Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Crime Privacy

Kingpin Behind Massive Identity-Theft Service Says He's Sorry (krebsonsecurity.com) 24

Krebs on Security tells the tale of Hieu Minh Ngo, who earned $3 million by selling the identity records he'd stolen from consumer data brokers (which included social security numbers and physical addresses). "He was selling the personal information on more than 200 million Americans," one secret service agent tells the site, "and allowing anyone to buy it for pennies apiece."

Handling over 160,000 queries each month, Ngo's service "enabled approximately $1.1 billion in new account fraud at banks and retailers throughout the United States," according to government estimates, "and roughly $64 million in tax refund fraud with the states and the IRS..." Ngo said he wasn't surprised that his services were responsible for so much financial damage. But he was utterly unprepared to hear about the human toll. Throughout the court proceedings, Ngo sat through story after dreadful story of how his work had ruined the financial lives of people harmed by his services... "[D]uring my case, the federal court received like 13,000 letters from victims who complained they lost their houses, jobs, or could no longer afford to buy a home or maintain their financial life because of me. That made me feel really bad, and I realized I'd been a terrible person."

Even as he bounced from one federal detention facility to the next, Ngo always seemed to encounter ID theft victims wherever he went, including prison guards, healthcare workers and counselors. "When I was in jail at Beaumont, Texas I talked to one of the correctional officers there who shared with me a story about her friend who lost her identity and then lost everything after that," Ngo recalled. "Her whole life fell apart. I don't know if that lady was one of my victims, but that story made me feel sick. I know now that was I was doing was just evil."

The article says Ameria's secret service describes Ngo "as someone who caused more material financial harm to more Americans than any other convicted cybercriminal."

"Ngo was recently deported back to his home country after serving more than seven years in prison for running multiple identity theft services. He now says he wants to use his experience to convince other cybercriminals to use their skills for good..."
This discussion has been archived. No new comments can be posted.

Kingpin Behind Massive Identity-Theft Service Says He's Sorry

Comments Filter:
  • Who cares? (Score:4, Insightful)

    by nospam007 ( 722110 ) * on Sunday August 30, 2020 @09:36AM (#60455090)

    "He was selling the personal information on more than 200 million Americans," one secret service agent tells the site, "and allowing anyone to buy it for pennies apiece."

    And the problem is... it's too cheap?

    Everybody does it, the post office, the DMV, Facebook, Walmart ....

  • I dont see that he is the problem. Its the system that relies on such little info and verification that you can destroy someones life with just their personal details.
    • They're both the problem. Wait until your identity is stolen and becomes so toxic that you can't find anywhere to live, can't get basic utilities without massive deposits and/or inferior prepaid plans, etc. You'll be singing a different tune.

    • by Chaset ( 552418 ) on Sunday August 30, 2020 @02:06PM (#60455916) Homepage Journal

      That's the thing. If a guy shows up on the street claiming to be my long lost uncle asking to borrow money, and I give it to him, I would be laughed out of court if I try to get it out of my real uncle. But somehow, if a big corp does the same thing, they are allowed to ruin the life of the hypothetical uncle.

      If the credit and lending agencies were actually held responsible for their actions (rather than making the victims responsible), the whole problem goes away. It might make some things more inconvenient, but it would be an improvement over the current situation.

      The required changes are:
      1. credit agencies held financially and legally responsible for disseminating incorrect information
      2. lenders have to prove that someone is actually responsible for the debt before putting negative reports on record.
      both supported by stiff fines and treble damages.

      • by anegg ( 1390659 )

        "If the credit and lending agencies were actually held responsible for their actions (rather than making the victims responsible), the whole problem goes away. It might make some things more inconvenient, but it would be an improvement over the current situation."

        Bingo. You hit the nail on the head. Why the system forces people who had nothing to do with BigCorp's idiocy (giving goods/services to someone BigCorp didn't properly identify) to prove it wasn't them instead of BigCorp proving it was is a myst

        • by sjames ( 1099 )

          Perhaps more to the point, "identity theft" is a combination of two crimes. The first is fraud/ theft of goods or services. The second is a mis-mash of extortion, fraud, and harassment perpetrated by the credit agencies, creditor, and collections agents against the innocent victim of "identity theft".

          All of those crimes should be pursued and punished.

    • by sjames ( 1099 )

      That is indeed a problem. Too many generally large corporations who do practically no checking before they fork over money and courts that just take their word for it when they say YOU owe it back.

      Funny thing during the mortgage crisis and the wave of foreclosures after. A very few judges decided to actually follow the law and ask the banks for proof that they even held a mortgage on the properties they were foreclosing. Many couldn't come up with it. It seems the mortgages were traded around so much with n

    • by vlad30 ( 44644 )
      He is only part of the problem the legal system to lenient, I'll put money on $3million is what they found, there is certainly more elsewhere which he will collect when he is out and the credit providers are some of the other parts to easy to lie to and using public info DOB as verification. them and no consequences for them at all. And last the victims for being too trusting with your personal info and not doing more to protect your personal info.
  • by Anonymous Coward
    I will never understand why the liability for false debt accrued is the liability of the holder and not the stupid institution who gave a line of credit without the appropriate checks. The liability should fall on the institution given the contracts should be considered null, given lack of informed consent, and credit reporting agencies should be liable for defamation for letting false debts destroy credit ratings. These victims suffering should have ended the moment the identity theft was made clear.
    • by Alumoi ( 1321661 )

      Are you nuts? A company to be responsible for its behaviour? Even more, a bank/credit company? Are you trying to ruin the economy or what?

      • Actually i think there in the nordic region they are. If they give out money with out giving it to me i dont think im liable. I should check that. But it does not make sence i would pay for it. Same as i dont pay when someone schims my debit card and drain my account in india (that happend) tok about a week to get it back. Not my fault they have crappy security on them.
    • by sjames ( 1099 )

      The victims' suffering should never have even started given that the creditors couldn't show that they owed anything in the first place.

  • The more troubling thing is that Court Ventures/Experian was letting *anyone* perform 160,000 queries a month, sight unseen.

    And apparently TransUnion was allowing 1000 queries per day = ~30,000 per month.

    Both Experian and TransUnion were profiting from this.

    • by sjames ( 1099 )

      Experian is the worst. Apparently they so thoroughly believe in the accuracy of their credit ratings that they'll happily give it a bit of a bump for the chance at a kickback from a credit card issuer that your new rating qualifies you for.

      • by bobby ( 109046 )

        All of which proves the whole thing is a game.

        • by sjames ( 1099 )

          Especially since in a serious world, "Boost" would convince Experian's real customers (creditors) that their ratings were worthless, especially the ones whose cards are offered in advertising from the app.

          • by bobby ( 109046 )

            Exactly. How can people be so blind or stupid? Can't see the forest for the trees? Or is everyone pretty much aware and just accepts that most of politics and economy and life is a big game? The rules of which keep changing...

  • by Anonymous Coward

    There is a different between true remorse and feeling sorry for yourself that you got caught.

    Slimy bastard.

  • He was unprepared and devastated ... to learn that he was caught.

    "That made me feel really bad, and I realized I'd been a terrible person."

    If only I had known .... I'd have sold it for more to make up for the horrible devastation.

    Actually, I can half-way believe him. It's easy to get, it's easy to sell, and it's just data; how bad can it be? Oh. Well, I just make the knives and bullets -- I'm sorry if something bad happens with them. I hadn't intended it that way.

    SSNs and physical addresses? The latter you can (could) get from phone books and Facebook; I hear that given a place and a birth-year you can really narrow down a SSN -- it's "unique" but NOT intended to be any kind of a security code.

    And him personally atoning for his actions is all good and well, but it's the corporations that leaked and then didn't check enough that's mostly responsible. YOU can take care of your data and keep it under control, but you must occasionally give it out to others that might not quite feel the same way.

    • by Megane ( 129182 )

      I hear that given a place and a birth-year you can really narrow down a SSN

      That assumes, of course, that you got one at birth. My mom filed to get my and my brother's SSNs when I was 14. The fun part was that she scribbled them down on a piece of paper, and hid the original cards away in a "safe place". Except that she wrote them down backwards, because of course my number would be the lower number since I was older, right? The university I went to used SSNs as student ID numbers, so now whenever I give info to be hired for a job, I have to put in big letters that my student ID is

  • He ruined people's credit and reputations for life. He should be executed. Now that he's apologized, obviously, he should be set on fire while alive in public that they should sell tickets. The most common identity theft targets are the elderly and high functioning mentally ill btw.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...