Malaysian hacked into US Fed

[yellow people]

Malaysian hacked into US Fed: prosecutors

Published: 19/11/2010 at 07:00 AM

A sophisticated Malaysian cyber bandit hacked into the US Federal Reserve's computers and also stole nearly half a million credit and debit card numbers, US prosecutors in New York said.

The Federal Reserve Building in Washington, DC. A sophisticated Malaysian cyber bandit hacked into the US Federal Reserve's computers and also stole nearly half a million credit and debit card numbers, US prosecutors in New York said.

Lin Mun Poo, a Malaysian resident and citizen, was arrested on October 21 soon after entering the United States and was indicted by grand jury Thursday, the US attorney's office in Brooklyn said. He allegedly hacked into the Cleveland, Ohio branch of the Fed, the US central bank, and in separate attacks also stole more than 400,000 card numbers, as well as breaching the defenses of numerous other systems.

Poo, who is being held in pre-trial detention, "made a career of compromising computer servers belonging to financial institutions, defense contractors, and major corporations, among others, and selling or trading the information," the US attorney's office said. The US Secret Service arrested the 32-year-old a few hours after he flew to John F. Kennedy International Airport in New York.

"Secret Service agents seized his heavily encrypted laptop computer, which contained a massive quantity of financial account data and personal identifying information that he had allegedly obtained by hacking," the prosecutor's office said. Brian Parr, the head of the Secret Service's New York office, said cyber crimes "not only affect our nation's financial infrastructure, but are also an ongoing threat to our national security."

Among the other alleged hacking by Poo, the Secret Service said he entered a Pentagon contractor's system "potentially compromising highly sensitive military logistics information." Earlier this week, US Defense Secretary Robert Gates warned that cyber attacks pose a "huge" threat.

 

[yellow people]

Malaysian charged with hacking into US bank


Saturday November 20, 2010

Malaysian charged with hacking into US bank

NEW YORK: A Malaysian man, charged on Thursday with hacking into computer networks of the US Federal Reserve Bank (FRB) and a defence contractor, was caught by Secret Service agents while selling stolen credit card numbers for US$1,000 (RM3,200) at a diner in New York. Court documents released by US prosecutors said the man, identified as Lin Mun Poo, 32, was arrested on Oct 21, hours after arriving in New York.

He was indicted by a grand jury on Thursday on four charges, including hacking into the system of a US central bank branch in Cleveland, Ohio. “In his post-arrest statement, the defendant admitted compromising the computer servers of a number of major financial institutions and companies,” US prosecutors in Brooklyn wrote in a letter to US District Judge Dora Irizarry, who was assigned the case.

It said Lin admitted exploiting a vulnerability he found in the bank’s computer system. “The Federal Reserve Bank in Cleveland, Ohio, has confirmed that an FRB computer network was hacked in June 2010, resulting in thousands of dollars in damages, affecting 10 or more computers,” the letter said.

A court hearing for the judge to consider a government request to continue to detain Lin was postponed. No new date has been scheduled yet. Lin’s court-appointed lawyer was not available to comment. Lin is a Malaysian with no professional or family ties to the US, the letter said. He arrived at New York’s John F. Kennedy airport from Europe with a round-trip ticket, planning to return on Nov 22.

“Within hours of his arrival at JFK, US Secret Service agents observed the defendant selling stolen credit card numbers for $1,000 at a diner in Brooklyn and arrested him shortly thereafter,” the letter to the judge said. Other allegations against Lin include possession of more than 400,000 stolen credit cards and debit cards on an encrypted laptop computer that the agents seized. If convicted, he faces a potential maximum prison sentence of between six-and-a-half years to eight years. - Reuters

 

[Zhang He]

Malaysian hacker highly skilled


Sunday November 21, 2010

Malaysian hacker highly skilled

By AMY CHEW and CHRISTINA TAN
[email protected]

PETALING JAYA: The Malaysian accused of hacking into the system of a US central bank branch in Cleveland, Ohio, is believed to be highly skilled and collaborating with others in carrying out cyber crimes. US prosecutors described Lin Mun Poo, 32, as an “extremely sophisticated and dangerous computer hacker” in documents obtained from the US Justice Department.

Lin made world headlines for the wrong reasons — he managed to hack into high security cyber systems of major institutions in the US, including the Federal Reserve Bank and the Pentagon’s security contractors. He was caught in a New York diner by the Secret Service on Oct 21 while allegedly selling stolen credit card numbers for US$1,000. It was only hours after he had arrived in the city.

On Thursday, he was indicted by a grand jury on four charges, including for hacking into the central bank branch in Cleveland. If convicted, Lin faces a jail sentence of between six-and-a-half years and eight years. According to Malaysian authorities, Lin hails from Ipoh where he has a registered business address. “He is highly professional and we believe he works with at least one accomplice,” a senior police official told Sunday Star.

Lin, according to the official, came to the attention of US authorities four years ago in Thailand, where he was allegedly involved in hacking into some US-linked organisations. “The fact that he was arrested by the Secret Service showed the seriousness of his activities. “The Secret Service handles cases which are deemed to be a threat to national security,” said the official.

Justice Department prosecutors told US district judge Dora Irizarry in a letter that in August, Lin hacked into the secure computer system of a major defence department contractor which provides systems management for military transport and other highly sensitive military operations. It is understood that the primary purpose of Lin’s trip to the United States was to meet someone he believed was capable of regularly providing him with a large volume of stolen card numbers and personal identification numbers.

Meanwhile, consul-general in New York Mohd Zamruni Khalid said he received notification from authorities on Friday regarding Lin’s arrest. Efforts were being made to see Lin and contact his family in Malaysia, he said, adding that the Consulate General office was prepared to provide assistance if there was a request from Lin or his family. However, he declined to comment further until they met Lin.

 

[yellow people]

Police in contact with US cops over Malaysian hacker


Published: Monday November 22, 2010 MYT 8:34:00 PM

Police in contact with US cops over Malaysian hacker

KUALA LUMPUR: Malaysian police are in contact with their United States counterparts to find out if the Malaysian who hacked into the US Federal Reserve computers and stole over 400,000 credit card numbers was working with other accomplices or had committed the crime in other countries. Inspector-General of Police Tan Sri Ismail Omar said he had instructed the Commercial Crime Investigation Department to contact the authorities in the US.

The hacker, Lin Mun Poo, 32, was arrested on Oct 21 in the US and charged on Thursday with hacking into the Cleveland, Ohio branch and stealing more than 400,000 credit card numbers. Lin, who gained the notoriety as the "super hacker" for his ability to break into computer systems in the US, including that of a Pentagon contractor, was arrested hours after arriving at the John F. Kennedy International Airport in New York.

Speaking to reporters after attending a police event here Mondday, Ismail said police had requested for more information about the man as soon as they came to know about the arrest. "We have excellent cooperation with our counterparts and will take all the necessary actions upon receiving a report from them," he said. - Bernama

 

[yellow people]

Cops to find out if hacker had accomplices


Tuesday November 23, 2010

Cops to find out if hacker had accomplices

KUALA LUMPUR: The police are working with their counterparts in the United States to ascertain if a Malaysian man arrested for hacking and selling stolen credit card numbers in that country had accomplices. Inspector-General of Police Tan Sri Ismail Omar said they were also trying to ascertain if the man was operating in other countries as well.

He said he had ordered the Commercial Crime Department to liaise with the US police to obtain more information. “We are cooperating with our counterparts and will take necessary action upon receiving a report from them,” he said after attending a police programme at a hotel here yesterday.

Lin Mun Poo, 32, was arrested on Oct 21 in the United States and charged on Thursday with hacking into the system of a US central bank branch in Cleveland, Ohio, and stealing more than 400,000 credit card numbers within a month. According to Malaysian authorities, Lin hails from Ipoh.

 

[nkfnkfnkf]

Malaysia Boleh!

Why not Singaporean? That's the result of 1st World IT Education! Our kids only play online games and facebook, nothing more!

