NEW YORK – A Malaysian man traveling to the U.S. to sell stolen credit card information was arrested soon after he arrived at Kennedy International Airport with a laptop containing information on more than 400,000 credit card accounts, including that of credit union members.
Lin Mun Poo was under surveillance by the U.S. Secret Service and was seen trying to sell the stolen credit card data at a Brooklyn diner for $1,000 per card soon after his arrival. Prosecutors said Poo hacked his way into well-guarded computer systems at the Federal Reserve, credit union data processor FedComp, and numerous financial institutions, then sold the information he stole from the institutions.
By allegedly hacking into the FedComp system, Poo had access to data of several credit unions, including Mercer County New Jersey Teachers FCU and Firemen’s Association of the State of New York FCU, according to prosecutors.
Derrick Smith, president of FedComp, said the alleged hacker could not have obtained the credit card information from his company. “FedComp does not store credit card data and never had credit card data breached in any way,” Smith told the Credit Union Journal yesterday. He said his company was contacted about four years ago about a potential data breach which resulted in the arrest of a suspect who had tried to get into a client’s system.
Prosecutors said Poo also admitted to hacking the computers of several international banks and a major defense department contractor, and admitted earning money by finding and exploiting network vulnerabilities or trading and selling the information.
After his arrest Poo told authorities that the primary purpose of his trip to the U.S. was to meet with an individual he believed was capable of regularly providing him with a large volume of stolen card numbers and personal identification numbers, which Poo planned to use to create bogus cards and withdraw cash from ATMs.
