Minh Hiếu
   HOME

TheInfoList



OR:

Ngo Minh Hieu (also known as Hieu PC; born October 8, 1989) is a
Vietnamese Vietnamese may refer to: * Something of, from, or related to Vietnam, a country in Southeast Asia * Vietnamese people, or Kinh people, a Southeast Asian ethnic group native to Vietnam ** Overseas Vietnamese, Vietnamese people living outside Vietna ...
cyber security specialist and a former
hacker A hacker is a person skilled in information technology who achieves goals and solves problems by non-standard means. The term has become associated in popular culture with a security hackersomeone with knowledge of bug (computing), bugs or exp ...
and identity thief. He was convicted in the
United States The United States of America (USA), also known as the United States (U.S.) or America, is a country primarily located in North America. It is a federal republic of 50 U.S. state, states and a federal capital district, Washington, D.C. The 48 ...
of stealing millions of people's
personally identifiable information Personal data, also known as personal information or personally identifiable information (PII), is any information related to an identifiable person. The abbreviation PII is widely used in the United States, but the phrase it abbreviates has fou ...
and in 2015 he was sentenced to 13 years in U.S. federal prison. After his early release from prison in 2020, Hieu returned to Vietnam and was recruited by the National Cyber Security Centre (NCSC) under the
Ministry of Information and Communications A Communications Ministry or Department of Communications is a ministry or other government agency charged with communication. Communications responsibilities include regulating telecommunications, postal services, broadcasting and print media. The ...
as a technical expert. Currently, he holds the positions of director of the limited liability ChongLuaDao
Social Enterprise A social enterprise is an organization that applies commercial strategies to maximize improvements in financial, social and environmental well-being. This may include maximizing social impact alongside profits for co-owners. Social enterprises ha ...
Limited Liability Company A limited liability company (LLC) is the United States-specific form of a private limited company. It is a business structure that can combine the pass-through taxation of a partnership or sole proprietorship with the limited liability of ...
and manager of the non-profit project ChongLuaDao, which he co-founded with his partners at the end of 2020.


Hacker


The crime and its beginning

Ngo Minh Hieu is a Vietnamese.Vietnamese National Sentenced to 13 Years in Prison for Operating a Massive International Hacking and Identity Theft Scheme
(press release), U.S. Department of Justice, Office of Public Affairs (July 14, 2015).
He was born in Gia Lai,
Vietnam Vietnam, officially the Socialist Republic of Vietnam (SRV), is a country at the eastern edge of mainland Southeast Asia, with an area of about and a population of over 100 million, making it the world's List of countries and depende ...
, on October 8, 1989. In his late teens, he went to
New Zealand New Zealand () is an island country in the southwestern Pacific Ocean. It consists of two main landmasses—the North Island () and the South Island ()—and List of islands of New Zealand, over 600 smaller islands. It is the List of isla ...
and aimed to become a network expert. By that time, he was already an administrator of several
dark web The dark web is the World Wide Web content that exists on darknets ( overlay networks) that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communica ...
hacker forums. He discovered vulnerability in the school’s network that can be exploited to steal credit card and bank accounts information. “I did contact the IT technician, but they don't care, so I hacked the whole system,” Hieu recalled. “Then I took advantage of the same vulnerability to hack other websites. I stole lots of information.” Hieu used the card data to buy concert and event tickets from
Ticketmaster Ticketmaster Entertainment, LLC is an American ticket sales and distribution company based in Beverly Hills, California, with operations in many countries around the world. In 2010, it merged with Live Nation under the name Live Nation Ente ...
, then sold tickets at TradeMe. The university became aware of his act, the
Auckland Auckland ( ; ) is a large metropolitan city in the North Island of New Zealand. It has an urban population of about It is located in the greater Auckland Region, the area governed by Auckland Council, which includes outlying rural areas and ...
police got involved. Hieu’s travel visa was not renewed after the first semester ended, and in retribution, he attacked the university’s site, shutting it down for at least two days. From 2007 to 2013, he operated a "massive international hacking and identity theft scheme from his home in Vietnam," in which he stole
personally identifiable information Personal data, also known as personal information or personally identifiable information (PII), is any information related to an identifiable person. The abbreviation PII is widely used in the United States, but the phrase it abbreviates has fou ...
(such as names,
Social Security number In the United States, a Social Security number (SSN) is a nine-digit number issued to United States nationality law, U.S. citizens, Permanent residence (United States), permanent residents, and temporary (working) residents under section 205(c)(2 ...
s, and bank account data) of 200 million U.S. citizens.James Eng
Hacker Gets 13 Years in Prison for Massive International ID Theft
, NBC News (July 14, 2015).
Hieu obtained this data by hacking companies' databases, then advertised and offered (on two websites he operated, which were later shuttered) the stolen information for purchase by other cybercriminals. Hieu was also able to obtain data from Court Ventures, an
Experian Experian plc is a multinational corporation, multinational data broker and consumer credit reporting company headquartered in Dublin, Ireland. Experian collects and aggregates information on more than 1 billion people and businesses including ...
subsidiary, by "posing as a private investigator operating out of Singapore." Hieu made nearly $2 million from his scheme. The Internal Revenue Service has confirmed that 13,673 U.S. citizens, whose stolen PII was sold on Hieu’s websites, have been victimized through the filing of $65 million in fraudulent individual income tax returns.