 

[yellow people]

Malaysian pleads not guilty of hacking


Wednesday November 24, 2010

Malaysian pleads not guilty of hacking

By AMY CHEW
[email protected]

PETALING JAYA: Malaysian Lin Mun Poo, 32, pleaded not guilty to charges of hacking into the computer network of the US Federal Reserve Bank (FRB) and unlawful possession of stolen credit and debit card account numbers belonging to individuals. Lin pleaded not guilty before US District Court Judge Dora L. Irizarry on Monday in Brooklyn, New York, the US Justice Department told The Star in an e-mail.

Judge Irizarry issued a permanent order of detention remanding Lin and ordered him to appear before the court on Dec 12. Prosecutors told Judge Irizarry in a letter that Lin posed a “serious risk of flight” and should remain in pre-trial detention. “The defendant’s lack of any non-criminal ties to the United States and his return plane ticket to Malaysia are sufficient to demonstrate his severe flight risk,” said the prosecutors.

“Moreover, the defendant has seemingly limitless unauthorised access to financial accounts and identity information from around the world which would enable him to easily obtain financial resources and a new identity to facilitate his flight. “Finally, the defendant faces a lengthy term of incarceration which would increase his motive to flee the United States if he were released from custody,” the prosecutors said.

Lin is accused of hacking into a computer network of the FRB in Cleveland, Ohio, causing thousands of dollars in damages, affecting 10 or more computers. If convicted, he faces a maximum prison sentence of between six-and-a-half years to eight years. He was arrested by the Secret Service shortly after he arrived at the John F. Kennedy Airport in New York on Oct 21 and has been in custody since.

Lin is also accused of hacking into the computer system of a Defence Department’s contractor that provides systems management for military transport and other military operations, potentially compromising highly sensitive military logistics information.

 

[yellow people]

Now, everyone can hack


Sunday November 28, 2010

Now, everyone can hack

By AMY CHEW
[email protected]

Cyber crimes are evolving. A lay person can now have a go at hacking with the advent of “attack tool kits” sold in the underground economy servers.

MALAYSIAN Lin Mun Poo did more than get himself arrested when he allegedly hacked into the high security computer networks of the United States’ Federal Reserve Bank (FRB) and the Pentagon’s security contractor. He put Malaysia on the map of “super hackers”, on par with those from China and Russia, raising concerns from US security and intelligence officials.

“How did a hacker in Malaysia manage to penetrate a computer network operated by the Federal Reserve Bank of Cleveland?” mused MSNBC.com, the website of the giant US cable news network NBC, when the news broke. “To have the skills to break into highly sensitive systems like that is an impressive level of criminal activity,” MSNBC.com quoted Kurt Baumgartner of Kaspersky Lab, a computer security firm, as saying.

Little restraint: Efforts to combat cyber crimes are being hampered by the lack of agreement in law enforcement procedures and cooperation across international jurisdictions. — Relaxnews

Last Monday, Lin, 32, pleaded not guilty to charges of hacking into the FRB and unlawful possession of stolen credit and debit card account numbers belonging to individuals. He was denied bail. Little is known of Lin except that he hails from Ipoh where he has a business address.

It turns out to be a pub cum karaoke lounge in a commercial district of Ipoh. Malaysian police say Lin has no criminal record and it appears he commits his cyber crimes outside the country. “We are working together with our US counterpart to obtain more information of his activities there,” said a senior police source.

Describing Lin as “highly professional”, the source said Lin appeared on US authorities’ radar four years ago – in Thailand where he was alleged to be involved with hacking into US-linked corporations. Cyber crime has evolved from the past when men and women hacked into computer systems of established entities for their five minutes of fame.

“Cyber criminals used to be after fame. The attacks were noisy, brought down systems and were highly visible,” said Nigel Tan, Symantec Corporation principal consultant for the Asia South region. Symantec’s Global Intelligence Network has the largest, most sophisticated intelligence network worldwide, processing over eight billion e-mail messages daily and gathering malicious code data from 130 million systems.

Today’s hackers are mainly motivated by money. They move silently across borders in cyber space and the physical world, selling their ill-gotten wares in the underground economy. “The attacks have now become more silent and they are motivated purely by financial gains. Their motivation is to sell whatever information they get,” Tan added.

