Kingpin Behind Massive Identity-Theft Service Says He's Sorry (krebsonsecurity.com) 24
Krebs on Security tells the tale of Hieu Minh Ngo, who earned $3 million by selling the identity records he'd stolen from consumer data brokers (which included social security numbers and physical addresses). "He was selling the personal information on more than 200 million Americans," one secret service agent tells the site, "and allowing anyone to buy it for pennies apiece."
Handling over 160,000 queries each month, Ngo's service "enabled approximately $1.1 billion in new account fraud at banks and retailers throughout the United States," according to government estimates, "and roughly $64 million in tax refund fraud with the states and the IRS..." Ngo said he wasn't surprised that his services were responsible for so much financial damage. But he was utterly unprepared to hear about the human toll. Throughout the court proceedings, Ngo sat through story after dreadful story of how his work had ruined the financial lives of people harmed by his services... "[D]uring my case, the federal court received like 13,000 letters from victims who complained they lost their houses, jobs, or could no longer afford to buy a home or maintain their financial life because of me. That made me feel really bad, and I realized I'd been a terrible person."
Even as he bounced from one federal detention facility to the next, Ngo always seemed to encounter ID theft victims wherever he went, including prison guards, healthcare workers and counselors. "When I was in jail at Beaumont, Texas I talked to one of the correctional officers there who shared with me a story about her friend who lost her identity and then lost everything after that," Ngo recalled. "Her whole life fell apart. I don't know if that lady was one of my victims, but that story made me feel sick. I know now that was I was doing was just evil."
The article says Ameria's secret service describes Ngo "as someone who caused more material financial harm to more Americans than any other convicted cybercriminal."
"Ngo was recently deported back to his home country after serving more than seven years in prison for running multiple identity theft services. He now says he wants to use his experience to convince other cybercriminals to use their skills for good..."
Handling over 160,000 queries each month, Ngo's service "enabled approximately $1.1 billion in new account fraud at banks and retailers throughout the United States," according to government estimates, "and roughly $64 million in tax refund fraud with the states and the IRS..." Ngo said he wasn't surprised that his services were responsible for so much financial damage. But he was utterly unprepared to hear about the human toll. Throughout the court proceedings, Ngo sat through story after dreadful story of how his work had ruined the financial lives of people harmed by his services... "[D]uring my case, the federal court received like 13,000 letters from victims who complained they lost their houses, jobs, or could no longer afford to buy a home or maintain their financial life because of me. That made me feel really bad, and I realized I'd been a terrible person."
Even as he bounced from one federal detention facility to the next, Ngo always seemed to encounter ID theft victims wherever he went, including prison guards, healthcare workers and counselors. "When I was in jail at Beaumont, Texas I talked to one of the correctional officers there who shared with me a story about her friend who lost her identity and then lost everything after that," Ngo recalled. "Her whole life fell apart. I don't know if that lady was one of my victims, but that story made me feel sick. I know now that was I was doing was just evil."
The article says Ameria's secret service describes Ngo "as someone who caused more material financial harm to more Americans than any other convicted cybercriminal."
"Ngo was recently deported back to his home country after serving more than seven years in prison for running multiple identity theft services. He now says he wants to use his experience to convince other cybercriminals to use their skills for good..."
Who cares? (Score:4, Insightful)
"He was selling the personal information on more than 200 million Americans," one secret service agent tells the site, "and allowing anyone to buy it for pennies apiece."
And the problem is... it's too cheap?
Everybody does it, the post office, the DMV, Facebook, Walmart ....
Re: (Score:3)
He is not the problem (Score:2)
Re: (Score:3)
They're both the problem. Wait until your identity is stolen and becomes so toxic that you can't find anywhere to live, can't get basic utilities without massive deposits and/or inferior prepaid plans, etc. You'll be singing a different tune.
Re:He is not the problem (Score:5, Insightful)
That's the thing. If a guy shows up on the street claiming to be my long lost uncle asking to borrow money, and I give it to him, I would be laughed out of court if I try to get it out of my real uncle. But somehow, if a big corp does the same thing, they are allowed to ruin the life of the hypothetical uncle.
If the credit and lending agencies were actually held responsible for their actions (rather than making the victims responsible), the whole problem goes away. It might make some things more inconvenient, but it would be an improvement over the current situation.
The required changes are:
1. credit agencies held financially and legally responsible for disseminating incorrect information
2. lenders have to prove that someone is actually responsible for the debt before putting negative reports on record.
both supported by stiff fines and treble damages.
Re: (Score:3)
Bingo. You hit the nail on the head. Why the system forces people who had nothing to do with BigCorp's idiocy (giving goods/services to someone BigCorp didn't properly identify) to prove it wasn't them instead of BigCorp proving it was is a myst
Re: (Score:2)
Perhaps more to the point, "identity theft" is a combination of two crimes. The first is fraud/ theft of goods or services. The second is a mis-mash of extortion, fraud, and harassment perpetrated by the credit agencies, creditor, and collections agents against the innocent victim of "identity theft".
All of those crimes should be pursued and punished.
Re: (Score:3)
That is indeed a problem. Too many generally large corporations who do practically no checking before they fork over money and courts that just take their word for it when they say YOU owe it back.
Funny thing during the mortgage crisis and the wave of foreclosures after. A very few judges decided to actually follow the law and ask the banks for proof that they even held a mortgage on the properties they were foreclosing. Many couldn't come up with it. It seems the mortgages were traded around so much with n
Re: (Score:2)
Liability (Score:1)
Re: (Score:3)
Are you nuts? A company to be responsible for its behaviour? Even more, a bank/credit company? Are you trying to ruin the economy or what?
Re: Liability (Score:1)
Re: (Score:3)
The victims' suffering should never have even started given that the creditors couldn't show that they owed anything in the first place.
More troubling. (Score:1)
The more troubling thing is that Court Ventures/Experian was letting *anyone* perform 160,000 queries a month, sight unseen.
And apparently TransUnion was allowing 1000 queries per day = ~30,000 per month.
Both Experian and TransUnion were profiting from this.
Re: (Score:2)
Experian is the worst. Apparently they so thoroughly believe in the accuracy of their credit ratings that they'll happily give it a bit of a bump for the chance at a kickback from a credit card issuer that your new rating qualifies you for.
Re: (Score:2)
All of which proves the whole thing is a game.
Re: (Score:3)
Especially since in a serious world, "Boost" would convince Experian's real customers (creditors) that their ratings were worthless, especially the ones whose cards are offered in advertising from the app.
Re: (Score:2)
Exactly. How can people be so blind or stupid? Can't see the forest for the trees? Or is everyone pretty much aware and just accepts that most of politics and economy and life is a big game? The rules of which keep changing...
he's sorry he got caught (Score:2, Insightful)
There is a different between true remorse and feeling sorry for yourself that you got caught.
Slimy bastard.
udderly unprepared to hear about the human toll (Score:3)
"That made me feel really bad, and I realized I'd been a terrible person."
If only I had known .... I'd have sold it for more to make up for the horrible devastation.
Actually, I can half-way believe him. It's easy to get, it's easy to sell, and it's just data; how bad can it be? Oh. Well, I just make the knives and bullets -- I'm sorry if something bad happens with them. I hadn't intended it that way.
SSNs and physical addresses? The latter you can (could) get from phone books and Facebook; I hear that given a place and a birth-year you can really narrow down a SSN -- it's "unique" but NOT intended to be any kind of a security code.
And him personally atoning for his actions is all good and well, but it's the corporations that leaked and then didn't check enough that's mostly responsible. YOU can take care of your data and keep it under control, but you must occasionally give it out to others that might not quite feel the same way.
Re: (Score:2)
I hear that given a place and a birth-year you can really narrow down a SSN
That assumes, of course, that you got one at birth. My mom filed to get my and my brother's SSNs when I was 14. The fun part was that she scribbled them down on a piece of paper, and hid the original cards away in a "safe place". Except that she wrote them down backwards, because of course my number would be the lower number since I was older, right? The university I went to used SSNs as student ID numbers, so now whenever I give info to be hired for a job, I have to put in big letters that my student ID is
This ruins lives! (Score:2)