Prosecution, sentence, and release

In February 2013, Hieu entered the United States territory and was arrested after U.S. Secret Service investigators lured Hieu to
Guam Guam ( ; ) is an island that is an Territories of the United States, organized, unincorporated territory of the United States in the Micronesia subregion of the western Pacific Ocean. Guam's capital is Hagåtña, Guam, Hagåtña, and the most ...
"to consummate a business deal with a man he believed could deliver huge volumes of consumers' personal and financial data for resale." He subsequently pleaded guilty to federal crimes: (1)
wire fraud Mail fraud and wire fraud are terms used in the United States to describe the use of a physical (e.g., the U.S. Postal Service) or electronic (e.g., a phone, a telegram, a fax, or the Internet) mail system to defraud another, and are U.S. fede ...
, (2)
identity fraud Identity fraud is the use by one person of another person's personal information, without authorization, to commit a crime or to deceive or defraud that other person or a third person. Most identity fraud is committed in the context of financial ...
, (3) access device fraud, and (4) four counts of computer fraud and abuse. Hieu had been facing more than 42 years in federal prison, but his sentence was lightened because he cooperated with investigators to secure the arrest of at least a dozen of his U.S.-based customers. The Secret Service had difficulty pinning down the exact amount of financial damage inflicted by Hieu’s various ID theft services over the years, primarily because those services only kept records of what customers searched for, not which records they purchased. But based on the records they did have, the government estimated that Hieu’s service enabled approximately $1.1 billion in new account fraud at banks and retailers throughout the United States, and roughly $65 million in tax refund fraud with the states and the IRS. In July 2015, U.S. District Judge Paul Barbadoro sentenced Hieu, then age 25, to 13 years in prison. The Bureau of Prisons lists his register number as 03664-093, and his release date was 11/20/2019. In the final months of his detention, Hieu started reading everything he could get his hands on about computer and Internet security and even authored a lengthy guide written for the average Internet user with advice about how to avoid getting hacked or becoming the victim of identity theft. In the longer term, Hieu says, he wants to mentor young people and help guide them on the right path, and away from cybercrime. He’s been brutally honest about his crimes and the destruction he’s caused. His LinkedIn profile states up front that he’s a convicted cybercriminal. Hieu was described by the US government as "one of the most notorious thieves ever pardoned in a federal prison".


Cybersecurity specialist

Three months after his return to Vietnam, Hieu posted a photo of his application for the National Cyber Security Monitoring Center (NCSC) on his personal Facebook page on December 3, 2020. The next day, a representative of NCSC officially confirmed that Hieu would work for them as a technical expert. Less than a month after officially starting work for NCSC, Hieu PC publicly demolished two bogus websites, disguised as
Vietnam Airlines Vietnam Airlines () is the flag carrier of Vietnam. The airline was founded in 1956 and later established as a Government-owned corporation, state-owned enterprise in April 1989. Vietnam Airlines is headquartered in Long Biên district, Hanoi ...
and
Vietjet Air Vietjet Aviation Joint Stock Company (), operating as VietJet Air or Vietjet, is a Vietnamese low-cost airline based in Hanoi. It was the first privately owned airline to be established in Vietnam, being granted its initial approval to operate ...
booking services, designed to defraud passengers. These two sizable fake websites, which have been around for a while, are regarded as sizable fake websites. Hieu PC's decision to publicly knock both down gained attention and received backing from online users. Additionally, he removed profiles on social media that were created in his name with the intention of stealing consumers' confidence and making money. In light of the numerous scams that have recently cropped up and are causing Vietnamese users a great deal of harm, including impersonation scams,
malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
s disguising themselves as free applications, illegal virtual currency trading, etc. Hieu frequently makes appearances in campaigns against these scams, as well as providing users with advice and warnings. These scams include targeted attacks on business systems, and disinformation regarding
information security Information security is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data ...
understanding that creates public confusion. Along with the moniker "former hacker", Hieu is frequently referred to in Vietnamese media as a security engineer, and cyber security specialist. Frequently referred to as a "super hacker", he flatly refuted these labels, asserting that he was simply a regular person and not the "super hacker" that many media outlets had made him out to be. In December 2021, Meta collaborated with Hieu PC to release a series of films that addressed fraud prevention and guaranteeing consumers' safety when using the internet in Vietnam. The videos are broadcast on the Meta Vietnam Facebook page and Hieu's personal page. Both Hieu's personal page and the Meta Vietnam Facebook page are airing the videos. From " black hat", Ngo Minh Hieu turned " white hat" after returning to Vietnam. He is continually awarded by several technological businesses as well as cellular service providers for his efforts in finding and correcting security issues. In May 2022, he was honored by
Apple Inc. Apple Inc. is an American multinational corporation and technology company headquartered in Cupertino, California, in Silicon Valley. It is best known for its consumer electronics, software, and services. Founded in 1976 as Apple Comput ...
as one of the security specialists who contributed to this firm by identifying security weaknesses in Apple web servers. This is the first time he has been awarded in the capacity of "white hat". In February 2023, he was handed a certificate by the US carrier Verizon to congratulate him for uncovering two vulnerabilities that might damage data and two faults connected to the web management system of their network. In a meeting with Lao Dong Newspaper, Ngo Minh Hieu remarked that there are often a lot of financial companies and banks that request his cooperation to figure out the system's security weaknesses. He undertakes these works by contract, but 60% of his time is generally devoted to social projects. In March 2023, he was invited to
Dubai Dubai (Help:IPA/English, /duːˈbaɪ/ Help:Pronunciation respelling key, ''doo-BYE''; Modern Standard Arabic, Modern Standard Arabic: ; Emirati Arabic, Emirati Arabic: , Romanization of Arabic, romanized: Help:IPA/English, /diˈbej/) is the Lis ...
to attend and give a lecture on cybersecurity at the Gulf Information Security Expo & Conference (GISEC). This is the first time he has gone overseas since returning to Vietnam at the end of 2020. Currently, he is a member of the Information Security Board of the Vietnam Blockchain Association, which was launched on May 18, 2022. Additionally, he is the head of the Chaintracer Anti-Fraud Project, which is one of the association's four major initiatives for 2023. This blockchain-based transaction monitoring initiative supports efforts to combat money laundering and the funding of terrorism.


Social projects

In February 2021, he established the non-profit initiative " ChongLuaDao" (, ) together with the related website and add-on extension. This is a project to alert clients about websites with undesirable material, false content, phishing, scams, or harboring malware. After just one day of availability, the ChongLuaDao extension has received more than 3,500 downloads, more than 70 thousand views, and banned more than 1000 phishing websites from more than 1400 reports from users. Since returning to Vietnam, he has regularly participated in providing knowledge about information security in cyberspace, helping users avoid harmful websites. In addition, he has put up a blog called 7onez to help many individuals and companies enhance their knowledge of attacks from hackers. Some comments argue that these are all activities that this hacker does to atone for society. In May 2021, Ngo Minh Hieu and Coc Coc established the "Green Shield Campaign" with the purpose of providing a secure online environment for Vietnamese people. This is quite a campaign that attracted the attention of the media and Vietnamese people during its start. In less than 4 weeks, more than 24,000 hazardous websites have been reported by users, and more than 12,000 websites with harmful and phishing features have been warned. This makes Hieu PC's cyber security project efforts attract greater attention. During this time, he also took on the role of professional consultant for CyberKid Vietnam, a
non-profit A nonprofit organization (NPO), also known as a nonbusiness entity, nonprofit institution, not-for-profit organization, or simply a nonprofit, is a non-governmental (private) legal entity organized and operated for a collective, public, or so ...
organization that supports children in
cyberspace Cyberspace is an interconnected digital environment. It is a type of virtual world popularized with the rise of the Internet. The term entered popular culture from science fiction and the arts but is now used by technology strategists, security ...
. This is also a particular project that focuses on the protection of children, one of the most susceptible victims of cyberattacks. In the context of the breakout of the COVID-19 pandemic in Vietnam, the issue of stealing personal information and scamming users is taking place more and more severely. Hieu PC and his fanpage on the social network
Facebook Facebook is a social media and social networking service owned by the American technology conglomerate Meta Platforms, Meta. Created in 2004 by Mark Zuckerberg with four other Harvard College students and roommates, Eduardo Saverin, Andre ...
are presently one of the most noted information security channels when continuously updating preventative measures and associated warnings. The members of the ChongLuaDao initiative not only periodically issue warnings about the status and scams that are happening often, but also offer remedies and help for victims of scammers. On November 24, 2021, Ngo Minh Hieu announced the foundation of ChongLuaDao Company, a
social enterprise A social enterprise is an organization that applies commercial strategies to maximize improvements in financial, social and environmental well-being. This may include maximizing social impact alongside profits for co-owners. Social enterprises ha ...
private limited company A private limited company is any type of business entity in Privately held company, "private" ownership used in many jurisdictions, in contrast to a Public company, publicly listed company, with some differences from country to country. Example ...
. This non-profit company is the next evolution of the non-profit project of the same name that launched in late 2020. ChongLuaDao has partnered with a variety of domestic and international companies throughout its first three years of existence, including
Anti-Phishing Working Group The Anti-Phishing Working Group (APWG) is an international consortium focused on providing guidance and collecting data to reduce the risks of fraud and identity theft caused by phishing and related incidents. It was founded in 2003 by a US-based ...
, Kaspersky,
Cisco Cisco Systems, Inc. (using the trademark Cisco) is an American multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, s ...
,
Viettel The Military Industry and Telecoms Group (), Trade name, trading as Viettel or Viettel Group (), is a Vietnamese State-owned enterprise, state-owned multinational corporation, multinational telecommunications, technology and manufacturing C ...
, CyRadar,
Twitter Twitter, officially known as X since 2023, is an American microblogging and social networking service. It is one of the world's largest social media platforms and one of the most-visited websites. Users can share short text messages, image ...
, the Law Library (), VinCSS, the Global Anti-Scam Alliance (GASA), and
Google Chrome Google Chrome is a web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, iPadOS, an ...
. Apart from being recognized as the Cyber Security Awareness Champion Organization by the National Cybersecurity Alliance for two consecutive years in 2022 and 2023, ChongLuaDao has also been awarded two significant Vietnamese government honors: Made in Vietnam 2022 and Vietnam Talen Awards 2023. By the time of the three-year anniversary celebration, ChongLuaDao's membership communities had reached 500,000 members on the Facebook platform and 25,000 members in the Telegram group, thereby helping to detect and handle more than 20,000 malicious websites.


Cybersecurity startup

In 2022, Ngo Minh Hieu founded a project called CyPeace (). This project assists individuals and businesses in understanding the origins and verifying the safety of websites and applications through expert analysis. Accompanying him is Pham Tien Manh, another member of Chong Lua Dao. Pham Tien Manh, also known as Manh Pham, with nicknames Bé Mây or ManhNho, is a cybersecurity expert who previously served as a security researcher for
OWASP The Open Worldwide Application Security Project (formerly Open Web Application Security Project) (OWASP) is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of Io ...
. He was recognized by Facebook as one of the top 100 security experts in 2019. Like Hieu, Manh Pham has been continuously recognized by Apple Inc. for his contributions in identifying security vulnerabilities in Apple's web servers in March, June, September, and October of 2022. He also developed a deepfake detection tool that was showcased at the BlackHat Asia 2023 security forum held in Singapore. In 2023, Ngo Minh Hieu and Manh Pham officially established a cybersecurity company named Cyberspace Peace Company Limited (CyPeace), with Manh Pham as the
CEO A chief executive officer (CEO), also known as a chief executive or managing director, is the top-ranking corporate officer charged with the management of an organization, usually a company or a nonprofit organization. CEOs find roles in variou ...
and Ngo Minh Hieu as the
co-founder An organizational founder is a person who has undertaken some or all of the formational work needed to create a new organization, whether it is a business, a charitable organization, a governing body, a school, a group of entertainers, or any oth ...
. CyPeace operates with the philosophy "Cyber Peace of Mind," aiming to ensure internet information security for everyone. The company has initiated several projects with domestic and international partners, including collaborations with the National Innovation Center (NIC) under the Ministry of Planning and Investment. In March 2023, Ngo Minh Hieu represented CyPeace at the Gulf Information Security Expo & Conference (GISEC) in Dubai. In October of the same year, he and Manh Pham continued to represent the company at Gitex Global: Dubai 2023, the largest technology event of the year. At this event, CyPeace collaborated with Cookie Arena to organize a CTF workshop on the topic of Threat Hunting. In November, Ngo Minh Hieu again represented CyPeace at the Cyseex 2023 conference organized by the Cyseex Information Security Alliance, where CyPeace was also a co-sponsor. In 2024, Ngo Minh Hieu and Manh Pham continued to represent CyPeace at various information security events such as Cybersecurity Talk hosted by SotaTek, the "Hacker Roadmap" talk show at FPT University Hanoi, and the event "Cybersecurity - A Shared Responsibility" organized by CIO Vietnam. At the end of May, Ngo Minh Hieu, as the co-founder of CyPeace, participated in the 6th Vietnam Security Summit organized by the Ministry of Information and Communications, the Information Security Department, and the IEC Group. At this conference, he presented on the topic "Mobile Device Security for Remote Work" in the context of remote work becoming an irreversible trend.


Others activities

Besides humanitarian projects, Ngo Minh Hieu regularly appears in sharing sessions, discussion shows, seminars, or conferences on information security at home and abroad.


Awards


References


Further reading

* *


External links

* * {{DEFAULTSORT:Ngo, Hieu Minh People charged with identity theft Living people Vietnamese criminals 1989 births People from Gia Lai province Computer security specialists