A U.S. Secret Service undercover sting has apparently netted a big fish from the ocean of computer crime.
Lin Mun Poo allegedly hacked into U.S. financial institutions and stole more than 400,000 credit and debit card numbers.
He is charged with hacking into the supposedly secure computer system at the Federal Reserve Bank of Cleveland, and penetrating servers used by defense contractors and major corporations, potentially giving him access to sensitive national security information.
All of this, while sitting at home in Malaysia. Secret Service sources describe Poo as a "big fish," an "extremely sophisticated and dangerous computer hacker."
The 32 year-old Malaysian native was arrested on October 21 in New York by the Secret Service, and is being held without bail. Authorities are still investigating the extent of the damage Poo allegedly caused.
Poo's arrest was the result of a Secret Service undercover sting, according to the criminal complaint filed in the case.
The sting worked like this: A Secret Service agent posed online as a "carder," someone who uses stolen credit or debit card numbers to withdraw money from ATM's. The undercover agent met with Poo at a diner in Brooklyn, hours after Poo arrived in the U.S., apparently to sell the stolen credit card numbers to the highest bidder. Poo allegedly sold 31 active credit or debit card numbers to the agent, downloaded them onto a thumb drive, and accepted $1,000 cash in return. Then the backup agents moved in and made the arrest.
The agency said a forensic exam of Poo's heavily encrypted laptop uncovered "a massive quantity" of financial account data and personal identifying information belonging to U.S. citizens. The information was allegedly stolen from U.S. financial institutions or from FedComp, a data processor for federal credit unions.
According to the detention letter filed in the case, New York area firemen and teachers may be victims of Poo's hacking and identity theft. The Fireman's Association of the State of New York Federal Credit Union, and the Mercer County, N.J., Teachers' Federal Credit Union were among the credit union accounts Poo is accused of hacking.
Sources say it appears that Poo was primarily interested in financial crime, but there is an ongoing investigation to determine whether or not his hacking has national security implications.
For example, Poo was allegedly able to exploit a vulnerability he found within a network of the Federal Reserve Bank in Cleveland, Ohio, and allegedly hacked into that network. The investigation also determined that in August 2010, Poo allegedly hacked into the computer system of a Department of Defense contractor that provides management for transport and operations systems, potentially compromising highly sensitive military logistics information.
Brian Parr, Special Agent in Charge of the Secret Service New York Field Office said, "These crimes not only affect our nation's financial infrastructure, but are also an ongoing threat to our national security."
Parr said the investigation was international in scope, involving a number of offices from the Secret Service and the cooperation of several Department of Justice divisions.