Malaysia has agreed to a U.S. request to extradite the chief executive and another officer of a computer gaming company who are accused in a 23-count indictment of working with Chinese nationals to hack into and steal from firms in the United States and abroad.
The Malaysian duo, Wong Ong Hua, 46, and Ling Yang Ching, 32, the CEO and chief product officer of SEA Gamer Mall based in Perak, were arrested on Sept. 14 following a Department of Justice (DOJ) request that they be sent to the U.S.
“They are currently detained at the Sungai Buloh prison,” Huzir Mohamed, director of Criminal Investigation Department of Federal Police, said in a statement.
“The U.S. authorities have applied for the duo’s extradition on Sept. 3 and the attorney general has approved it in line with Extradition Act 1992 and Extradition Treaty between Malaysian government and the United States,” Huzir said. Wong and Ling can be remanded for up to 60 days under the act and treaty.
The DOJ alleges that Wong and Ling targeted companies in the U.S., France, Japan, Singapore and South Korea under the mistaken belief they would evade capture because law enforcers would not be able to investigate them “across national borders.”
“As Wong explained on one occasion, ‘it is definitely illegal. So we do it overseas,’” the DOJ said in a 50-page affidavit, which was dated Aug. 18 but released on Wednesday.
Wong and Ling were charged with racketeering, conspiracy, identity theft, aggravated identity theft, access device fraud, money laundering, violations of the Computer Fraud and Abuse Act and falsely registering domain names, according to the affidavit. The charges carry prison sentences of as much as 10 to 27 years, if they are convicted.
They allegedly conspired with two Chinese hackers, identified as Tan Dailin and Zhang Haoran, along with others who were not named, in a scheme to profit from the sale of “illegally obtained digital goods related to video games” between June 2014 and December 2018. The affidavit alleges they obtained these goods through fraud, computer hacking, identity theft and “promotional money laundering.”
The DOJ announced the indictments against the four and three other Chinese nationals on Wednesday. The five suspected Chinese hackers were responsible for “computer intrusions affecting more than 100 victim companies in the United States and abroad,” U.S. justice officials alleged.
The DOJ said the five Chinese were fugitives.
“This case demonstrates the FBI’s dedication to pursuing these criminals no matter where they are, and to whom they may be connected,” said James Dawson, special agent in charge of the Criminal and Cyber Division of the FBI’s Washington Field Office.
Company vows to cooperate
Wong’s company, SEA Gamer Mall, issued a statement that it was aware of the U.S. allegations but did not name him or Ling. It also said it was committed to fully cooperating and assisting authorities.
“The two employees concerned are temporarily on leave pending resolution of the matter,” the statement said.
“Without compromising the integrity of any ongoing legal process, suffice to say that the company has never engaged in any illegal activity as we are a home-grown Malaysian company with hundreds of employees and millions of customers all around the world.”
Meanwhile, an FBI official praised outside cooperation for the arrests of Wong and Ling without specifically naming Malaysian agencies.
“The arrests in Malaysia are a direct result of partnership, cooperation and collaboration. As the cyber threat continues to evolve larger than any one agency can address, the FBI remains committed to being an indispensable partner to our federal, international and private sector partners to stop rampant cybercrime and hold those carrying out these kind of actions accountable,” FBI Deputy Director David Bowdich said in the statement on Wednesday.
Michael R. Sherwin, acting U.S. Attorney for the District of Columbia, said the targeting of gaming platforms was new.
“The scope and sophistication of the crimes in these unsealed indictments is unprecedented. The alleged criminal scheme used actors in China and Malaysia to illegally hack, intrude and steal information from victims worldwide,” Sherwin said.
“As set forth in the charging documents, some of these criminal actors believed their association with the PRC [People’s Republic of China] provided them free license to hack and steal across the globe. This scheme also contained a new and troubling cyber-criminal component – the targeting and utilization of gaming platforms to both defraud video game companies and launder illicit proceeds.”
Muzliza Mustafa in Kuala Lumpur contributed to this report.