Malaysian Indicted After Hacking Federal Reserve 132
wiredmikey sends along a security story that looks like it could be one to watch. Lin Mun Poo was arrested shortly after arriving at New York's John F. Kennedy International Airport in late October, traveling to the US on business. The 32-year-old resident of Malaysia was observed by an undercover Secret Service agent selling stolen credit card data in a diner. After arresting him and seizing his laptop (which was "heavily encrypted"), authorities discovered evidence of far more serious security breaches. According to documents from the Department of Justice, Lin Mun Poo had hacked into the Federal Reserve Bank of Cleveland and stolen over 400,000 credit and debit card numbers. Also, according to authorities, Mr. Poo managed to hack into FedComp, a data processor for federal credit unions, enabling him to access the data of various federal credit unions. He also hacked into the computer system of a Department of Defense contractor that provides systems management for military transport and other military operations, potentially compromising highly sensitive military logistics information.
This story... (Score:1, Insightful)
is a load of Poo.
Re: (Score:1, Funny)
Nah, it's just the minimum dose of crap.
Re: (Score:1, Funny)
You might say people are lining up for this minor load of poo
You might also say that these are neither puns, nor funny.
Re:This story... (Score:5, Funny)
Re: (Score:2)
Re: (Score:1)
Re:This story... (Score:5, Insightful)
It kind of is. Can we stop putting things like this under "Your Rights Online"? The person was observed breaking the law in a restaurant, not online, and it sounds like subsequent searches were above the board and revealed some pretty egregious shit. He's also confessed to at least some of the charges.
Does Slashdot have a grouping named "People not yet convicted of breaking the law, but ehhhhhh, it really looks like they did"? Otherwise it looks like we're arguing that people should have a protection against being observed by the Secret Service when there's reasonable suspicion of illegality. This wasn't exactly warrantless wiretapping.
Re: (Score:1)
grouping (Score:2)
Does Slashdot have a grouping named "People not yet convicted of breaking the law, but ehhhhhh, it really looks like they did"?
A new grouping named 'Crime' would fit the bill imo.
Re: (Score:2)
Re: (Score:1)
Stolen squared (Score:5, Interesting)
He stole stolen credit card numbers? They ended up being twice stolen? And why was the Federal Reserve Bank harboring stolen numbers anyway?
Re: (Score:3, Insightful)
For the same reason Comcast blocks bittorrents.
Because they are both private, corporate monopolies and
there's nobody willing to stop them. (Look how the Audit the Fed bill died.)
Re: (Score:2)
(Look how the Audit the Fed bill died.)
Colonel Mustard, in the library with a candlestick?
Re: (Score:2)
I believe the submitter misread the article. Everywhere else is saying that he hacked the Cleveland Reserve and separately stole the credit cards. The Fed banks have no reason to keep credit card numbers.
Re: (Score:2)
There's a brickwall in front of my window too suddenly, i think we need to reboot the reality servers.
Re: (Score:2)
I believe the submitter misread the article. Everywhere else is saying that he hacked the Cleveland Reserve and separately stole the credit cards. The Fed banks have no reason to keep credit card numbers.
Except to zero out everyone's accounts when the balloon goes up.
Re: (Score:2)
Re: (Score:2)
slush funds in off-shore accounts which are replenished via under-the-table arms and narcotics deals? Or is that too 1980s to be relevant anymore?
Re: (Score:2)
slush funds in off-shore accounts which are replenished via under-the-table arms and narcotics deals? Or is that too 1980s to be relevant anymore?
More like 1984.
Fed MasterCard (Score:1)
Re: (Score:1)
How could he have possibly stolen credit card numbers? After all, the original owner still has them, all he did was copy them! It's infringement, not theft!
/sarcasm
Re: (Score:2)
He stole stolen credit card numbers? They ended up being twice stolen? And why was the Federal Reserve Bank harboring stolen numbers anyway?
Exactly, the fed banksters are the true criminals. They hide behind the government and stab that same government in the back with unreasonable interest rates. Now, they are in possession of "stolen?" numbers. I guess the fed can't print enough money 24/7/365, so the have to steal money to pay off the bought dogs in D.C.
