Without a doubt about In-depth safety news and research

Confessions of an

During the height of their cybercriminal job, the hacker referred to as “Hieupc” was earning $125,000 four weeks owning a bustling identification theft solution that siphoned customer dossiers from a few of the earth’s top information agents. That is, until their greed and aspiration played directly into a more elaborate snare set because of the U.S. Secret Service. Now, after significantly more than seven years in jail Hieupc has returned in their house nation and hoping to persuade other cybercrooks that are would-be make use of their computer abilities once and for all.

Hieu Minh Ngo, inside the teens.

For many years starting around 2010, a lone teenager in Vietnam known as Hieu Minh Ngo went one of several online’s many lucrative and popular services for offering “fullz,” stolen identity documents that included a customer’s name, date of delivery, Social protection quantity and e-mail and home address.

Ngo got their treasure trove of consumer data by hacking and engineering that is social method right into a sequence of major information agents. By the full time the key Service swept up he’d made over $3 million selling fullz data to identity thieves and organized crime rings operating throughout the United States with him in 2013.

Matt O’Neill could be the Secret Service representative whom in February 2013 effectively executed a scheme to attract Ngo away from Vietnam and into Guam, where in actuality the young hacker ended up being arrested and delivered to the mainland U.S. to manage prosecution. O’Neill now heads the agency’s Investigative that is global Operations, which supports investigations into transnational orderly criminal groups.

O’Neill stated the investigation was opened by him into Ngo’s identity theft company after reading about this in a 2011 KrebsOnSecurity story, “How Much is Your Identity Worth?” Relating to O’Neill, what is remarkable about Ngo is the fact that to the day their name is practically unknown one of the pantheon of infamous convicted cybercriminals, nearly all www.cash-central.com/payday-loans-co/leadville/ who had been busted for trafficking in huge levels of taken bank cards.

Ngo’s companies enabled a whole generation of cybercriminals to commit an approximated $1 billion worth of brand new account fraudulence, and also to sully the credit records of countless Us americans in the act.

“ we do not understand of any other cybercriminal who may have caused more product financial injury to more People in the us than Ngo,” O’Neill told KrebsOnSecurity. “He had been offering the information that is personal on a lot more than 200 million People in the us and permitting one to purchase it for cents apiece.”

Freshly released through the U.S. jail system and deported back once again to Vietnam, Ngo happens to be concluding a mandatory three-week COVID-19 quarantine at a government-run center. He contacted KrebsOnSecurity from inside this facility aided by the reported goal of telling his little-known tale, also to alert other people far from after inside the footsteps.


A decade ago, then 19-year-old hacker Ngo had been a frequent on the Vietnamese-language computer hacking forums. Ngo claims he originated from a middle-class household that owned an electronics store, and therefore their moms and dads purchased him some type of computer as he had been around 12 yrs . old. There after away, he had been addicted.

In their teens that are late he traveled to New Zealand to examine English at a college here. By that point, he had been currently an administrator of a few dark internet hacker discussion boards, and between his studies he discovered a vulnerability into the school’s community that revealed payment card information.

“I did contact the IT specialist here to correct it, but no body cared therefore I hacked the system that is whole” Ngo recalled. “Then we utilized the exact same vulnerability to hack other internet sites. I became stealing a lot of charge cards.”

Ngo stated he made a decision to utilize the card information to purchase concert and occasion seats from Ticketmaster, and sell the tickets then at a brand new Zealand auction site called TradeMe. The college later discovered associated with the intrusion and role that is ngo’s it, as well as the Auckland authorities got included. Ngo’s travel visa had not been renewed after their semester that is first ended as well as in retribution he attacked the college’s web site, shutting it down for at the very least two times.

Ngo stated he began classes that are taking back Vietnam, but quickly discovered he had been investing the majority of his time on cybercrime forums.

“I went from hacking for enjoyable to hacking for profits once I saw exactly exactly how simple it absolutely was to create money stealing client databases,” Ngo stated. “I became spending time with a number of my buddies through the underground discussion boards therefore we mentioned preparing a fresh criminal task.”

“My friends stated credit that is doing and bank info is really dangerous, therefore I began considering attempting to sell identities,” Ngo continued. “At first we thought well, it is simply information, maybe it is not that bad since it’s perhaps perhaps not pertaining to bank reports straight. But I became wrong, additionally the cash we started making extremely fast simply blinded me to a complete lot of things.”


Their first big target ended up being a customer credit rating company in nj-new jersey called MicroBilt.

“I became hacking to their platform and stealing their consumer database thus I might use their client logins to gain access to their consumer databases,” Ngo stated. “I happened to be within their systems for pretty much a 12 months without them once you understand.”

As soon as possible after gaining use of MicroBilt, Ngo states, he stood up Superget.info, an online site that marketed the purchase of specific customer documents. Ngo stated initially their solution ended up being quite handbook, needing clients to request certain states or customers they desired home elevators, and then he would conduct the lookups by hand.

But Ngo would soon workout simple tips to make use of more effective servers in the usa to automate the assortment of bigger quantities of customer information from MicroBilt’s systems, and off their information agents. When I composed of Ngo’s solution back November 2011:

“Superget lets users seek out particular people by title, town, and state. Each “credit” costs USD$1, and an effective hit for a Social Security quantity or date of birth expenses 3 credits each. The greater amount of credits you purchase, the cheaper the queries are per credit: Six credits are priced at $4.99; 35 credits cost $20.99, and $100.99 purchases you 230 credits. Clients with unique requirements can avail by themselves for the “reseller plan,” which promises 1,500 credits for $500.99, and 3,500 credits for $1000.99.

“Our Databases are updated EVERY SINGLE DAY,” your website’s owner enthuses. “About 99% nearly 100% US people might be discovered, significantly more than any web web web sites on the net now.”

Ngo’s intrusion into MicroBilt ultimately was detected, additionally the ongoing business kicked him from their systems. But he states he got in in utilizing another vulnerability.

“I happened to be hacking them also it ended up being forward and backward for months,” Ngo stated. “They would find out my accounts and correct it, and I also would discover a vulnerability that is new hack them once more.”

Last modified: 06/01/2021



Write a Reply or Comment

Your email address will not be published.