At the height of his career, Vietnamese hacker Ngo Minh Hieu made a fortune stealing the personal data of hundreds of millions of Americans.
Now he has been recruited by his own authoritarian government to hunt, he says, the kind of cyber criminal he once used to be.
After serving seven years in US prisons for stealing some 200 million Americans’ personal details, Hieu was sent back to Vietnam, which imposes some of the world’s strictest curbs on online freedom.
Hieu says he has since turned his back on his criminal past.
“I fell to the bottom, now I am trying to climb up again,” the 32-year-old told AFP.
“Though I don’t earn much now, I have peace instead.”
His transformation, however, is complicated.
Hieu says his new job involves educating Vietnamese citizens about the dangers of the same sort of hacking he perpetrated.
But he is also working on cybersecurity for the government of a one-party state that cracks down ruthlessly on dissent, harassing and arresting people for posting critical opinions online.
‘More, more, more’
Nicknamed HieuPC when he was 12, Hieu was fascinated by computers as soon as he first laid hands on one.
But he was soon racking up $1,000 fines for stealing others’ internet connections for his own personal use.
He began hacking into foreign bank accounts, netting up to $600 a day in high school then using the money to study cybersecurity in New Zealand.
Hieu was forced to return home in 2010 after hacking his university and selling students’ personal information, and his illegal activities spiralled.
In his 20s, he made $100,000 a month hacking and selling some 200 million US social security numbers.
“I was on the top of success. I was over-proud of myself. I wanted more villas, more apartments, more luxurious cars,” Hieu said.
Then, in February 2013, he was lured to the United States in a sting operation and promptly arrested on landing.
‘Fallen to the bottom’
“I don’t know of any other cybercriminal who has caused more material financial harm to more Americans than Ngo,” Secret Service agent Matt O’Neill, who executed the plan to catch Hieu, told KrebsOnSecurity.com, a blog dedicated to cybersecurity.
Hieu was initially given a sentence of 45 years, later reduced to 13.
“I had fallen to the bottom, losing everything in my life,” Hieu said. “I thought of hanging myself.”
But he struggled through and was released in 2019, returning to Vietnam in 2020.
The former millionaire now lives in an average apartment in commercial capital Ho Chi Minh City and works at the state-owned National Cyber Security Centre.
“We’re focused on hunting criminals and thwarting cyberattacks,” he said, declining to comment on Vietnam’s increasingly repressive approach to online censorship.
A new cybersecurity law came into effect in 2019 that Amnesty International has warned grants the government “sweeping powers to limit online freedom” and target those who post opinions it dislikes.
The UN Human Rights Council in 2019 criticized the law for imposing “severe restrictions on freedom of expression and opinion”.
Activists and bloggers have been arrested, with some even jailed on charges of spreading propaganda against the state, and Amnesty warned last year that government-linked hackers were targeting rights activists.
Hieu insists that his work as a “threat hunter” is not political but focused on criminal hackers, tracking those who are trying to steal Vietnamese people’s data.
‘Hacking is like a knife’
Roughly 70 percent of Vietnam’s 98 million people use the internet, and cyber threats are rife.
A report by the International Institute for Strategic Studies quoted Microsoft data from 2020 showing Vietnam had the highest rate of ransomware attacks in the Asia-Pacific region.
Hieu travels the country speaking at schools and universities about the importance of cybersecurity, as well as the consequences of data being stolen.
While the government is pushing public awareness, Hieu said many Vietnamese had little understanding of cybercrime.
“Now I still hack, but I hack fraudulent webpages or try to understand data that blackhat hackers are trading online to trace them and find out who they are,” he said.
“Hacking is like a knife, which you may give to someone who wants to use it on something — bad or good.”
Related: Vietnamese Hackers Target Human Rights Defenders: Amnesty
