Arresting America’s Most Prolific Identity Thief: The Secret Service Agent and Hacker Revisit the Sting
Date Published
Exposing the minds behind cybercrime and the defenders racing to outsmart them.
Stories about cyberattacks make headlines almost daily. Ransomware shutters a hospital, a breach exposes millions of records, a phishing scheme drains bank accounts. But what we rarely see is the human side: the people orchestrating these attacks, and the investigators working to stop them.
That’s what makes Elastio proud to launch Detonation Point, sponsored by Elastio and hosted by Matt O’Neill, former Deputy Special Agent in Charge of Cyber Operations for the U.S. Secret Service. The podcast goes inside the frontlines of cybercrime. Each episode features conversations with the defenders in government, infrastructure, and enterprise who are racing to stay ahead—because cybercrime isn’t slowing down, and neither can we.
In the premiere episode, Matt sits down with Hieu Minh Ngo, once described as America’s most prolific identity thief, and the man he arrested.
The conversation spans everything from the staggering sums of money Hieu was making, to the social engineering tactics that bought him years of access to Americans’ personal data, to the elaborate sting operation that finally brought him down.
It sounds like something out of a movie, but it’s also packed with real-world lessons that shape how we think about cybercrime today. And while the episode itself is worth hearing in full, the Elastio team wanted to share a few of the key takeaways:
1. Cybercrime is an attractive business
Hieu is disarmingly honest about what drove him: money. At his peak, he was making $120,000 a month selling stolen identities. In Vietnam at the time, the average salary was about $150 per month. That gulf made him relentless. Like many bad actors, he saw cybercrime as a business, and every dollar earned pushed him to be more inventive.
“It was just money, money, money. At that time, I didn’t care about anything else.” – Hieu Minh Ngo
It’s a reminder of a truth that explains why this problem is not going away: cybercrime now operates as a global marketplace, sustained by well-funded organizations and huge financial incentives.
2. Social Engineering Can Still Beat Tech
Early on, Hieu hacked into U.S. data brokers. When those systems were patched, he didn’t stop—he adapted. By impersonating a private investigator, he convinced Court Ventures (later acquired by Experian) to hand over data on U.S. citizens. A forged license and a convincing story were enough to unlock two years of uninterrupted access to highly sensitive information.
The irony? It was social engineering that also led to his arrest. Law enforcement posed as a partner offering him new access. He showed up for a business meeting—and was arrested at the airport.
“The human error is at play in nearly every attack, whether it’s because of mistakes that have happened procedurally, administratively, or that the person was taken advantage of.” – Matt O’Neill
Even the best security stack can’t stop a convincing story in the right inbox.
3. AI Is Making Attacks Easier, Faster, and More Convincing
Deepfakes, automated phishing, real-time impersonation: AI is lowering the barrier to entry and giving attackers the upper hand.
“To me, the next two to five years from now, things will get worse because of AI. Artificial intelligence is good for business, but it’s also good for bad actors. They’re using AI to improve their techniques and malware to avoid detection. They’re also using AI to create deepfakes and phishing emails.” – Hieu Minh Ngo
“It lowers the barrier to entry. Back when you were active, you were using SQL injections, you were using things that required some level of sophistication. Now you don’t need that. And that’s gonna be a massive, massive problem for us going forward.” – Matt O’Neill
The arms race is accelerating - and AI is on both sides.
4. Cybercriminals Move Faster Because They Can
Cybercrime groups don’t deal with compliance checklists. They don’t ask permission. They cut slow partners. They act quickly and communicate constantly.
“As cybercriminals, there are no borders, no laws, no regulations. They just collaborate, and everything they build is on trust. That’s why they move very fast. There are no legal boundaries.” – Hieu Minh Ngo
Meanwhile, defenders operate in silos, slowed down by processes, policies, and communication gaps.
“Where defenders are siloed, attackers share. Where defenders deliberate, attackers act.” – Matt O’Neill
The challenge for defenders is to stay innovative and collaborative - within the bounds of the law.
5. Hardened Recovery Is the Only Safe Bet
Here’s where the conversation gets especially practical. Hieu is blunt: you will get breached. Attackers with time, money, and motivation will find a way in.
“Hackers are always looking for ways to manipulate employees, lure them to click on a malicious file, or exploit zero-day vulnerabilities. That kind of access can bypass security systems—even endpoint detection.
It doesn’t matter how big your company is, if they have time and money, they’ll get in. So even if you have a strong security solution, you also need the best backup solution. That’s the only way to stay safe.” – Hieu Minh Ngo
Or, as Matt put it:
“Too many boards are asking the wrong question: ‘Do we have backups?’ The real question should be: ‘Can we prove we can recover?’”
Because when prevention fails, recovery is your last - and only - line of defense.
Why You Should Listen
This is a rare conversation between the man who ran a cybercrime operation and the agent who stopped it. It’s thoughtful, candid, and packed with insights that defenders across sectors can learn from.
If you want to understand the human side of cybercrime - and what it really takes to stay resilient - this is an episode worth your time.
Let's go > Hear the full conversation on the premiere episode of Detonation Point here: Inside the fight against cybercrime with Matt O’Neill | Elastio
Additional Resources
Want to explore more about the case behind this conversation? Here are some recommended reads:
- How Much Is Your Identity Worth? – Krebs on Security
This blog post by investigative journalist Brian Krebs was the spark that helped law enforcement zero in on Hieu Minh Ngo. It details how stolen identity data was being sold in bulk online—and raised the first red flags about Hieu’s operation. - Vietnamese National Sentenced to 13 Years in Prison – FBI
The original press release from the FBI outlines the full scale of Hieu’s identity theft scheme, his arrest, and his eventual sentencing. - The Facts on Court Ventures and Experian – Experian Global News Blog
Experian’s official statement detailing its acquisition of Court Ventures and clarifying how the breach occurred—offering an inside look at how a data broker was manipulated through social engineering.