Now that the left hand puppet has wrested control from the right hand puppet, everything should be under control. N'est-ce pas?
It's time to return to the precious metal standard and rid ourse
One wonders why... (Score:3, Funny)
Re: (Score:3, Funny)
I heard that when he initially refused to give up his passwords, they threatened to throw him into a fan.
"Heavily encrypted" (Score:2)
I'm guessing they used the standard government decryption algorithm HWBUO (Hit With Brick Until Open)?
Re:"Heavily encrypted" (Score:5, Funny)
You know that's not the plan.
Obligatory XKCD
http://xkcd.com/538/ [xkcd.com]
Re: (Score:2)
Okay, I have to ask.
The past three or four XKCD links I've seen have all had an AC replying with "best xkcd ever!"
Are you just one dude posting to all of these?
Is it a new stupid meme?
Or is it a bunch of people who are telling the truth but don't have nicks or are too lazy to sign in?
Genuinely curious,
f
Re: (Score:1)
Re: (Score:2)
So it's a new meme. Yay.
Re: (Score:2)
So it's a new meme. Yay.
Sorry, not until there's an XKCD to link to...
Re: (Score:3, Funny)
According to early data security research performed by KGB, thermorectal cryptoanalysis (involving a penetration test with soldering iron) can reveal encryption keys of any length within a couple of minutes.
Re: (Score:1, Informative)
Had his laptop been heavily encrypted, they wouldn't have gotten anywhere. This is an attempt at undermining cryptography.
Re: (Score:3, Insightful)
Oh, I suspect that he might very well have been using full-disk encryption, which would meet the definition of 'heavily encrypted'. The lesson to take away here is that it doesn't matter how heavily you encrypt your data if you let your device get captured after you've logged in. From the motion for detention, he made a sale at a diner while being watched by Secret Service agents and got picked up 'shortly thereafter', whatever that means, and if he failed to completely power down his laptop between sale
Re: (Score:2)
Re: (Score:2)
Had his laptop been heavily encrypted, they wouldn't have gotten anywhere.
You know how they say you can root any system as long as you have physical access to the machine and enough time?
You can break any (practically useful) encryption, as long as you have physical access to a person who knows the key and are willing to attach a car battery to their gonads. The classic "Jack Bauer" style of crypto-hacking, if you will.
So much for security through obscurity... (Score:2, Interesting)
Why are these things even connected to the internet if there is the danger of cracking them?
Re: (Score:3, Insightful)
because someone in management thinks it would be cool to be able to access it all from his blackberry from home and a consultant assured him that the system their company was selling would let him do that securely (with of course an explicit clause in the contract which states that they do not guarantee that it will be secure and take no responsibility of any kind if it is not).
plus of course the banking system is civilian and the costs of running a completely seperate network are prohibative and anyone who
Re: (Score:3, Insightful)
Don't forget that the taxpayers will backstop all losses... Privatize all gains and socialize all losses, thats the American Way (tm)
Re:So much for security through obscurity... (Score:5, Insightful)
>>>Privatize all gains and socialize all losses, thats the [Corporatist] Way (tm)
fixed that for you.
And of course both parties are corporatist.
(whispers)
aka fascist
Re: (Score:2)
I don't think there's anything to see here. The guy stole "already stolen" credit cards and tried to sell them for a profit. He's a con
Re: (Score:2)
> The guy stole "already stolen" credit cards
still sounds valuable, IE if a scammer buys a list of stolen cards, you wouldn't know how many people that was already sold to. IF you mask it with a current FBI... list, and get matches: what you have is likely worthless, or not worth making cards from. If however it comes back clean, you at least know the Feds are not yet "onto your list." And likely have some time to use them.
I would think (for this reason) the service would be to check your numbers, no
Re: (Score:2)
methinks its all just a lot of FUD in order to ply the citizenry into allowing "greater government oversight" of the internet and private networks.
+1.
