A 25-year-old Vietnamese hacker was sentenced to 13 years in prison on Tuesday, after appearing before a judge to face the criminal charges attributed with hacking into U.S. companies to steal some 200 million Americans identities. The Department of Justice also accused the Vietnamese citizen, Hieu Minh Ngo, of selling the information to criminals online, presumably for identity fraud and other identity related schemes. Prosecutors said the 25-year-old made a total of $2 million during sales.
“Criminals buy and sell stolen identity information because they see it as a low-risk, high-reward proposition,” Assistant Attorney General Leslie Caldwell said in her Tuesday release. “Identifying and prosecuting cybercriminals like Ngo is one of the ways we’re working to change that cost-benefit analysis.”
Ngo was sentenced in the U.S. district court in New Hampshire on Tuesday, under criminal charges including identity fraud, access device fraud and wire fraud, the Department of Justice reported.
Between 2007 and 2013, Ngo worked from home in Vietnam where he worked to penetrate computer systems, however details regarding tactics Ngo used to hack into systems was not discussed during the trial. Once Ngo successfully hacked into companies computer systems, he would instantly collect as much personal information as he could on the company, including names, addresses, phone numbers, birthdays, Social Security numbers, bank details and credit card numbers.
After Ngo successfully ransacked the targeted company’s computers, he’d then organize the data and begin to sell it to fraudsters on websites including superget.info and findget.me. Following his arrest the domains were seized and sites were turned offline.
During his trial, Ngo admitted that fellow cybercrooks could sift through the trove of stolen information, with the ability to target specific individuals. Essentially the Google of identities. During Ngo’s time of business, his more than 1,300 customers used the search feature to enter a total of three million search queries.
Cybercriminals would then turn around and abuse their access to information and begin to file fraudulent tax returns. The site alone affected 13,673 Americans whose identities were purchased through the website and used to file over $65 million in fraudulent returns, the Internal Revenue Service reported.
Ngo’s news come just weeks after the U.S. Office of Personnel Management announced that hackers broke into their network, with new information revealing that some 21.5 million government workers information was compromised.
Identity fraud continues to skyrocket as major companies and federal agencies are being hacked on the regular, releasing troves of sensitive information every time.