WASHINGTON, DC. November 22, 2010 (MSNBC) – How did a hacker in Malaysia manage to penetrate a computer network operated by the Federal Reserve Bank of Cleveland?
And what was the same accused cybercriminal doing this summer when he allegedly tapped into the secure computers of a large Defense Department contractor that managed systems for military transport movements and other U.S. military operations?
Those are among the puzzling questions raised by allegations against Lin Mun Poo, a 32-year-old Malaysia native whose case illustrates the mounting national secrets threats posed by overseas cyberattacks, U.S. law enforcement and intelligence officials tell NBC News.
The U.S. government’s case against Poo, who was arraigned in federal court in Brooklyn on Monday and entered a plea of not guilty, has so far gotten little attention. But many of the allegations against him seem alarming on their face, according to cybercrime experts. “This is scary stuff,” said one U.S. law enforcement official.
Poo was arrested by Secret Service agents last month shortly after flying into New York’s John F. Kennedy airport with a “heavily encrypted” laptop computer containing a “massive quantity of stolen financial account data,” including more than 400,000 credit card, debit card and bank account numbers, according to a letter filed by federal prosecutors last week laying out a “factual proffer” of their evidence against Poo. [ Click here to read the prosecutors’ letter in PDF format.]
He later confessed to federal agents that he had gotten the credit and bank card data by tapping into the computer networks of “several major international banks” and companies, and that he expected to use the data for personal profit, either by selling it or trading it, according to the prosecutors’ letter.
Poo’s court-appointed lawyer did not respond to a request from NBC News for comment.
‘Impressive level of criminal activity’
But far more disturbing, according to U.S. intelligence officials and computer crime experts, was his penetration of both a Federal Reserve network of 10 computers in Cleveland as well as the secure networks of a “major” Defense Department contractor. According to the prosecutors’ letter, the Pentagon contractor, which has not been identified, provides system management for military transport and other “highly-sensitive military operations.”
“To have the skills to break into highly sensitive systems like that is an impressive level of criminal activity,” said Kurt Baumgartner, a senior security researcher for Kaspersky Lab, a computer security firm.
While there is much about Poo’s alleged activities that remain unexplained — including his purpose in accessing the military contractor’s computers — his case underscores the continued vulnerabilities of computer networks that are critical to the country’s national security, U.S. intelligence experts said.
“If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians, the people with real capabilities, are able to do,” said one former senior U.S. intelligence official, who monitored cyberthreats and asked for anonymity in order to speak candidly.
In fact, the penetration of sensitive national security computers by overseas hackers — many of them believed to be state sponsored — is rapidly emerging as one of the country’s most alarming national security threats, officials said. And the threat is not just from foreign governments and for-profit hackers. Officials have also expressed worries that terrorist groups may be capable of the same sorts of sophisticated penetrations.
U.S. Undersecretary of Defense Bill Lynn recently disclosed in a Foreign Affairs article that the Pentagon suffered a significant compromise of its classified military computer networks in 2008, when officials discovered that a malicious computer code had been inserted into a U.S. military laptop at a base in the Middle East. (Click here to read the Foreign Affairs article, registration required.)
The flash drive’s code was placed there by a “foreign intelligence agency,” Lynn wrote, and quickly spread to the classified network run by the U.S. Central Command. This in turn prompted a Pentagon operation to neutralize the penetration, which was code-named “Buckshot Yankee,” according to Lynn’s article.
“There was massive concern about that,” the former U.S. intelligence official said of the 2008 penetration. “People were freaked out.”
The foreign intelligence agency was widely believed to be Russia’s, the former official said. The country’s agents were attempting to “exfiltrate” data from the classified Central Command computers, but Pentagon officials were never able to determine whether they had succeeded in doing so, the official added.
That same year, in an incident first reported by Newsweek in November and later amplified in Bob Woodward’s recent book, “Obama’s Wars,” Chinese hackers penetrated the campaign computers of the Barack Obama and John McCain presidential campaigns, prompting the Bush White House to advise both camps to take countermeasures to protect their data.
As Lynn presented the problem in his article, the penetrations of U.S. military data are growing “exponentially,” one of the key reasons the Pentagon recently set up the United States Cyber Command to beef up defenses.
“Every day, U.S. military and civilian networks are probed thousands of times and scanned millions of times,” Lynn wrote. “Adversaries have acquired thousands of files from U.S. networks and from the networks of U.S. allies and industry partners, including weapons blueprints, operational plans and surveillance data.”
So far, it is unclear whether Poo’s alleged hacking created any comparable compromise of sensitive U.S. government data. Federal prosecutors allege that he hacked into the Federal Reserve computers in Cleveland by transmitting “malicious” computer codes and commands and that the attack resulted in “thousands of dollars in damages” that affected “10 or more” Federal Reserve computers.
But June Gates, a spokeswoman for the Federal Reserve in Cleveland, said the penetration was restricted to a network of “test” computers used for checking out new software and applications and did not contain sensitive Federal Reserve data about banks in the region. She declined, however, to respond to questions about whether Federal Reserve officials were aware of the hacking attack when it occurred in June — or only learned about it last month after Secret Service agents seized Poo’s computer.
Troop movements compromised?
Pentagon officials said Sunday they were unable to respond immediately to questions about whether Poo’s hacking of the contractor’s computers had compromised military troop movements. But spokesman Bryan Whitman said in an e-mailed statement to NBC News: “We are keenly aware that our networks are being probed everyday. That’s precisely why we have a very robust and layered active defense to protect our networks and preserve our freedom of movement in this domain.”
Another critical question is whether Poo was working with a larger hacking network and, if so, who may have been a part of it. The indictment against him alleges that he acted “together with others.” But the indictment does not identify any co-conspirators. It also does not indicate what Poo expected to do with the data he may have accessed by hacking into the Pentagon contractor computers. [ Click here to read the indictment in PDF format.]
Baumgartner, the computer crime expert, said that so far the information about Poo hacking into military contractor and Federal Reserve computers does not seem to square with the seemingly run-of-the-mill purpose behind his acquisition of stolen credit card and ATM data. He was arrested hours after his arrival at JFK when undercover Secret Service agents observed him allegedly selling stolen credit numbers for $1,000 at a diner in Brooklyn.
“It doesn’t add up,” Baumgartner said. “This doesn’t fit with a profile of somebody from overseas that has infiltrated a defense contractor and the Federal Reserve.”
So far, almost nothing is known about who Poo really is, what his motivations are, and who his accomplices might be. But Baumgartner said he believes “that there’s a lot more to do this story that hasn’t come out.”