If the media has mentioned it more than once, you can safely assume that there is an agenda there. All of these stories about "cyber security" that have surfaced in the last few months are all about regulating the internet. Between the corporations, *AA organizations and the telcos, everyone is doing a full court press on internet regulation. Nobody wants t
Re: (Score:2)
Likely because: The federal reserve bank may have been testing a new system which would allow financial institutions to access a list of stolen credit cards via a web or network interface for electronic transactions in order to safeguard them.
Yeah, the same way the Japanese safeguard whales by collecting "scientific" samples. Yum Yum.
Re: (Score:1)
...he allegedly tapped into the secure computers of a large Defense Department contractor that managed systems for military transport movements and other U.S. military operations?
...he had gotten the credit and bank card data by tapping into the computer networks of "several major international banks" and companies
In large part these are the networks of companies, which, while it makes sense for them to be online, doesn't make it easier to swallow.
To be honest, though, I think the worst part of the article is this:
"If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians, the people with real capabilities, are able to do," said one former senior U.S. intelligence official...
Training is everything. It doesn't matter whether you're from Russia or China or Malaysia or Sweden, what you know and how you know it is everything. It might be easier to be from one country or another, but once you get there nationality means nothing. This kind of ignorant and racist Cold War thinkin
Re: (Score:2)
Another way to look at this. He got caught. how good could he really be?
Re: (Score:3, Interesting)
Why are these things even connected to the internet if there is the danger of cracking them?
For the same reason commercial power plants, including nuclear plants, are on the internet and running on stock Windows.
Because many of the people in charge of making these decisions are imbeciles.
Who did the Fed Reserve steal them from? (Score:2, Funny)
"Lin Min Poo had hacked into the Federal Reserve Bank of Cleveland and stolen over 400,000 stolen credit and debit card numbers."
Re: (Score:2)
100,000 people (given the average of 4 cc/person).
Mr. Poo. (Score:4, Funny)
I feel like it's an episode of South Park - hey there, Mr. Poo.
From TFA:
"To have the skills to break into highly sensitive systems like that is an impressive level of criminal activity," said Kurt Baumgartner, a senior security researcher for Kaspersky Lab, a computer security firm.
- yeah, I bet it takes impressive level of criminal activity consisting of some 'LOL Cat' or maybe a 'Hot Malaysian Massage' screen saver and off the shelf 'back-orifice' of some sort.
But anyway, what did this guy do that the Fed isn't doing anyway?
traveling to the US on business
- that right there is a punishable offense, well at the very least your 'junk' may have to be touched.
The 32 year-old resident of Malaysia was observed by an undercover Secret Service agent
- they are making it sound much dirtier than it was.
selling stolen credit card data in a diner
- stay classy Mr. Poo. At a diner?
Why can't you be more respectable and do it like the Fed does, they sell their junk bonds on the bond market, with bells and whistles.
After arresting him and seizing his laptop (which was "heavily encrypted")
- with ROT13
authorities discovered evidence
- as I said, with ROT13.
Lin Min Poo had hacked into the Federal Reserve Bank of Cleveland and stolen over 400,000 stolen credit and debit card numbers.
- BASTARD! How dare he steal the STOLEN credit card numbers? Fed was just going to sell them themselves at a diner.
Also, according to authorities, Mr. Poo managed to hack into FedComp, a data processor for federal credit unions, enabling him to access the data of various federal credit union.
- various 'credit union'. Yeah, that one credit union is extremely 'various' indeed.
He also hacked into computer system of a Department of Defense contractor that provides systems management for military transport and other military operations, potentially compromising highly sensitive military logistics information.
- well, in his defense, he was just going to sell that highly classified systems management information at a better restaurant, he has SOME standards.
"If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians, the people with real capabilities, are able to do
- OMG! Call the Pentagon, they need to check if the database of the stolen mortgage back securities papers hasn't been stolen!
In fact, the penetration of sensitive national security computers by overseas hackers — many of them believed to be state sponsored — is rapidly emerging as one of the country’s most alarming national security threats, officials said. And the threat is not just from foreign governments and for-profit hackers. Officials have also expressed worries that terrorist groups may be capable of the same sorts of sophisticated penetrations.
- clearly, more F35s are needed to stop these attacks. What was that about the Republicans voting to STOP pig, I mean pork spending?
