The man allegedly gained access to computer systems belonging to FedComp (a data processor for various credit unions around the country), the Federal Reserve Bank in Cleveland, Ohio, networks belonging to “several major international banks and companies,” and the system of a major Defense Department contractor, which provides systems management for military transport and other sensitive military operations.
Lin Mun Poo, whom authorities are calling an “extremely sophisticated and dangerous computer hacker,” was arrested in New York on October 21st within hours after he arrived from Malaysia. Poo had traveled to the U.S. to meet with an undercover agent posing as a buyer. Poo met with the agent at a Brooklyn diner where he allegedly sold the agent 30 stolen bank card numbers for $1,000.
Secret Service agents seized Poo’s laptop at the time of arrest. Although it was “heavily encrypted,” presumably Poo provided authorities with his password because they report finding a “massive quantity of stolen financial account data and personal identifying information, including more than 400,000 credit card, debit card and bank account numbers.” The data included information from the Firemen’s Association of the State of New York Federal Credit Union and the Mercer County New Jersey Teachers’ Federal Credit, among others. Agents also found computer logs allegedly showing Poo had hacked into a number of financial institutions.
Poo told agents after his arrest that the primary reason for his trip to the United States was to meet with someone the defendant believed was “capable of regularly providing the defendant with a large volume of stolen card numbers and personal identification numbers.” The court documents don’t make it clear whether that person was an undercover agent who lured Poo to the United States or another criminal perpetrator.
Poo has been charged with one count each of access-device fraud and identity theft, and two counts of hacking.
The Federal Reserve Bank in Cleveland acknowledged that a system was hacked last June but said it was only a “test” system for software and applications and did not contain any financial information. The hack affected “10 or more” FRB computers.