A Malaysian man was charged today by a federal grand jury with hacking into a Federal Reserve Bank computer network and possessing more than 400,000 credit and debit card numbers.
Lin Mun Poo, 32, was arrested shortly after his arrival in the United States Oct. 21 and has been in custody since then, according to the U.S. Attorney's Office for the Eastern District of New York. According to the government's pleadings and a detention letter filed today, Poo targeted not just financial institutions, but also major corporations and a defense contractor.
"As today's technology continues to evolve, cybercriminals use these advances and enhancements to perpetrate an expanding range of crimes," said Secret Service Special Agent in Charge Brian Parr, in a statement. "These crimes not only affect our nation's financial infrastructure, but are also an ongoing threat to our national security."
According to authorities, Poo traveled to the United States Oct. 21 to obtain additional stolen financial information from other hackers to sell for his own profit. When he was arrested after arriving at John F. Kennedy International Airport, Secret Service agents seized his laptop computer-which authorities described as "heavily encrypted." The laptop contained a large amount of financial account data and personal identifying information Poo obtained by hacking into various computer systems, authorities said.
Among his reputed victims was FedComp, a data processor for federal credit unions. According to authorities, he was also able to gain unauthorized access to the data of various federal credit unions, including the Firemen's Association of the State of New York and the Mercer County New Jersey Teachers. He is also accused of compromising the computer servers of major financial institutions and companies, including the Federal Reserve Bank of Cleveland, Ohio.
In addition, Poo is accused of hacking into a computer system belonging to a Department of Defense contractor that provides systems management for military transport and other military operations.
"The 400,000 credit cards stolen is likely only the tip of the iceberg, but even at that it represents [tens] of millions of dollars in potential fraud," noted Michael Maloof, CTO of TriGeo Network Security.
If convicted of the most serious offenses, Poo faces a maximum sentence of 10 years in prison.