Hacker Gets 13 Years in Prison for Massive International ID Theft
There’s an important update in the case that involved Court Ventures/U.S. Info/Experian, and Dun & Bradstreet, although the government doesn’t name the businesses in its press release. James Eng reports:
A Vietnamese national was sentenced to 13 years in prison for hacking into U.S. businesses’ computers, stealing personally identifiably information (PII), and selling to other cybercriminals his fraudulently-obtained access to PII belonging to approximately 200 million U.S. citizens.
Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, Acting U.S. Attorney Donald Feith of the District of New Hampshire and Director Joseph P. Clancy of the U.S. Secret Service made the announcement.
Hieu Minh Ngo, 25, was sentenced today by U.S. District Court Judge Paul J. Barbadoro of the District of New Hampshire. Ngo previously pleaded guilty to federal charges brought in the District of New Hampshire and the District of New Jersey, including wire fraud, identity fraud, access device fraud and four counts of computer fraud and abuse.
“From his home in Vietnam, Ngo used Internet marketplaces to offer for sale millions of stolen identities of U.S. citizens to more than a thousand cyber criminals scattered throughout the world,” said Assistant Attorney General Caldwell. “Criminals buy and sell stolen identity information because they see it as a low-risk, high-reward proposition. Identifying and prosecuting cybercriminals like Ngo is one of the ways we’re working to change that cost-benefit analysis.”
“This case demonstrates that identity theft is a worldwide threat that has the potential to touch every one of us,” said Acting U.S. Attorney Feith. “I want to acknowledge the excellent work of the United States Secret Service in identifying and capturing Mr. Ngo. This case proves that the United States Attorney’s Office for the District of New Hampshire will work with law enforcement to investigate and prosecute identity thieves, even if they are halfway around the world.”
“The sentencing of this transnational cybercriminal illustrates another example of Secret Service success in the disruption and dismantling of global criminal networks,” said Director Clancy. “This investigation and the resulting prosecution and sentencing should serve as a warning to criminals that we will relentlessly investigate, detect, and defend the Nation’s financial infrastructure. This sentencing joins a long list of successes in combating financial crimes over our 150 year history.”
According to admissions made in connection with his guilty plea, from 2007 to 2013, Ngo operated online marketplaces from his home in Vietnam, including “superget.info” and “findget.me,” to sell packages of stolen PII. These packages, known as “fullz,” typically included a person’s name, date of birth, social security number, bank account number and bank routing number. Ngo also admitted to acquiring and offering for sale stolen payment card data, which typically included the victim’s payment card number, expiration date, CVV number, name, address and phone number. Ngo admitted that he obtained some of the stolen PII by hacking into a New Jersey-based business and stealing customer information.
In addition to selling the “fullz,” Ngo admitted to offering buyers the ability to query online databases for the stolen PII of specific individuals. Specifically, Ngo admitted that he offered access to PII for 200 million U.S. citizens, and that more than 1,300 customers from around the world conducted more than three million “queries” through the third-party databases maintained on his websites.
Ngo made nearly $2 million from his scheme. The Internal Revenue Service has confirmed that 13,673 U.S. citizens, whose stolen PII was sold on Ngo’s websites, have been victimized through the filing of $65 million in fraudulent individual income tax returns.
The case was investigated by the U.S. Secret Service’s Manchester Resident Office. The case is being prosecuted by Senior Trial Attorney Mona Sedky of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Arnold H. Huftalen of the District of New Hampshire.
The case out of the District of New Jersey was investigated by the FBI, and is being prosecuted by the U.S. Attorney’s Office of the District of New Jersey.
SOURCE: U.S. Attorney’s Office, District of New Hampshire