HOW, just HOW will they STOP all that pork spending if there is clearly so much that needs to be done right now, to prevent the terrorists from winning by 'hacking' into the White House and stealing the toilet cleaning schedule?
Pentagon officials said Sunday they were unable to respond immediately to questions about whether Poo's hacking of the contractor's computers had compromised military troop movements. But spokesman Bryan Whitman said in an e-mailed statement to NBC News: "We are keenly aware that our networks are being probed everyday. That's precisely why we have a very robust and layered active defense to protect our networ
Re: (Score:2)
Stop steering my storen stuff!!!!
Re: (Score:1)
Re: (Score:2)
I am sorry, I didn't want to make you feel this dirty.
I only had one thing to say really, that Mr. Poo needs to have his junk looked at once again, since nobody knows what can come out of it.
He forgot to wipe (Score:2, Funny)
Mr. Poo forgot to 'Wipe' the data off hist laptop.
Re: (Score:2)
Damn! Beat me to it! :)
Actual indictment (Score:2)
POO lin Mun indictment [scribd.com]
Although I am curious to know if his name is being reported correctly. Is Poo his family name or is it Lin? Can anyone familiar with Malaysian names give an opinion?
Re: (Score:3, Informative)
It's a Chinese name (there's a large community of Chinese in Malaysia)
Lin is the family name, Mun Poo is the given name.
Re: (Score:2)
It's a Chinese name (there's a large community of Chinese in Malaysia) Lin is the family name, Mun Poo is the given name.
Thanks - That's what I thought, but even the indictment has POO in all caps rather than LIN
Re: (Score:2)
Thanks - That's what I thought, but even the indictment has POO in all caps rather than LIN
Ooops .. I take that back. It is Scribd that has POO in all caps, the indictment has the complete name in caps.
Re: (Score:2)
Thanks - That's what I thought, but even the indictment has POO in all caps rather than LIN
Ooops .. I take that back. It is Scribd that has POO in all caps, the indictment has the complete name in caps.
When your name is all in upper case, this is a case of Capitus Diminutio Maxima, meaning that you have no rights and are a slave to the state.
Don't believe it? Then look at every governmental and corporate document in your possession.
Re: (Score:2)
Lin is his Family/surname. I initially wasn't sure, but then I found a local news report citing a police official using his given name as "Mun Poo".
Anyway, it's a chinese name and when written in mandarin, surnames come before given names. Confusion arises when the name is romanised (often times in a shoddy manner, so you can't tell just by reading it) and then the surname is moved to the back as is the formal english style. It gets worse in documents where the comma or uppercase seperating first and last n
I'll bet (Score:2)
I'll bet he will serve a far harsher sentence than rapists and child diddlers, because this involves the almighty dollar.
Re: (Score:3, Insightful)
Like being recruited by the NSA or the Cyber command.
I'll Bet you will... (Score:2)
I'll bet he will serve a far harsher sentence than rapists and child diddlers, because this involves the almighty dollar.
After someone empties your bank account, let me know how you feel.
Re: (Score:1)
After someone rapes you/your wife/daughter, let me know how you feel.
Re: (Score:2)
For those not keeping up, here are the options:
1) Have your money stolen from your bank account.
2) Have the female loved ones in your life raped.
If someone is coming around, snatching up money and people, instead of arguing over which is worse, you better just hide your money, hide your wife, hide your kids...
Re: (Score:2)
I've had it happened and it sucked for about 24 hours. I called up Wells Fargo, they investigated and determined that my account was compromised and they gave me my money back. Now granted, it was only a couple thousand dollars, but it was still all of the money that I had.
You're just ignorant to compare a minor inconvenience like not having access to money for a couple of days, to physical assault and rape. In the latter case, you're completely helpless and at the mercy of someone else. In the former,
how could they... (Score:1)
How could those companies that were in charge of military intel have been so loose as to place the computers that are to contain the intel that is lcassified to access the internet so easily. That is 1) prob right there....secondly, the banks again should not have their main data available to the web as well, although seeing some of the banks today using everything web faced, I can not really blame them, they are all just sheeping along...but military should have known better.
