Last week, Tripwire published the story of Albert Gonzalez, a notorious hacker who was arrested in 2010 for his colorful record of cybercrime, including the 2009 breach against Heartland Payment Systems, Inc. that compromised 134 million credit cards.
Tripwire now continues its series of some of the most notorious cyber criminals brought to justice with Lin Mun Poo, a Malaysian hacker best known for his cyber exploits against prominent financial institutions in the United States.
In 2010, 32-year-old Lin Mun Poo successfully exploited a security vulnerability and infiltrated the computer network of the Federal Reserve Bank of Cleveland. His hack resulted in thousands of dollars worth of damages.
Fortunately, no Federal Reserve data was lost as a result of Poo’s breach.
“The incident here involved a test computer that is used to test software and applications,” said June Gates, a fed spokeswoman, shortly after the attack. “No Federal Reserve data or information was accessed or compromised.”
While acknowledging the severity of the Federal Reserve hack, it was not until Poo penetrated a number of other victims that federal authorities, most notably the U.S. Secret Service, started to watch him in earnest.
One of those victims was FedComp, a data processor for federal credit unions. Poo used the breach to gain unauthorized access to the data of a number of clients, including the Firemen’s Association of the State of New York and the Mercer County New Jersey Teachers.
Even so, perhaps the most significant of Poo’s offenses was hacking into the computer network of a Department of Defense (DoD) contractor, the infiltration of which may have compromised high-value intelligence on U.S. military transport and operation systems.
“These crimes not only affect our nation’s financial infrastructure but are also an ongoing threat to our national security,” said Brian Parr, Special Agent in Charge of the Secret Service New York Field Office, in response to Poo’s activities.
After that incident with the DoD, federal authorities decided it was time to bring Poo in.
On October 21, 2010, the hacker traveled from Malaysia to the United States. It was later that day that federal authorities arrested Poo in Queens, NY after he had accepted $1,000 for stolen credit card credentials from an undercover Secret Service agent.
According to the letter of detention served against him, Poo had entered the country with a heavily encrypted laptop that contained the information for more than 400,000 stolen debit and credit cards.
The United States District Court Eastern Division of New York later indicted Poo on November 18, 2010 on four counts: access device fraud, aggravated identity theft, unlawful transmission of computer code and commands, and unauthorized computer access involving government information.
About a year later, the court sentenced Poo to 10 years in prison.