Bo Zhang worked at the bank and took advantage of his position to commit the crime, according to prosecutors, and was arrested yesterday by the FBI and the Treasury Department.
“As today’s case demonstrates, our cyber infrastructure is vulnerable not only to cybercriminals and hackers, but also alleged thieves like Bo Zhang who used his position as a contract employee to steal government intellectual property,” said Manhattan US Attorney Preet Bharara.
“Fighting cyber crime is one of the top priorities of this office and we will aggressively pursue anyone who puts our computer security at risk.”
A complaint against Zhang has been unsealed and according to that he pilfered the Government-Wide Accounting and Reporting Program code by copying it to a hard drive owned by the Federal Reserve Bank of New York.
He then copied it to his work computer, his home computer and a laptop, and used it in his computer programming training business.
“Zhang took advantage of the access that came with his trusted position to steal highly sensitive proprietary software,” said FBI assistant director in charge Janice K Fedarcyk. “His intentions with regard to that software are immaterial. Stealing it and copying it threatened the security of vitally important source code.”
Zhang faces a maximum term of 10 years in prison, a maximum three years of supervised release and a fine of up to $250,000.
More than 111 bank tellers, retail workers, waiters and alleged criminals were charged with running a credit-card-stealing organization that stole more than 22 million in less than 18 months. The Queens County District Attorney’s office told Tech World
that it was the largest and most most sophisticated identity theft/credit card fraud cases that Inspector Knacker of the Queens Yard has had to investigate.
The credit card numbers came from all over the US. Restaurant employees or retail cashiers were paid to nick credit card data from customers. It took Inspector Knacker two years to finger five groups of criminals in “Operation Swiper.” The crime ring covered everything required to nick credit card numbers and convert that data into cash. Employed by the ring were ID thieves, skimmers, card makers, fences and shopping crews: groups that would buy thousands of dollars worth of merchandise in stores throughout the US.
Eighty-six of the defendants are behind bars and coppers are looking for the remaining 25. Earlier last week week, coppers seized a box truck full of electronics, computers, shoes and watches, skimmers, card readers, embossers and blank credit cards and fake ID. One raid included nicking $850,000 worth of computer equipment from a Citigroup building in Long Island City. In that case they were added by a Citi employee, Steven Oluwo, and a security guard under contract to Citigroup, Angel Quinones.
After a rather large data breach last month, Citigroup did not offer its impacted customers the same degree of identity-theft protection that many other companies provide, drawing criticism from privacy advocates.
Citigroup, which had over 360,000 credit card accounts exposed last month, sent letters to affected customers this month with advice on protecting themselves against identity theft.
But unlike other large U.S. firms breached by cybercriminals, Citigroup did not offer to buy or give all affected customers a year of preventive credit file monitoring services, according to a sample of a letter the bank sent to many customers and filed with regulators in Maine.
A year of monitoring has become a standard offering from large companies after customer information is hacked, to reassure clients and to protect them from identity theft, privacy and consumer advocates said.
“Consumers might want to turn to Citibank and ask them to do more. It’s become pretty commonplace to offer credit monitoring these days,” Ruth Susswein, the deputy director of national priorities for Consumer Action, told Reuters.
“That’s really the standard thing they can do,” she said.