This guy is a bad apple, but do
This is why (Score:2)
Re: (Score:2)
The most you'd possibly lose is your bathing suit, and that's generally fun for everybody.
Go to a public swimming pool, look at the people there, and let us know if you still stand by that statement.
Is anyone (Score:1)
Frank Zappa on Mr. Poo (Score:1)
Another example (Score:2)
Incidents like this demonstrate that when the Government says they'll keep your data secure and private (body scanner data, for example) that it's representatives are either intentionally lying or naive, or both.
But they still demand more "tools" (ie- power) and insist that they are competent custodians. No government should ever be trusted this much, no matter how just and righteous it is.
Why does the Fed have credit card numbers? (Score:3, Insightful)
Seriously, why does the Federal Reserve have consumer credit card numbers? We're not talking about TJ Maxx here: unless I'm mistaken the Federal Reserve only does business with banks, they have nothing to do with ordinary consumers and their silly bits of plastic.
People putting their income tax payments on plastic, maybe? I'm stumped.
The numbers were stolen? (Score:1, Insightful)
stolen over 400,000 credit and debit card numbers
So the owners of the cards opened their wallets and found no numbers left on their cards any more? Since the numbers were stolen.
A set up to determine agenda. (Score:2)
excuse me, but that kind of bullshit can only make idiots believe itself. anyone who has the slightest understanding of tech world will know that the person at a caliber like the above will never leave deep, unreachable rec
In other news (Score:1)
The Federal Reserve hacked into US Dollar savings and stole $4 trillion.
Re: (Score:1, Troll)
Serioulsy?
Well, for the record, there is an architect named I. M. Pei.
Re: (Score:2)
I am pie, or am I mispronouncing the last word.
Re: (Score:2)
Re: (Score:2)
He's a character in a potty-training book I used to read to my daughter.
Unlike the book, this Mr. Poo is going to the Grown Up potty where Mr. Bubba will enjoy Mr. Poo's company...
Re: (Score:2)
Seriously.
I'd suggest that he seek asylum on the island nation of Fernando Poo [thefreedictionary.com], but that might create an international crisis [everything2.com] that leads us to the brink of nuclear war.
Mr Lin (Score:4, Informative)
Nope, they screwed it up. His family name is "Lin", his given name is "Mun Poo".
However, since he is Malaysian Chinese, things get weirder, Malaysian Chinese may write their name Chinese order "Lin Mun Poo", western order "Mun Poo Lin", without family name "Mun Poo", a single Arabic name e.g. "Muhammad", a single English name or an English name with a Chinese surname e.g. "David Lin". Any one of these might be what is written on this individual's birth certificate.
Re: (Score:2)
Muhammad (or its various variants) is usually used as a p
Re: (Score:2)
It could be worse, there is a Whitehead Institute near me. Then there is Mr Lipschitz.
Re: (Score:3, Insightful)
I think the point was, all races are equally (un)trustworthy.
Re: (Score:2, Insightful)
Did anyone else notice the lovely little bit of racism at the top of the article: ... are able to do' "
"'If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians
With the net someone from anywhere has just as much access to all the information you'd need to learn how to do this.
there's nothing special about the chinese, the russians or the americans, hackers come from everywhere.
Re: (Score:1, Offtopic)
Re: (Score:2)
Re:You can't trust Asians (Score:4, Insightful)
"'If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians ... are able to do' "
No racism there, except for extremely expansive gratuitously warped definitions of racism.
There are well-known large hacking rings in Russia and China. It is not difficult to imagine that many hackers working together are obviously a potentially larger threat than one hacker, assuming individuals of comparable skill and knowledge; the conclusions are obvious and have nothing to do with race.
There are some Malaysian hacking rings, but less well known to the public and the popular media.
Even if the more adept hackers happened to be in China, and it was stated, it wouldn't imply anything about race. As there are other factors involved, such as government being involved and promoting hacking, or there being stronger penalties for hackers in a country. The amount of technology available in a country, and the state of its economy and culture also effect such things.
