In previous postWe have learned of Ngo Minh Hieu, a hacker described by the US Secret Service as the man who did more actual financial harm to many of the people of this country than any other cybercriminal ever convicted. . Recently, Hieu was deported to Vietnam after serving more than 7 years in prison for being behind many identity sale services. Now, he says he wants to use his experience to convince other cybercriminals to use their skills for good. Here is what happened after Hieu’s arrest.
A service that sells Hieu’s identity during his time.
The first part of this article ended with Hieu handcuffed number eight shortly after leaving the flight to land on Guam, where he believed he was about to meet another cyber criminal who promised to connect him. with the source of all customer data sets.
Hieu previously made about $ 125,000 per month by reselling misappropriation data from some of the planet’s second largest data brokers. But the US Secret Service uncovered many of his accounts at these companies and deleted them one by one. After the incident, Hieu became obsessed with rebuilding his business and keeping his income level as before. Up to that point, his stolen information sale service had raised about $ 3 million.
Upon seeing Hieu’s reactions, American agents used a middleman to trick Hieu into thinking that he was breaching the realm of another cybercrime. Here is a quote from part 1 of the article:
Mr. O’Neill recalled: “The guy in England said to Hieu, ‘Hey, you are stepping on my lawn, so I decided to lock you out. But if you will pay me a percentage. , you won’t lose access anymore. ” The cyber criminal in England, acting at the behest of the US Secret Service and British authorities, told Hieu that, if he wanted to keep access you must agree to meet in person.
After a few months of discussion, Hieu finally agreed to meet the British on the island of Guam to complete the agreement. Hieu said, at that time he understood that Guam was part of the American territory, but he did not notice the possibility that the whole thing was just an elaborate trap of the law enforcement agency. Hieu said: “I was too desperate to have a stable database, and I was blinded by greed, and then acted crazy without thinking. Many people told me ‘Don’t go!’ But I told them I had to try it to see what happens. ”
But, as soon as he stepped off the plane in Guam, Hieu was immediately arrested by US agents. Mr. O’Neill joked: “One of his identity selling services is findget.me. We did seriously what he asked for.”
In an interview with the KrebsOnSecurity website, Hieu said he was held in a prison in Guam while waiting to be transferred to the interior of the United States. After a month, he was allowed to call home within 10 minutes and explain what he was dealing with.
“It was a very difficult time“, Hieu said. “They were very sad and cried a lot.”
His first stop on his “prosecution journey” was in New Jersey, where he finally pleaded guilty to hacking into MicroBilt’s system, the first data broker among the companies Hieu used. to retrieve customer data in order to serve many variations of the service that sells its identity stolen over the years.
Next is New Hampshire, where confession also forced him to testify in three different trials against identity thieves who used to use Hieu’s services. Among them was Lance Ealy, a serial identity thief from Dayton, Ohio, who bought more than 350 “fullz”- a suite of everything a criminal would need to steal someone’s identity, including social security number (SSN), mother’s maiden name, date of birth, address, phone number, address email, bank account information and types of passwords.
Ealy used Hieu’s service to scam through the tax refund mechanism at the US Federal Revenue Service (IRS), receiving huge refunds by the identities of the victims – who only realized the incident when doing a tax return, only to find out that someone has done it before.
Many other cyber criminals have used information acquired from Hieu to scam the IRS into making tax refunds.
Hieu’s coordination with the authorities led to 20 arrests, of which about a dozen accused were brought to light by agent O’Neill and colleagues by pretending to be Hieu. Even so, even the Secret Service had difficulty determining exactly how much financial influence Hieu’s sale of identity had caused over the years, mainly because of these services. Only records records of what customers search, not records of what they bought.
But, based on the information obtained, the US officials estimated that Hieu’s service facilitated new account fraud at banks and retailers with losses of up to 1.1. billion USD. Additionally, they also estimate that the services he provides have indirectly facilitated tax refund frauds up to $ 64 million.
