Nov. 18 (Bloomberg) -- The Federal Reserve’s computers were hacked by a Malaysian man who faces a four-count indictment after being arrested in a credit card scheme, prosecutors said in filings in federal court in Brooklyn, New York.
The computer network of the Federal Reserve Bank of Cleveland was hacked in June, resulting in thousands of dollars of damage, affecting 10 or more computers, according to court papers filed today.
No Federal Reserve data or information was accessed or compromised, according to June Gates, a spokeswoman for the central bank. “The incident involved a test computer at the Federal Reserve Bank of Cleveland,” Gates said today in a phone interview. The computer system is used for testing and is “not in any way connected to our live production system,” she said
A federal grand jury returned the indictment today against Lin Mun Poo for hacking into the central bank’s computers and for possessing more than 400,000 stolen credit and debit card numbers, U.S. Attorney Loretta Lynch in Brooklyn said in a statement. He has made a career of compromising computer servers of financial institutions, defense contractors and corporations to sell or trade on the information, Lynch said.
Lin Mun Poo, 32, was arrested shortly after his Oct. 21 arrival in the U.S., when he sold 30 active credit or debit card numbers to an undercover agent for $1,000. He has been in custody since his arrest.
Kannan Sundaram, his lawyer at Federal Defenders of New York in Brooklyn, couldn’t immediately be reached for comment.
Credit Union Access
The defendant was able to gain access to data of several federal credit unions, including the Firemen’s Association of the State of New York, by hacking into FedComp Inc., a data processor for credit unions, prosecutors said.
“FedComp does not have and has never had credit card information ever breached,” Derrick Smith, president of the Fairfax, Virginia-based company, said in a phone interview.
Smith said he thinks the inclusion of his company relates to a 2007 incident in which a test platform was infiltrated and test data was taken.
An e-mail to the firemen’s association wasn’t immediately returned.
When he was arrested, Lin Mun Poo had a “heavily encrypted laptop computer” that had “a massive quantity of stolen financial account data and personal identifying information,” according to court papers.
He’s also charged with hacking into a defense contractor’s system.
“Cybercriminals continue to use their sophistication and skill as hackers to attack our financial and national security sectors,” Lynch said in her statement.
The case is U.S. v. Lin Mun Poo, 10-cr-891, U.S. District Court, Eastern District of New York (Brooklyn).
To contact the reporter on this story: Thom Weidlich in Brooklyn, New York, at firstname.lastname@example.org.
To contact the editor responsible for this story: David E. Rovella at email@example.com.