Skip to main content

The Globe and Mail

Chinese immigrant avoids prison for New York Fed cybertheft

The case against Bo Zhang raised security concerns among congressional investigators and others that the New York Fed might be vulnerable to cyberattacks.

Nikolay Mamluke/iStockphoto

A Chinese computer programmer was spared prison time and sentenced to six months of house arrest on Tuesday after he admitted to stealing millions of dollars of software code from the Federal Reserve Bank of New York.

Bo Zhang, 33, had pleaded guilty in May, after telling investigators that he had downloaded the code to an external hard drive and taken it home. He also pleaded guilty to a separate count of immigration fraud.

Mr. Zhang's case had raised security concerns among congressional investigators and others that the New York Fed might be vulnerable to cyberattacks.

Story continues below advertisement

The government has said the code that Mr. Zhang downloaded, designed for a system that helps keep track of its finances, cost $9.5-million (U.S.) to develop.

"I just want to apologize to the government, the court, my previous employers, my clients for causing this mess," Mr. Zhang, dressed in a blue shirt and grey slacks, told U.S. District Judge Paul Gardephe at a hearing in Manhattan federal court. Mr. Zhang said he was "terribly sorry."

Mr. Zhang had been co-operating with the investigation, which began after he told a colleague he had lost one drive holding the code. Bank officials later alerted the FBI.

His sentence includes three years of supervised release, including the home confinement. No fine was imposed. Mr. Zhang could eventually face deportation as a result of his guilty plea.

The sentence was in line with what his probation officers had recommended. Prosecutors had sought a 12- to 18-month prison term.

Jerika Richardson, a spokeswoman for U.S. Attorney Preet Bharara in New York, declined to comment. New York Fed spokeswoman Andrea Priest also declined to comment.

The source code was for the Government-wide Accounting and Reporting Program, a system owned by the U.S. Department of the Treasury and used to help manage billions of dollars of daily transfers.

Story continues below advertisement

Prosecutors said Mr. Zhang had been hired in May, 2011, as a contractor for an unnamed technology consulting company that the Fed used to work on its computers.

They said he eventually copied part of the code onto a New York Fed-owned portable drive, and later transferred it to an office computer, a home computer and a personal laptop.

In seeking leniency, Mr. Zhang's lawyer, Jeffrey Lichtman, pointed to his client's lack of a prior criminal history, his having been raised by nannies for part of his childhood and letters submitted to the court in support of a lighter sentence.

"Part of the problem here is his desperate, desperate attempts to fit in, to belong," he said.

Federal prosecutor Niketh Velamoor countered that while Mr. Zhang had had a difficult upbringing, he should be held responsible for his illegal activity.

The judge, though, called a prison sentence "not appropriate," while warning Mr. Zhang: "There will be no second chances."

Story continues below advertisement

Judge Gardephe called the matter a "very unusual case for many reasons," including that the code "was developed at great cost, but which the government still has the complete ability and freedom to use."

All sides agreed that the actual loss linked to the theft was $5,000 or less.

It remains unclear how Mr. Zhang came to be hired or what kind of security clearance he had. Unlike federal agencies, the New York Fed does not have to reveal how it hires outside contractors.

Report an error

The Globe invites you to share your views. Please stay on topic and be respectful to everyone. For more information on our commenting policies and how our community-based moderation works, please read our Community Guidelines and our Terms and Conditions.

We’ve made some technical updates to our commenting software. If you are experiencing any issues posting comments, simply log out and log back in.

Discussion loading… ✨