Chinese man avoids prison for New York Fed cyber theft
NEW YORK (Reuters) - A Chinese computer programmer was spared prison time and sentenced to six months of house arrest on Tuesday after he admitted to stealing millions of dollars of software code from the Federal Reserve Bank of New York.
Bo Zhang, 33, had pleaded guilty in May, after telling investigators that he had downloaded the code to an external hard drive and taken it home. He also pleaded guilty to a separate count of immigration fraud.
Zhang's case had raised security concerns among congressional investigators and others that the New York Fed might be vulnerable to cyber attacks.
The government has said the code that Zhang downloaded, designed for a system that helps keep track of its finances, cost $9.5 million to develop.
"I just want to apologize to the government, the court, my previous employers, my clients for causing this mess," Zhang, dressed in a blue shirt and gray slacks, told U.S. District Judge Paul Gardephe at a hearing in Manhattan federal court. Zhang said he was "terribly sorry."
Zhang had been cooperating with the investigation, which began after he told a colleague he had lost one drive holding the code. Bank officials later alerted the FBI.
His sentence includes three years of supervised release, including the home confinement. No fine was imposed. Zhang could eventually face deportation as a result of his guilty plea.
The sentence was in line with what Zhang's probation officers had recommended. Prosecutors had sought a 12- to 18-month prison term.
Jerika Richardson, a spokeswoman for U.S. Attorney Preet Bharara in New York, declined to comment. New York Fed spokeswoman Andrea Priest also declined to comment.
The source code was for the Government-wide Accounting and Reporting Program, a system owned by the U.S. Department of the Treasury and used to help manage billions of dollars of daily transfers.
Prosecutors said Zhang had been hired in May 2011 as a contractor for an unnamed technology consulting company that the Fed used to work on its computers.
They said he eventually copied part of the code onto a New York Fed-owned portable drive, and later transferred it to an office computer, a home computer and a personal laptop.
NO SECOND CHANCES
In seeking leniency, Zhang's lawyer, Jeffrey Lichtman, pointed to his client's lack of a prior criminal history, his having been raised by nannies for part of his childhood and letters submitted to the court in support of a lighter sentence.
"Part of the problem here is his desperate, desperate attempts to fit in, to belong," he said.
Federal prosecutor Niketh Velamoor countered that while Zhang had had a difficult upbringing, he should be held responsible for his illegal activity.
The judge, though, called a prison sentence "not appropriate," while warning Zhang: "There will be no second chances."
Gardephe called the matter a "very unusual case for many reasons," including that the code "was developed at great cost, but which the government still has the complete ability and freedom to use."
All sides agreed that the actual loss linked to the theft was $5,000 or less.
It remains unclear how Zhang came to be hired or what kind of security clearance he had. Unlike federal agencies, the New York Fed does not have to reveal how it hires outside contractors.
The case is USA v Zhang, U.S. District Court, Southern District of New York, No. 12-cr-00390.
(Reporting by Nate Raymond and Jonathan Stempel in New York; Editing by Dan Grebler)