelligence agencies, is able to obtain this type of information and access, then malicious state actors should have no trouble doing so. Also, the fact that his access to logistical information wasn't noticed until the course of what started out as a simple criminal investigation by the appropriate authorities (Secret Service being under the authority of the Treasury Department), that's kind of scary. It means that the Russians, Chinese, Iranians, or anyone else might also have had access to that same data and no one was apparently paying any attention, or there are unknown security flaws which were exploited and thus there were no IDS/IPS rules to catch the activity and raise any flags.
This dude is somewhat irrelevant compared to the wider implications of the non-credit-related activities, which are also pretty much straight up crime.
Re:"Heavily encrypted" (Score:3, Insightful)
Oh, I suspect that he might very well have been using full-disk encryption, which would meet the definition of 'heavily encrypted'. The lesson to take away here is that it doesn't matter how heavily you encrypt your data if you let your device get captured after you've logged in. From the motion for detention, he made a sale at a diner while being watched by Secret Service agents and got picked up 'shortly thereafter', whatever that means, and if he failed to completely power down his laptop between sale and arrest, it's game over. Lesson for the day: if you're carrying evidence that will destroy your life, remember that closing the lid on your laptop doesn't actually wipe its memory.
As an aside, I also suspect the motive for the phrasing is less 'undermining cryptography' as 'look how awesome we are'. Almost all documents by any law enforcement agency on a major bust puff up how devious and sophisticated the bad guy was, so they can imply that they were even better.
Re:You can't trust Asians (Score:3, Insightful)
Clearly it means 'If one guy from a "friendly" country can do that, imagine what agents of the "unfriendly" countries can do with the backing provided by the state'.
Why does the Fed have credit card numbers? (Score:3, Insightful)
Seriously, why does the Federal Reserve have consumer credit card numbers? We're not talking about TJ Maxx here: unless I'm mistaken the Federal Reserve only does business with banks, they have nothing to do with ordinary consumers and their silly bits of plastic.
People putting their income tax payments on plastic, maybe? I'm stumped.
The numbers were stolen? (Score:1, Insightful)
stolen over 400,000 credit and debit card numbers
So the owners of the cards opened their wallets and found no numbers left on their cards any more? Since the numbers were stolen.