In any event, Racism is defined as using power, for example, force, government authority, business decisions, or threat of violence/harm to promote the superiority of one race or to marginilize another.
Besides race there are a lot of differences between the culture and environment in Malaysia VS Chinese/Russian countries, ability to hide, and access to certain resources.
There is nothing in the article indicating the Malaysian race is somehow inferior, or evil, or that hackers of the Chinese/Russian race are superior, inferior, or more evil, ergo no racism.
Malaysian vs. Malay (Score:1)
There is nothing in the article indicating the Malaysian race is somehow inferior, or evil, or that hackers of the Chinese/Russian race are superior, inferior, or more evil, ergo no racism.
"Malaysian" is a term used to describe a citizen of Malaysia, a nation comprised of people from different ethnic groups. "Malay" is an ethnic term that can describe people from one of those groups. The expression "Malaysian race" is as meaningless as "American race" or "Canadian race."
Re: (Score:1)
The expression "Malaysian race" is as meaningless as "American race" or "Canadian race."
To be perfectly pedantic, the whole concept of race is flawed. We're all one species. Our only differences are cultural.
Re: (Score:1)
To be perfectly pedantic, the whole concept of race is flawed.
The word race in reference to humans refers to minor genetic variations held by certain groups within the same species or subspecies, resulting from them coming from the same breed. These can definitely be detected -- for example, there is (or was) a breed of humans that tends to have a certain skin tone, a certain hair color, a certain eye color, etc.
It is independent of culture; people can be of a certain race, but not the culture, and pe
Re:You can't trust Asians (Score:4, Insightful)
I think the emphasis should be on the "some guy" aspect rather than the "Malaysia" aspect. The fact of the matter is, China and Russia aren't exactly hiding the fact that they have large populations of people who are basically dedicated to computer intrusion, espionage and intelligence gathering, many of whom receive partial or full government support, or are in fact government employees. While we have our own NSA, Russia and China seem to have lots of general citizens who are engaging in such activities for avowed nationalist purposes. I have a somewhat hard time believing that if I started hacking foreign governments and then went down the road here to share what information I may have gleaned that I'd be welcomed with open arms.
Malaysia isn't a country one generally hears about engaging in this type of activity. He could have been from Andora for all it matters, and the message would be the same: if one guy, no matter where he's from, without the support of his own government intelligence agencies, is able to obtain this type of information and access, then malicious state actors should have no trouble doing so. Also, the fact that his access to logistical information wasn't noticed until the course of what started out as a simple criminal investigation by the appropriate authorities (Secret Service being under the authority of the Treasury Department), that's kind of scary. It means that the Russians, Chinese, Iranians, or anyone else might also have had access to that same data and no one was apparently paying any attention, or there are unknown security flaws which were exploited and thus there were no IDS/IPS rules to catch the activity and raise any flags.
This dude is somewhat irrelevant compared to the wider implications of the non-credit-related activities, which are also pretty much straight up crime.
Re: (Score:3, Insightful)
Clearly it means 'If one guy from a "friendly" country can do that, imagine what agents of the "unfriendly" countries can do with the backing provided by the state'.
Re: (Score:2)
Did anyone else notice the lovely little bit of racism at the top of the article: ... are able to do' "
"'If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians
With the net someone from anywhere has just as much access to all the information you'd need to learn how to do this.
there's nothing special about the chinese, the russians or the americans, hackers come from everywhere.
The word you were looking for was probably "Xenophobia", not "racism".
Re: (Score:2)
Not racism, just unclear. To translate, if an individual from a relatively neutral country can do this, imagine what the large group of state backed hackers from less friendly countries can do with their resources.
Re: (Score:2)
With the net someone from anywhere has just as much access to all the information you'd need to learn how to do this. there's nothing special about the chinese, the russians or the americans, hackers come from everywhere.
There is something special about "the americans", a lot of them are rather monolingual. It is harder for a monolingual non-X speaker to crack an X computer system than for a multilingual non-X speaker. Someone who speaks/understands some X has an even bigger advantage. Most people from Malaysia know Malay, Lin Mun Poo probably knew Chinese, selling data in "a diner" probably requires some fluency in English.