Lin was arrested by the US Secret Service on Oct 21 at a diner in Brooklyn after being caught red-handed selling stolen credit card numbers for US$1,000 (RM3,000). He had just arrived a few hours earlier on a flight from Europe. Secret Service agents seized his heavily encrypted laptop computer and found more than 400,000 credit, debit and bank account numbers which he had allegedly obtained by hacking into various computer systems.

In his post-arrest statement, Lin said the primary purpose of his trip to the US was to meet with an individual whom he believed was capable of regularly providing him with a large volume of stolen card numbers and personal identification numbers. Credit card information topped the list of goods advertised for sale on the underground economy servers, accounting for 28% of all goods, according to the Symantec Intelligence Quarterly for April-June 2010.

Prices ranged from US$1 (RM3) to US$30 (RM90) depending on three main factors: the amount of information included with the card, rarity of the card type and bulk purchase sizes. Credit cards that included security features such as CVV2 numbers, PINs and online verification service passwords were offered at higher prices. The Federal Reserve Bank of Cleveland, Ohio was not Lin’s only victim, as it is alleged that he also breached the computer servers of major financial institutions and companies.

“The defendant possessed data illegally obtained from the computer network of FedComp, a data processor for various credit unions in the United States,” Justice Department prosecutors told US District Judge Dora L. Irizarry in a letter. By hacking into FedComp, Lin gained access to the data of the Firemen’s Association of the State of New York Federal Credit Union and the Mercer County New Jersey Teachers’ Federal Credit Union, among other victims.

According to the prosecutors, the amount of stolen data found in Lin’s possession is staggering and has led them to describe him as an “extremely sophisticated and dangerous” computer hacker. It underscored cyber criminals’ single-mindedness in searching and exploiting vulnerabilities in the computer systems of government institutions and corporations.

Lin admitted he made money by “finding and exploiting network vulnerabilities,” or trading and selling the information contained therein, according to the prosecutors. Symantec warns that it is now easier than ever to launch a cyber attack, thanks to the advent of a so-called “attack tool kit” sold in the underground economy. The attack tool kit is changing the landscape of cyber criminals that was once dominated by IT savvy individuals.

Now anyone can purchase a cyber attack tool kit and use it to launch sophisticated attacks. “Attack tool kits are easily available on the web for reasonable prices. A tool kit allows people to customise a piece of malicious code designed to steal data and other personal information,” said Tan. “Such tool kits are easy enough to implement that even people with minimal technical knowledge can use them effectively,” he added.

Two of the most common platforms where such tool kits are sold are the Internet relay chat (IRC) servers (IRC) and web-based forums, according to Tan. “Both feature discussion groups that participants use to buy and sell fraudulent goods and services.” For as little as US$5 (RM16) to US$20 (RM63), one can purchase an attack tool kit, he said. The tool kit is also sold on a monthly basis at a subscription rate of US$120 (RM378). This package comes with technical support.

“The market for these tool kits is now sophisticated enough that updated versions are released on a development schedule, advertising the inclusion of exploits for the latest vulnerabilities while retaining previous exploits,” Tan said. The lowering of barriers for attackers to enter into cyber crime is reflected in the increase in malicious code that steals confidential information. New malicious codes more than doubled, year-on-year, between 2006 and 2008. In 2009, it continued the upward trend, reaching 2.9 million, according to Symantec.

Efforts to combat cyber crimes on an international scale are being hampered by the lack of agreement in law enforcement procedures and cooperation across international jurisdictions. In the meantime, malicious activity is moving to countries with emerging IT and broadband infrastructure. As a result, it is likely that cyber crime will grow in emerging nations while levels remain relatively constant in established countries. But from all accounts, Lin is no ordinary hacker.

In August 2010, he allegedly hacked into the secure computer system of a major Department of Defence contractor which provides systems management for military transport and other highly sensitive military operations. The Justice Department said he “potentially compromised” highly sensitive military logistics information. If convicted, Lin faces a maximum prison sentence of between six-and-a-half years and eight years.