Malaysian Man Gets 10-Year Prison Sentence in Federal Reserve Hacking Case
A Malaysian man who pleaded guilty to conducting a credit-card scheme and who was accused of hacking the Federal Reserve’s computers got a 10-year prison sentence.
Lin Mun Poo, 32, was sentenced today by U.S. District Judge Dora L. Irizarry in Brooklyn, New York. In April, he pleaded guilty to illegally possessing card account numbers with intent to defraud. Ten years was the maximum sentence he could receive.
“He was able to install a keystroke logger into the Federal Reserve Bank,” Assistant U.S. Attorney Cristina M. Posa told Irizarry. “He could have wreaked financial havoc through insider trading.”
Lin has made a career of compromising computer servers of financial institutions, defense contractors and corporations to sell or trade on the information, according to prosecutors.
The computer network of the Federal Reserve Bank of Cleveland was hacked in June 2010, resulting in thousands of dollars of damage from the effects on 10 or more computers, according to court papers filed Nov. 18, the day Lin was charged in a four-count indictment. No Federal Reserve data or information was accessed or compromised, June Gates, a spokeswoman for the central bank, said at that time.
The credit-card numbers Lin sold didn’t come from the Federal Reserve, his lawyer, Kannan Sundaram, said in court the day his client pleaded guilty. Lin admitted he added “malicious code” to a Federal Reserve computer.
Send a Message
The U.S. Probation Office recommended a sentence of eight years. Irizarry said it was important to send a message to others who might engage in similar activity.
“This is an example of how the guidelines can go awry -- assigning imaginary amounts with loss because the loss can’t be determined,” Sundaram said after the hearing.
The loss in the case was calculated to be $61 million -- $500 per card number -- even though the evidence showed no one lost any money and Lin didn’t make any, Sundaram said.
The government originally said Lin had 400,000 numbers before it eliminated duplicates.
“I’m sorry for what I did,” Lin told the judge today. “I know what I did was wrong. I have no excuse for it.”
When he was arrested in October 2010, shortly after arriving in the U.S., Lin possessed more than 122,000 stolen credit- and debit-card numbers, according to prosecutors in the office of U.S. Attorney Loretta Lynch in Brooklyn. He was able to gain access to data of several federal credit unions, according to prosecutors.
“Today’s sentence sends the message to hackers around the world that the United States is no place to conduct their business,” Lynch said in an e-mailed statement.
Lin has been in custody since his arrest.
The case is U.S. v. Lin Mun Poo, 10-cr-891, U.S. District Court, Eastern District of New York (Brooklyn).
To contact the reporter on this story: Thom Weidlich in Brooklyn, New York, at email@example.com.
To contact the editor responsible for this story: Michael Hytha at firstname.lastname@example.org.