Because You Can’t Get To Space Without Cyberspace…

Posted: November 22, 2010 in Uncategorized
Tags: , , , , ,

To paraphrase Strangelove, national security could be easily accomplished with a computer.  Or is it easily compromised with a computer?

From msnbc.com’s Michael Isikoff’s article ‘Scary stuff’: Cyberattack arrest highlights risk:

How did a hacker in Malaysia manage to penetrate a computer network operated by the Federal Reserve Bank of Cleveland?

And what was the same accused cybercriminal doing this summer when he allegedly tapped into the secure computers of a large Defense Department contractor that managed systems for military transport movements and other U.S. military operations?

Those are among the puzzling questions raised by allegations against Lin Mun Poo, a 32-year-old Malaysia native whose case illustrates the mounting national secrets threats posed by overseas cyberattacks, U.S. law enforcement and intelligence officials tell NBC News.

As a starter, wouldn’t it be easier if the perp’s name was something like Sauron or Morgoth or even Dr. Evil instead of Poo.  Still…

The U.S. government’s case against Poo, who was arraigned in federal court in Brooklyn on Monday and entered a plea of not guilty, has so far gotten little attention. But many of the allegations against him seem alarming on their face, according to cybercrime experts. “This is scary stuff,” said one U.S. law enforcement official.

Poo was arrested by Secret Service agents last month shortly after flying into New York’s John F. Kennedy airport with a “heavily encrypted” laptop computer containing a “massive quantity of stolen financial account data,” including more than 400,000 credit card, debit card and bank account numbers…

He later confessed to federal agents that he had gotten the credit and bank card data by tapping into the computer networks of “several major international banks” and companies, and that he expected to use the data for personal profit, either by selling it or trading it, according to the prosecutors’ letter.

However, Poo’s effort extended beyond the traditional criminal activity and wandered into the national infrastructure (the Federal Reserve in this case) and espionage arenas.

…far more disturbing, according to U.S. intelligence officials and computer crime experts, was his penetration of both a Federal Reserve network of 10 computers in Cleveland as well as the secure networks of a “major” Defense Department contractor. According to the prosecutors’ letter, the Pentagon contractor, which has not been identified, provides system management for military transport and other “highly-sensitive military operations.”

So how hard is it to grow a cyber warrior/cyber criminal like Poo and how big a threat is this cyberstuff?  While it may depend on which candid and anonymous former senior U.S. intelligence official you ask, one had this to say:

“If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians, the people with real capabilities, are able to do,” said one former senior U.S. intelligence official, who monitored cyberthreats and asked for anonymity in order to speak candidly.

In fact, the penetration of sensitive national security computers by overseas hackers — many of them believed to be state sponsored — is rapidly emerging as one of the country’s most alarming national security threats, officials said. And the threat is not just from foreign governments and for-profit hackers. Officials have also expressed worries that terrorist groups may be capable of the same sorts of sophisticated penetrations.

And just what Poo was he trying to do anyway?  All we really know is that he doesn’t have a honey jar stuck on his nose.

So far, it is unclear whether Poo’s alleged hacking created any comparable compromise of sensitive U.S. government data. Federal prosecutors allege that he hacked into the Federal Reserve computers in Cleveland by transmitting “malicious” computer codes and commands and that the attack resulted in “thousands of dollars in damages” that affected “10 or more” Federal Reserve computers.

Another critical question is whether Poo was working with a larger hacking network and, if so, who may have been a part of it. The indictment against him alleges that he acted “together with others.” But the indictment does not identify any co-conspirators. It also does not indicate what Poo expected to do with the data he may have accessed by hacking into the Pentagon contractor computers.

So where to next for those working the crime?  As Deep Throat told us, follow the money.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s