“We interviewed some of Hieu’s clients, who were quite open about their reasons for using his services.”, Mr. O’Neill said, “Many of them are talking about the same thing: buying identity information is better for them than stolen credit card information, because card data that can be used once or twice becomes invaluable. used, while identity sets can be reused over and over again over many years. “.
Mr. O’Neill shared, he was still very surprised by the fact that Hieu’s name was basically unknown, when compared to credit card thieves around the world. Some of them are responsible for stealing hundreds of millions of credit cards from major retailers. “I don’t know about anyone who can pose as much direct (financial) harm to Americans as Hieu. But most people have never heard of his name. “he said.
Hieu said that he is not surprised that his services cause a lot of financial harm. But he was completely unprepared for the harms of life. During the court proceedings, Hieu sat through every story about how his service damaged the economic life of many people who were harmed.
Hieu said: “When I ran that service, I didn’t care much because I didn’t know my customers and didn’t know much about what they did with them (what he sells). But throughout the lawsuit, the federal court received 13,000 letters from victims who complained that they had lost their homes, jobs, or were unable to buy a home or keep financial stability. for you. This made me feel really bad, and I realized how terrible a person I was. ”
Despite being transferred from one federal detention facility to another several times, Hieu always seemed to encounter victims of identity theft wherever he went, such as prison guards, health care staff or lawyers. Hieu recalled: “When I was in prison in Beaumont, Texas, I talked to one of the re-education officers there. She shared with me the story of her friend who lost her identity and then lost everything. Her whole life collapsed. I don’t know if that woman was one of my victims, but that story bothers me. Now I know that what I did was evil.“
Hieu’s services caused lasting damage to so many Americans, when all information was lost.
The Vietnamese hacker was released from prison a few months ago, and now he is finishing a 3-week mandatory quarantine process by Covid-19 at a state facility near Ho Chi Minh City. During his final months in prison, Hieu started reading everything he could get access to about computers and cybersecurity, and even wrote a rather long tutorial for the average internet user with advice. about how to avoid being hacked or becoming the victim of identity theft.
Hieu shared that he hopes to have a job in cybersecurity someday, although he is not in a hurry to do so. He had at least one offer to work in Vietnam, but turned it down. Hieu said he is not ready for work at the moment, but will spend time with his family – especially with his father, who was recently diagnosed with stage 4 cancer.
Further, Hieu said he wanted to be an advisor to young people and help guide them on the right track, away from becoming a high-tech criminal. He was also honest about his crimes and the harm he has done, when Hieu explicitly mentioned that he was a cyber criminal that had been arrested on his LinkedIn page.
Hieu said: “I hope what I do can change the minds of some people, and if at least one person can change and move on to good deeds, I’m happy. It’s time for me to do something right, to give it back [những gì đã gây ra] for the world, because I know I can do something like that. “
However, the recidivism rate among cybercriminals is especially high, and it will be very easy for Hieu to “get used to the old way”. After all, few people know much about him how to infiltrate identity databases.
Mr. O’Neill said that he believed Hieu would not commit crimes again. But he also added that, if Hieu’s service existed at the present time, it would be even more successful and more profitable. The reason is that in 2020 there will be a lot of fraudsters using stolen identity data to deceive US states and federal governments to accept loans supported by Covid-19 as well as unemployment insurance.
Mr. O’Neill said: “It doesn’t seem like he’s trying to return to crime again. But I firmly believe the scammers who are taking advantage of the small business loans and unemployment benefits already know about the identity information on Hieu’s website. He certainly did something new back then. ”
Hieu held the view that he did not have any interest in doing anything that would put him in jail. He says: “Prison is a very difficult place, but it has given me time to think about my life and my choices. Now I devote myself to doing a good job and getting better every day. Now I also know that money is only part of life. It is neither everything nor true happiness. I hope the cyber criminals out there learn something from my experience. I hope they stop what they’re doing and use their skills to make the world a better place instead. ”