Massive International Hacker Sentenced to 13 Years For Identity Theft Scheme
Young people across the world are showing themselves to be savvy and competent behind a computer screen. Many of them are facing jail time for showing the vulnerabilities in the U.S.’s computer systems.
Hieu Minh Ngo, a Vietnamese national, has been sentenced to 13 years in prison for hacking into U.S. businesses’ computers, stealing personally identifiable information (PII), and selling the information to other cybercriminals. He is charged with illegally accessing the PII of about 200 million US citizens. He was arrested in February 2013 upon entering the U.S. when he was tricked into going to Guam under the guise of receiving more consumer data by an undercover US Secret Service agent.
Ngo faced 24 years in federal prison but his sentence was lessened thanks to his cooperation with investigators in helping to arrest at least a dozen of his U.S.-based customers, including an Ohio man who U.S. Marshals pursued through multiple states after he was convicted of filing phony tax refund requests with the IRS.
Ngo, 25, will serve 13 years in prison for hacking into U.S. business computers and stealing the information of approximately 200 million US citizens to sell to other people as so-called ‘fullz’, Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, Acting U.S. Attorney Donald Feith of the District of New Hampshire and Director Joseph P. Clancy of the U.S. Secret Service announced.
U.S. District Court Judge Paul J. Barbadoro of the District of New Hampshire sentenced Ngo, who pleaded guilty to the federal charges in the District of New Hampshire and District of New Jersey court rooms. His sentence includes wire fraud, identity fraud, access device fraud and, as well, four counts of computer fraud and abuse. The IRS confirmed 13,673 U.S. citizens had their information sold on Ngo’s websites, with $65 million in fraudulent individual income tax returns filed thanks to his services.
“From his home in Vietnam, Ngo used Internet marketplaces to sell millions of stolen identities of U.S. citizens to more than a thousand cyber criminals scattered throughout the world,” according to Assistant Attorney General Caldwell. “Criminals buy and sell stolen identity information because they see it as a low-risk, high-reward proposition. Identifying and prosecuting cyber-criminals like Ngo is one of the ways we’re working to change that cost-benefit analysis.”
“This case demonstrates that identity theft is a worldwide threat that has the potential to touch every one of us,” claims Acting U.S. Attorney Feith. “I want to acknowledge the excellent work of the United States Secret Service in identifying and capturing Mr. Ngo. This case proves that the United States Attorney’s Office for the District of New Hampshire will work with law enforcement to investigate and prosecute identity thieves, even if they are halfway around the world.”
“The sentencing of this transnational cyber-criminal illustrates another example of Secret Service success in the disruption and dismantling of global criminal networks,” celebrates Director Clancy.
This investigation and the resulting prosecution and sentencing should serve as a warning to criminals that we will relentlessly investigate, detect, and defend the Nation’s financial infrastructure. This sentencing joins a long list of successes in combating financial crimes over our 150 year history.
Ngo is charged with operating online marketplaces from his home in Vietnam, including “superget.info” and “findget.me,” as a means of selling packages of stolen PII, called fullz, which often encompassed a person’s name, date of birth, social security number, bank account number and bank routing number. Among Ngo’s services were stolen payment card data, all-encompassing of a victim’s payment card number, expiration date, CVV number, name, address and phone number, which, as Ngo told prosecutors, was obtained by hacking a New Jersey-based business.
On superget.info, which began operating in 2010, users could search for individuals by name, city, and state, Ngo also allowed users to query online databases for stolen information of individuals. Ngo grossed $2 million dollars.
The arrest comes but one month after the U.S. Office of Personnel Management made public that it had been hacked and the sensitive information of 22.1 million people had been compromised, including federal employees and contractors and their families.
Experian subsidiary Court Ventures was hacked by Ngo when he posed as a private investigator in the United States and paid for customer data searches with cash wire transfers from a bank in Singapore. In December 2013, an executive from Experian said in Congress that the company was unaware of any damage done by Ngo.
Each bit of information on the websites cost approximately less than a dollar. “Our Databases are updated EVERY DAY,” Ngo once celebrated. “About 99% nearly 100% US people could be found, more than any sites on the internet now.”
Images from Shutterstock.