Monday, November 22, 2010

Arrest of Malaysian Hacker Again Highlights Nation's Cybersecurity Problems

The arrest of a Malaysian hacker has shed light on serious weaknesses in the nation's security of vital computer systems, and raises new concerns over concerted efforts to crack the nation's security systems.
Those are among the puzzling questions raised by allegations against Lin Mun Poo, a 32-year-old Malaysia native whose case illustrates the mounting national secrets threats posed by overseas cyberattacks, U.S. law enforcement and intelligence officials tell NBC News.

The U.S. government’s case against Poo, who is slated to be arraigned in federal court in Brooklyn on Monday, has so far gotten little attention. But many of the allegations against him seem alarming on their face, according to cybercrime experts. "This is scary stuff," said one U.S. law enforcement official.

Poo was arrested by Secret Service agents last month shortly after flying into New York's John F. Kennedy airport with a "heavily encrypted" laptop computer containing a "massive quantity of stolen financial account data," including more than 400,000 credit card, debit card and bank account numbers, according to a letter filed by federal prosecutors last week laying out a "factual proffer" of their evidence against Poo. [ Click here to read the prosecutors' letter in PDF format.]

He later confessed to federal agents that he had gotten the credit and bank card data by tapping into the computer networks of "several major international banks" and companies, and that he expected to use the data for personal profit, either by selling it or trading it, according to the prosecutors' letter.

Poo's court-appointed lawyer did not respond to a request from NBC News for comment.

'Impressive level of criminal activity'
But far more disturbing, according to U.S. intelligence officials and computer crime experts, was his penetration of both a Federal Reserve network of 10 computers in Cleveland as well as the secure networks of a "major" Defense Department contractor. According to the prosecutors' letter, the Pentagon contractor, which has not been identified, provides system management for military transport and other "highly-sensitive military operations."
This comes on the heels of revelations that state-owned China Telecom instructed U.S. and other foreign Internet traffic to go through Chinese servers during an 18-minute stretch on April 8, which included Pentagon sites and other vital information.

No comments: