NEW HAMPSHIRE
A Vietnamese national on Tuesday was sentenced to 13 years in prison for hacking into U.S. businesses’ computers and stealing the IDs of about 200 million U.S. citizens, officials said.
U.S. District Court Judge Paul J. Barbadoro of New Hampshire sentenced the 25-year-old Hieu Minh Ngo who plead guilty to federal charges, including wire fraud, identity fraud, access device fraud and four counts of computer fraud and abuse, officials said.
Ngo made nearly $2 million from his scheme.
The IRS noted that 13,673 U.S. citizens, whose stolen IDs were sold on Ngo’s websites, have been victimized through the filing of $65 million in fraudulent individual income tax returns.
“From his home in Vietnam, Ngo used Internet marketplaces to offer for sale millions of stolen identities of U.S. citizens to more than a thousand cyber criminals scattered throughout the world,” said Assistant Attorney General Leslie Caldwell.
Adding, “Criminals buy and sell stolen identity information because they see it as a low-risk, high-reward proposition. Identifying and prosecuting cybercriminals like Ngo is one of the ways we’re working to change that cost-benefit analysis.”
According to the plea agreement, from 2007 to 2013, Ngo operated online marketplaces from his home in Vietnam, including “superget.info” and “findget.me,” to sell packages of stolen IDs.
These packages, known as “fullz,” typically included a person’s name, date of birth, social security number, bank account number and bank routing number.
Ngo also admitted to acquiring and offering for sale stolen payment card data, which typically included the victim’s payment card number, expiration date, CVV number, name, address and phone number.
Ngo admitted that he obtained some of the stolen IDs by hacking into a New Jersey-based business and stealing customer information.
In addition to selling the “fullz,” Ngo admitted to offering buyers the ability to query online databases for the stolen IDs of specific individuals.
Specifically, Ngo admitted that he offered access to IDs for 200 million U.S. citizens, and that more than 1,300 customers from around the world conducted more than three million “queries” through the third-party databases maintained on his websites.
“This case demonstrates that identity theft is a worldwide threat that has the potential to touch every one of us,” said Acting U.S. Attorney Donald Feith. “I want to acknowledge the excellent work of the United States Secret Service in identifying and capturing Mr. Ngo.”
According to admissions made in connection with his guilty plea, from 2007 to 2013, Ngo operated online marketplaces from his home in Vietnam, including “superget.info” and “findget.me,” to sell packages of stolen IDs.
These packages, known as “fullz,” typically included a person’s name, date of birth, social security number, bank account number and bank routing number.
Ngo also admitted to acquiring and offering for sale stolen payment card data, which typically included the victim’s payment card number, expiration date, CVV number, name, address and phone number.
Ngo admitted that he obtained some of the stolen IDs by hacking into a New Jersey-based business and stealing customer information.
In addition to selling the “fullz,” Ngo admitted to offering buyers the ability to query online databases for the stolen IDs of specific individuals.