Hieu Minh Ngo

Early Life and Introduction to Hacking

Ngo Minh Hieu was born on October 8, 1989, in Gia Lai, Vietnam. In his late teens he traveled to New Zealand with the goal of becoming a network expert. By that time he was already an administrator of several dark web hacker forums. While studying in New Zealand, he discovered a vulnerability in his school's network that could be exploited to steal credit card and bank account information. After reporting the issue to IT staff and receiving no response, he exploited the vulnerability himself, subsequently using the same technique against other websites. He used stolen card data to purchase tickets from Ticketmaster and resell them on TradeMe. When the university became aware of his activities and Auckland police became involved, his travel visa was not renewed; in response, he attacked the university's website, taking it offline for at least two days.

Criminal Scheme and Arrest

From 2007 to 2013, Ngo Minh Hieu operated what U.S. authorities described as a massive international hacking and identity theft scheme conducted from his home in Vietnam. Over that period he stole personally identifiable information — including names, Social Security numbers, and bank account data — belonging to approximately 200 million U.S. citizens. He obtained this data by hacking corporate databases and then advertised the stolen records for sale to other cybercriminals through two websites he operated. He also obtained data from Court Ventures, an Experian subsidiary, by posing as a private investigator based in Singapore.

Hieu earned nearly $2 million from the scheme. U.S. authorities estimated that his services enabled approximately $1.1 billion in new account fraud at banks and retailers across the United States, and roughly $65 million in fraudulent tax refund filings. The IRS confirmed that 13,673 U.S. citizens whose information was sold through his websites were victimized through $65 million in fraudulent individual income tax returns.

In February 2013, U.S. Secret Service investigators lured Hieu to Guam under the pretense of a business deal involving large volumes of consumer financial data. He was arrested upon entering U.S. territory. He subsequently pleaded guilty to wire fraud, identity fraud, access device fraud, and four counts of computer fraud and abuse.

Sentencing and Prison

In July 2015, U.S. District Judge Paul Barbadoro sentenced Hieu to 13 years in federal prison. He had faced a potential sentence of more than 42 years, but his cooperation with investigators — which helped secure the arrest of at least a dozen of his U.S.-based customers — resulted in a reduced sentence. The U.S. government described him as "one of the most notorious thieves ever to grace a federal prison." During the final months of his detention, Hieu studied computer and internet security extensively and authored a guide for general internet users on avoiding hacking and identity theft. He was released early in 2020.

Return to Vietnam and Cybersecurity Work

After returning to Vietnam, Hieu was recruited by the National Cyber Security Centre (NCSC) under the Ministry of Information and Communications as a technical expert, a role confirmed publicly in December 2020. Shortly after joining the NCSC, he publicly identified and took down two fraudulent websites impersonating Vietnam Airlines and Vietjet Air booking services.

Hieu has since become a visible figure in Vietnamese cybersecurity, regularly participating in public awareness campaigns against phishing, impersonation scams, malware, and illegal virtual currency trading. In December 2021, Meta collaborated with him to release a series of videos on fraud prevention for Vietnamese internet users. He has been recognized by Apple Inc. for identifying security vulnerabilities in Apple web servers, and in February 2023 received a certificate from Verizon for uncovering two data-related vulnerabilities and two web management system flaws. In March 2023, he was invited to speak at the Gulf Information Security Expo & Conference (GISEC) in Dubai.

ChongLuaDao and Social Projects

In February 2021, Hieu co-founded the non-profit initiative ChongLuaDao (Vietnamese for "Scam Fighters"), along with an associated website and browser extension designed to alert users to phishing sites, malware, and fraudulent content. Within one day of launch, the extension received more than 3,500 downloads and flagged over 1,000 phishing websites. In November 2021, he announced the formation of ChongLuaDao Company, a social enterprise private limited company, as the next evolution of the project. ChongLuaDao has partnered with organizations including Kaspersky, Cisco, Google Chrome, the Anti-Phishing Working Group, and the Global Anti-Scam Alliance. It was recognized as a Cyber Security Awareness Champion Organization by the National Cybersecurity Alliance in both 2022 and 2023, and received the Made in Vietnam 2022 and Vietnam Talent Awards 2023 honors. By its three-year anniversary, ChongLuaDao's communities had reached 500,000 members on Facebook and 25,000 members on Telegram, collectively helping to identify and address more than 20,000 malicious websites.

In May 2021, Hieu partnered with Coc Coc to launch the Green Shield Campaign, which resulted in more than 24,000 hazardous websites being reported and more than 12,000 phishing sites flagged within four weeks. He also served as a professional consultant for CyberKid Vietnam, a non-profit focused on protecting children in cyberspace.

CyPeace and Ongoing Ventures

In 2022, Hieu founded the CyPeace project alongside cybersecurity expert Pham Tien Manh. In 2023, the two formally established Cyberspace Peace Company Limited (CyPeace), with Manh Pham serving as CEO and Hieu as co-founder. The company focuses on helping individuals and organizations verify the safety of websites and applications. CyPeace has collaborated with the National Innovation Center under Vietnam's Ministry of Planning and Investment and has been represented at international events including GISEC Dubai 2023 and Gitex Global Dubai 2023. Hieu is also a member of the Information Security Board of the Vietnam Blockchain Association and heads the Chaintracer Anti-Fraud Project, a blockchain-based initiative aimed at combating money laundering and terrorism financing.