The founder and a partner of Perak-based SEA Gamer Mall, a digital game store, have been detained in Malaysia after being accused by the US Department of Justice (DOJ) of involvement in international hacking group APT-41.
The two men were arrested by Malaysian police at 8.45am on Monday in the coastal Perak town of Sitiawan, after an extradition request from the United States "for suspected money-laundering activities and cybercrimes", a Malaysian police statement said yesterday.
The extradition request was submitted by the US on Sept 3 and Malaysia's Attorney-General's Chambers approved it in accordance with the Extradition Act 1992 between Malaysia and the US, the police statement said.
The duo was found "to be selling unauthorised/illegal gaming artefacts like credits. The forensics team has seized evidence and documents in relation to their company", the statement said.
SEA Gamer Mall in a separate statement said the two men have been put on temporary leave and that the company has been offering the authorities full cooperation on the matter.
The DOJ named the two Malaysians as Wong Ong Hua and Ling Yang Ching. Wong is the founder and chief executive officer of SEA Gamer Mall, while Ling is listed as a partner and chief product officer, according to the company website.
Malaysia's police chief Abdul Hamid Bador earlier told The Straits Times that the arrests in Sitiawan were conducted under the Mutual Legal Assistance Treaty (MLAT).
He said: "The arrests are at the request of the US which uses the MLAT allocation to detect, arrest and extradite the suspects."
The treaty allows for law enfor-cement cooperation and assistance in a criminal investigation or proceeding.
"They will undergo the court process to be extradited to the US," Tan Sri Abdul Hamid said.
The SEA Gamer Mall's statement said: "We have been made aware of the American allegations against two employees of the company recently. The two employees concerned are temporarily on leave pending the resolution of the matter."
-
Hackers' alleged cybercrimes
-
These are some of the cybercrimes the hackers have committed since as early as 2012, according to the United States Department of Justice.
• Defrauded video game firms of virtual game resources by hacking or other means, and sold those resources for real money on the black market.
• Broke into legitimate software vendors through known security vulnerabilities and rigged vendors' products with malicious code to infect customers' computers with malware.
• Hijacked malware-infested computers to mine cryptocurrency or launch ransomware attacks for profit.
• Tricked employees in companies into downloading malware to corporate computers with spear-phishing e-mails. There, the hackers would steal source code, customer data and other valuable business information from the companies.
• Created a software called SonarX, a searchable database of personal data and social media information, specifically on people critical of the Chinese government and Hong Kong residents who opposed the new national security law.
• Compromised foreign government computer networks in India and Vietnam. Targeted government computer networks in the United Kingdom. In one notable instance, the hackers launched ransomware attacks on the network of a non-profit organisation that combats global poverty.
"As a responsible company serving millions of customers around the world we are committed to and have been offering full cooperation and assistance to the authorities," the statement added. "Without compromising the integrity of any ongoing legal process, suffice to say that the company has never engaged in any illegal activity as we are a home-grown Malaysian company with hundreds of employees and millions of customers all around the world."
The company on its website said it sells credits for a wide range of service providers including Apple iTunes, Singtel, and gamemakers such as Origin, Sony Playstation EA and Blizzard.
It claims to have 1.9 million registered users worldwide.
The US DOJ report states that Wong, 46, and Ling, 32, will face extradition proceedings, along with five Chinese nationals who were also charged.
They were allegedly running global hacking operations for at least six years to steal identities and video game technology, plant ransomware and spy on Hong Kong activists.
The DOJ, in a second indictment last month, charged Wong and Ling with 23 counts of racketeering, conspiracy, identity theft, aggravated identity theft, access device fraud, money laundering, violations of the Computer Fraud and Abuse Act, and falsely registering domain names.
While not much is known about Ling, the company's founder Wong is an electrical, electronics and communications engineering graduate from Universiti Teknologi Malaysia. He founded his business in 2007 with just one computer from his house in Perak.
"He's a family person. Whenever he has time to spare, he would take his family to travel around the world or simply spend his time in his home town," a close friend of Wong, who declined to be identified, told The Straits Times.
Wong has been an avid gamer since his undergraduate days, spending five to six hours every day to play games, said a report in Malaysian daily The Sun.
