A fascinating story by Brian Krebs on hacker Hieu Minh Ngo who sold access to "fullz" identity data to dark web data brokers. This in turn, enabled criminals to conduct tax refund and new account fraud causing "more material financial harm to Americans that any other convicted cyber criminal."
A Vietnam native, making USD $3 million is quite a sizable sum. The impact of his criminal activity to the U.S. banking system? Roughly $1.1 billion in new account fraud. The states and IRS took a hit on roughly $64 million in tax return fraud.
When faced with the realities of the hardships his service caused, Ngo appears to be genuinely remorseful after hearing first hand from countless identity theft victims: people losing their jobs, homes, and stripped of their bright futures, etc.
The COVID-19 pandemic has birthed a flurry of new scams, fraud and cybercrime activity across the world. With all of the breached identity data and credentials out there, it's relatively easy for new criminals to enter the market and make a decent income off of exposed people. It's a whole lot easier to commit these crimes if your victims are dehumanized.
The government estimated that Ngo’s service enabled ~$1.1 billion in new account fraud at banks and retailers throughout the US, and roughly $64 million in tax refund fraud with the states and the IRS. “We interviewed a number of Ngo’s customers, who were pretty open about why they were using his services,” O’Neill said. “Many told us the same thing: Buying identities was much better for them than stolen payment card data, because card data could be used once or twice before it was no good to them anymore. But identities could be used over and over for years.” O’Neill said he still marvels at the fact that Ngo’s name is practically unknown when compared to the world’s most infamous credit card thieves, some of whom were responsible for stealing hundreds of millions of cards from big box retail merchants.