162: Hieu
Episode
93 min
Read time
2 min
AI-Generated Summary
Key Takeaways
- ✓Data broker exploitation method: Hieu hacked data brokers using SQL injection and file upload vulnerabilities, then stole customer login credentials to access databases containing 200 million US citizen records. He cycled through 5,000 stolen accounts to avoid detection, spreading searches across multiple legitimate user accounts to prevent billing anomalies.
- ✓Business model arbitrage: Hieu purchased data from Court Ventures at 14 cents per search through API access, then resold identical information for $1 per search on his darknet site. This generated $120,000 monthly revenue with $35,000 in costs, creating a sustainable 71% profit margin business for two years before detection.
- ✓Tax fraud ecosystem: Criminals used Hieu's identity lookups to file fraudulent tax returns, obtaining refund checks by impersonating victims with stolen Social Security numbers and address histories. The IRS loses billions annually to this scheme because verification systems fail to detect duplicate filings before issuing refund checks to criminals.
- ✓CFAA prosecution strategy: Federal prosecutors charged Hieu with violating Computer Fraud and Abuse Act for unauthorized access by impersonating legitimate users, not for the actual identity theft or fraud. This approach achieves 99% conviction rates because terms of service violations are easier to prove than demonstrating criminal intent or conspiracy.
- ✓Data broker security failures: LocatePlus, Microbilt, and Court Ventures never disclosed their breaches to affected customers or the public, despite Hieu accessing millions of records. These companies face no legal requirement to notify individuals when their personal information is compromised, unlike consumer-facing businesses that must report data breaches under state laws.
What It Covers
Vietnamese hacker Hieu Minh Ngo built a darknet identity marketplace selling 3 million US citizen records from data brokers LocatePlus, Microbilt, and Court Ventures, generating over $3 million before Secret Service arrested him in Guam using an elaborate sting operation.
Key Questions Answered
- •Data broker exploitation method: Hieu hacked data brokers using SQL injection and file upload vulnerabilities, then stole customer login credentials to access databases containing 200 million US citizen records. He cycled through 5,000 stolen accounts to avoid detection, spreading searches across multiple legitimate user accounts to prevent billing anomalies.
- •Business model arbitrage: Hieu purchased data from Court Ventures at 14 cents per search through API access, then resold identical information for $1 per search on his darknet site. This generated $120,000 monthly revenue with $35,000 in costs, creating a sustainable 71% profit margin business for two years before detection.
- •Tax fraud ecosystem: Criminals used Hieu's identity lookups to file fraudulent tax returns, obtaining refund checks by impersonating victims with stolen Social Security numbers and address histories. The IRS loses billions annually to this scheme because verification systems fail to detect duplicate filings before issuing refund checks to criminals.
- •CFAA prosecution strategy: Federal prosecutors charged Hieu with violating Computer Fraud and Abuse Act for unauthorized access by impersonating legitimate users, not for the actual identity theft or fraud. This approach achieves 99% conviction rates because terms of service violations are easier to prove than demonstrating criminal intent or conspiracy.
- •Data broker security failures: LocatePlus, Microbilt, and Court Ventures never disclosed their breaches to affected customers or the public, despite Hieu accessing millions of records. These companies face no legal requirement to notify individuals when their personal information is compromised, unlike consumer-facing businesses that must report data breaches under state laws.
Notable Moment
When Hieu landed in Guam thinking he was meeting business partners for an API deal, US Customs immediately escorted him to their office with a 10-inch stack of documents proving they knew everything about his operation, ending his belief that operating from Vietnam made him untouchable.
You just read a 3-minute summary of a 90-minute episode.
Get Darknet Diaries summarized like this every Monday — plus up to 2 more podcasts, free.
Pick Your Podcasts — FreeKeep Reading
More from Darknet Diaries
173: Tarjeteros
Apr 21 · 38 min
The Mel Robbins Podcast
Do THIS Every Day to Rewire Your Brain From Stress and Anxiety
Apr 27
More from Darknet Diaries
172: SuperBox
Apr 7 · 87 min
The Model Health Show
The Menopause Gut: Why Metabolism Changes & How to Reclaim Your Body - With Cynthia Thurlow
Apr 27
More from Darknet Diaries
We summarize every new episode. Want them in your inbox?
Similar Episodes
Related episodes from other podcasts
The Mel Robbins Podcast
Apr 27
Do THIS Every Day to Rewire Your Brain From Stress and Anxiety
The Model Health Show
Apr 27
The Menopause Gut: Why Metabolism Changes & How to Reclaim Your Body - With Cynthia Thurlow
The Rest is History
Apr 26
664. Britain in the 70s: Scandal in Downing Street (Part 3)
The Learning Leader Show
Apr 26
685: David Epstein - The Freedom Trap, Narrative Values, General Magic, The Nobel Prize Winner Who Simplified Everything, Wearing the Same Thing Everyday, and Why Constraints Are the Secret to Your Best Work
The AI Breakdown
Apr 26
Where the Economy Thrives After AI
This podcast is featured in Best Tech Podcasts (2026) — ranked and reviewed with AI summaries.
You're clearly into Darknet Diaries.
Every Monday, we deliver AI summaries of the latest episodes from Darknet Diaries and 192+ other podcasts. Free for up to 3 shows.
Start My Monday DigestNo credit card · Unsubscribe anytime