A Malaysian man has been charged with hacking into major U.S. corporations, including the U.S. Federal Reserve Bank of Cleveland and FedComp, a company that processes financial transactions for credit unions.
Lin Mun Poo, 32, was arrested on Oct. 21, just hours after flying into New York and selling US$1,000 worth of stolen credit card numbers at a Brooklyn diner, prosecutors said. After inspecting his laptop, U.S. Secret Service investigators found more than “400,000 stolen credit and debit card account numbers allegedly obtained by hacking into various computer systems of other financial institutions,” the Secret Service said in a news release.
Poo, who’s been in custody since his arrest last month, was indicted Thursday on hacking, fraud and identity theft charges by a federal grand jury in U.S. District Court for the Eastern District of New York, in Brooklyn. The Secret Service says he was in the business of hacking into companies’ networks and selling the sensitive information he uncovered.
After being arrested, Poo told investigators that he had flown to the U.S. to meet with an unidentified person who claimed he could regularly provide him with a lot of stolen card numbers, prosecutors said in court fillings. He allegedly wanted to use the numbers to withdraw cash from automated teller machines.
His alleged hacking activities were widespread. Prosecutors say he hacked into the Federal Reserve Bank of Cleveland’s network in June of this year, and compromised at least 10 computers there.
He also allegedly hacked into the FedComp system and accessed data belonging to many victims, including the Firemen’s Association of the State of New York Federal Credit Union and the Mercer County New Jersey Teachers’ Federal Credit Union.
“The defendant also admitted to compromising the computer networks of several major international banks and companies, and admitted earning money by finding and exploiting network vulnerabilities or trading and selling the information,” the U.S. Department of Justice said in a Thursday court filing arguing that Poo is a flight risk and should not be granted bail.
In August, he hacked into a “major Department of Defense contractor, which provided systems management for military transport and other highly sensitive military operations,” prosecutors said.
Neither the Cleveland Fed nor FedComp immediately responded to messages seeking comment on the case. Poo’s attorney, Kannan Sundaram, could not immediately be reached for comment.
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address is robert_mcmillan@idg.com