Hacked Federal Reserve network was test-only

A June 2010 hacking incident that compromised a network at the Federal Reserve Bank of Cleveland happened on a test system and not the bank's production servers.

On Thursday, Lin Mun Poo was charged with hacking the Fed and other U.S. corporations, including payment processor FedComp and an unnamed federal defense contractor. He was arrested on Oct. 21 following a U.S. Secret Service sting.

The Secret Service says it found more than 400,000 bank card numbers on Poo's laptop at the time of his arrest. But those numbers apparently did not come from the Fed, which said Friday that none of its sensitive data was compromised during the incident. "We don't process credit cards or debit card information," said June Gates, a spokeswoman with the Federal Reserve of Cleveland.

According to Gates, the hacker managed to break into a single Fed test PC that was connected to other test computers. "This is a system that is used to test software and applications with fake data and information," she said. "The incident did not involve our live production system on which we process our work."

Gates declined to provide further details on the incident.

In court filings, prosecutors said that at least 10 Fed computers were affected. Presumably these were the systems that were connected to the hacked PC.

Poo, a resident of Malaysia, was arrested just hours after landing in the U.S. after allegedly selling $1,000 worth of bank card numbers to another man at a Brooklyn diner. Prosecutors said he was in the U.S. to set up a deal to sell more stolen card numbers.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

FREE Computerworld Insider Guide: IT Certification Study Tips
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies