Hieu Minh Ngo

Ngo Minh Hieu (also known as Hieu PC; born October 8, 1989) is a Vietnamese cyber security specialist and a former hacker and identity thief. He was convicted in the United States of stealing millions of people's personally identifiable information and in 2015 he was sentenced to 13 years in U.S. federal prison. After his early release from prison in 2020, Hieu returned to Vietnam and was recruited by the National Cyber Security Centre (NCSC) under the Ministry of Information and Communications as a technical expert. Currently, he holds the positions of director of the limited liability ChongLuaDao Social Enterprise Limited Liability Company and manager of the non-profit project ChongLuaDao, which he co-founded with his partners at the end of 2020.

The crime and its beginning
Ngo Minh Hieu is a Vietnamese. He was born in Gia Lai, Vietnam, on October 8, 1989.

In his late teens, he went to New Zealand and aimed to become a network expert. By that time, he was already an administrator of several dark web hacker forums. He discovered vulnerability in the school’s network that can be exploited to steal credit card and bank accounts information. “I did contact the IT technician, but they don't care, so I hacked the whole system,” Hieu recalled. “Then I took advantage of the same vulnerability to hack other websites. I stole lots of information.” Hieu used the card data to buy concert and event tickets from Ticketmaster, then sold tickets at TradeMe. The university became aware of his act, the Auckland police got involved. Hieu’s travel visa was not renewed after the first semester ended, and in retribution, he attacked the university’s site, shutting it down for at least two days.

From 2007 to 2013, he operated a "massive international hacking and identity theft scheme from his home in Vietnam," in which he stole personally identifiable information (such as names, Social Security numbers, and bank account data) of 200 million U.S. citizens. Hieu obtained this data by hacking companies' databases, then advertised and offered (on two websites he operated, which were later shuttered) the stolen information for purchase by other cybercriminals. Hieu was also able to obtain data from Court Ventures, an Experian subsidiary, by "posing as a private investigator operating out of Singapore."

Hieu made nearly $2 million from his scheme. The Internal Revenue Service has confirmed that 13,673 U.S. citizens, whose stolen PII was sold on Hieu’s websites, have been victimized through the filing of $65 million in fraudulent individual income tax returns.

Prosecution, sentence, and release
In February 2013, Hieu entered the United States territory and was arrested after U.S. Secret Service investigators lured Hieu to Guam "to consummate a business deal with a man he believed could deliver huge volumes of consumers' personal and financial data for resale." He subsequently pleaded guilty to federal crimes: (1) wire fraud, (2) identity fraud, (3) access device fraud, and (4) four counts of computer fraud and abuse. Hieu had been facing more than 42 years in federal prison, but his sentence was lightened because he cooperated with investigators to secure the arrest of at least a dozen of his U.S.-based customers.

The Secret Service had difficulty pinning down the exact amount of financial damage inflicted by Hieu’s various ID theft services over the years, primarily because those services only kept records of what customers searched for, not which records they purchased. But based on the records they did have, the government estimated that Hieu’s service enabled approximately $1.1 billion in new account fraud at banks and retailers throughout the United States, and roughly $65 million in tax refund fraud with the states and the IRS.

In July 2015, U.S. District Judge Paul Barbadoro sentenced Hieu, then age 25, to 13 years in prison. The Bureau of Prisons lists his register number as 03664-093, and his release date was 11/20/2019. In the final months of his detention, Hieu started reading everything he could get his hands on about computer and Internet security and even authored a lengthy guide written for the average Internet user with advice about how to avoid getting hacked or becoming the victim of identity theft. In the longer term, Hieu says, he wants to mentor young people and help guide them on the right path, and away from cybercrime. He’s been brutally honest about his crimes and the destruction he’s caused. His LinkedIn profile states up front that he’s a convicted cybercriminal. Hieu was described by the US government as "one of the most notorious thieves ever pardoned in a federal prison".

Work as a cybersecurity expert
Three months after his return to Vietnam, Hieu posted a photo of his application for the National Cyber Security Monitoring Center (NCSC) on his personal Facebook page on December 3, 2020. The next day, a representative of NCSC officially confirmed that Hieu would work for them as a technical expert. Less than a month after officially starting work for NCSC, Hieu PC publicly demolished two bogus websites, disguised as Vietnam Airlines and Vietjet Air booking services, designed to defraud passengers. These two sizable fake websites, which have been around for a while, are regarded as sizable fake websites. Hieu PC's decision to publicly knock both down gained attention and received backing from online users. Additionally, he removed profiles on social media that were created in his name with the intention of stealing consumers' confidence and making money.

In light of the numerous scams that have recently cropped up and are causing Vietnamese users a great deal of harm, including impersonation scams, malwares disguising themselves as free applications,   illegal virtual currency trading, etc. Hieu frequently makes appearances in campaigns against these scams, as well as providing users with advice and warnings. These scams include targeted attacks on business systems, and disinformation regarding information security understanding that creates public confusion. Along with the moniker "former hacker", Hieu is frequently referred to in Vietnamese media as a security engineer,  and cyber security specialist. Frequently referred to as a "super hacker", he flatly refuted these labels, asserting that he was simply a regular person and not the "super hacker" that many media outlets had made him out to be. In December 2021, Meta collaborated with Hieu PC to release a series of films that addressed fraud prevention and guaranteeing consumers' safety when using the internet in Vietnam. The videos are broadcast on the Meta Vietnam Facebook page and Hieu's personal page. Both Hieu's personal page and the Meta Vietnam Facebook page are airing the videos.

From "black hat", Ngo Minh Hieu turned "white hat" after returning to Vietnam. He is continually awarded by several technological businesses as well as cellular service providers for his efforts in finding and correcting security issues. In May 2022, he was honored by Apple Inc. as one of the security specialists who contributed to this firm by identifying security weaknesses in Apple web servers. This is the first time he has been awarded in the capacity of "white hat". In February 2023, he was handed a certificate by the US carrier Verizon to congratulate him for uncovering two vulnerabilities that might damage data and two faults connected to the web management system of their network. In a meeting with Lao Dong Newspaper, Ngo Minh Hieu remarked that there are often a lot of financial companies and banks that request his cooperation to figure out the system's security weaknesses. He undertakes these works by contract, but 60% of his time is generally devoted to social projects.

In March 2023, he was invited to Dubai to attend and give a lecture on cybersecurity at the Gulf Information Security Expo & Conference (GISEC). This is the first time he has gone overseas since returning to Vietnam at the end of 2020. Currently, he is a member of the Information Security Board of the Vietnam Blockchain Association, which was launched on May 18, 2022. Additionally, he is the head of the Chaintracer Anti-Fraud Project, which is one of the association's four major initiatives for 2023. This blockchain-based transaction monitoring initiative supports efforts to combat money laundering and the funding of terrorism.

Besides humanitarian projects, Ngo Minh Hieu regularly appears in sharing sessions, discussion shows, seminars, or conferences on information security at home and abroad.

Social projects
In February 2021, he established the non-profit initiative "ChongLuaDao" (Scam Fighters, Chống Lừa Đảo) together with the related website and add-on extension. This is a project to alert clients about websites with undesirable material, false content, phishing, scams, or harboring malware. After just one day of availability, the ChongLuaDao extension has received more than 3,500 downloads, more than 70 thousand views, and banned more than 1000 phishing websites from more than 1400 reports from users. Since returning to Vietnam, he has regularly participated in providing knowledge about information security in cyberspace, helping users avoid harmful websites. In addition, he has put up a blog called 7onez to help many individuals and companies enhance their knowledge of attacks from hackers. Some comments argue that these are all activities that this hacker does to atone for society.

In May 2021, Ngo Minh Hieu and Coc Coc established the "Green Shield Campaign" with the purpose of providing a secure online environment for Vietnamese people. This is quite a campaign that attracted the attention of the media and Vietnamese people during its start. In less than 4 weeks, more than 24,000 hazardous websites have been reported by users, and more than 12,000 websites with harmful and phishing features have been warned. This makes Hieu PC's cyber security project efforts attract greater attention. During this time, he also took on the role of professional consultant for CyberKid Vietnam, a non-profit organization that supports children in cyberspace. This is also a particular project that focuses on the protection of children, one of the most susceptible victims of cyberattacks. In the context of the breakout of the COVID-19 pandemic in Vietnam, the issue of stealing personal information and scamming users is taking place more and more severely. Hieu PC and his fanpage on the social network Facebook are presently one of the most noted information security channels when continuously updating preventative measures and associated warnings.

The members of the ChongLuaDao initiative not only periodically issue warnings about the status and scams that are happening often, but also offer remedies and help for victims of scammers. On November 24, 2021, Ngo Minh Hieu announced the foundation of ChongLuaDao Company, a social enterprise private limited company. This non-profit company is the next evolution of the non-profit project of the same name that launched in late 2020. ChongLuaDao has partnered with a variety of domestic and international companies throughout its first three years of existence, including Anti-Phishing Working Group, Kaspersky, Cisco, Viettel, CyRadar, Twitter, the Law Library (Thư viện Pháp luật), VinCSS,  the Global Anti-Scam Alliance (GASA), and Google Chrome. Apart from being recognized as the Cyber Security Awareness Champion Organization by the National Cybersecurity Alliance for two consecutive years in 2022 and 2023, ChongLuaDao has also been awarded two significant Vietnamese government honors: Made in Vietnam 2022 and Vietnam Talen Awards 2023. By the time of the three-year anniversary celebration, ChongLuaDao's membership communities had reached 500,000 members on the Facebook platform and 25,000 members in the Telegram group, thereby helping to detect and handle more than 20,000 malicious websites.