Posts Tagged: findget.me


21
Jul 15

Experian Hit With Class Action Over ID Theft Service

Big-three credit bureau Experian is the target of a class-action lawsuit just filed in California. The suit alleges that Experian negligently violated consumer protection laws when it failed to detect for nearly 10 months that a customer of its data broker subsidiary was a scammer who ran a criminal service that resold consumer data to identity thieves.

experianThe lawsuit comes just days after a judge in New Hampshire handed down a 13-year jail sentence against Hieu Minh Ngo, a 25-year-old Vietnamese man who ran an ID theft service variously named Superget.info and findget.me.

Ngo admitted hacking into or otherwise illegally gaining access to databases belonging to some of the world’s largest data brokers, including a Court Ventures — a company that Experian acquired in 2012. He got access to some 200 million consumer records by posing as a private investigator based in the United States, and for nearly ten months after Experian acquired Court Ventures, Ngo continued paying for his customers’ data searches via cash wire transfers from a bank in Singapore.

Ngo’s service sold access to “fullz,” the slang term for packages of consumer data that could be used to commit identity theft in victims’ names. The government says Ngo made nearly $2 million from his scheme. According to the Justice Department, the IRS has confirmed that 13,673 U.S. citizens, whose stolen personal information was sold on Ngo’s websites, have been victimized through the filing of $65 million in fraudulent individual income tax returns.

The class action lawsuit, filed July 17, 2015 in the U.S. District Court for the Central District of California, seeks statutory damages for Experian’s alleged violations of, among other statutes, the Fair Credit Reporting Act (FCRA). The plaintiffs also want the court to force Experian to notify all consumers affected by Ngo’s service; to provide them free credit monitoring services; to disgorge all profits made from Ngo’s service; and to establish a fund (in an amount to be determined) to which victims can apply for reimbursement of the time and out-of-pocket expenses they incurred to remediate the identity theft and fraud caused by customers of Ngo’s ID theft service. Continue reading →


15
Jul 15

ID Theft Service Proprietor Gets 13 Years

A Vietnamese man who ran an online identity theft service that sold access to Social Security numbers and other personal information on more than 200 million Americans has been sentenced to 13 years in a U.S. prison.

Vietnamese national Hieu Minh Ngo was sentenced to 13 years in prison for running an identity theft service.

Vietnamese national Hieu Minh Ngo was sentenced to 13 years in prison for running an identity theft service.

Hieu Minh Ngo, 25, ran an ID theft service variously named Superget.info and findget.me. Ngo admitted hacking into or otherwise illegally gaining access to databases belonging to some of the world’s largest data brokers, including a Court Ventures, a subsidiary of the major consumer credit bureau Experian.

Ngo’s service sold access to “fullz,” the slang term for packages of consumer data that could be used to commit identity theft in victims’ names. The government says Ngo made nearly $2 million from his scheme.

The totality of damage caused by his more than 1,300 customers is unknown, but it is clear that Ngo’s service was quite popular among ID thieves involved in filing fraudulent tax refund requests with the U.S. Internal Revenue Service (IRS). According to the Justice Department, the IRS has confirmed that 13,673 U.S. citizens, whose stolen PII was sold on Ngo’s websites, have been victimized through the filing of $65 million in fraudulent individual income tax returns. Continue reading →


19
Mar 15

Convicted Tax Fraudster & Fugitive Caught

Lance Ealy, an Ohio man who fled home confinement last year just prior to his conviction on charges of filing phony tax refund requests on more than 150 Americans, was apprehended in a pre-dawn raid by federal marshals in Atlanta on Wednesday.

Lance Ealy, in self-portrait he uploaded to twitter before absconding.

Lance Ealy, in self-portrait he uploaded to twitter before absconding.

Ealy, 28, of Dayton, Ohio, was the subject of no fewer than three previous posts on this blog. Ealy reached out to me in February 2014, after being arrested by the U.S. Secret Service for using his email account to purchase Social Security numbers and other personal information from an online identity theft service run by a guy named Hieu Minh Ngo.

Ngo is a Vietnamese national who, for several years, ran an online identity theft service called Superget.info. Shortly after my 2011 initial story about his service, Ngo tauntingly renamed his site to findget.me. The Secret Service took him up on that challenge, and succeeded in luring him out of Vietnam into Guam, where he was arrested and brought to New Hampshire for trial. He pleaded guilty last year to running the ID theft service, and the government has been working on rounding up his customers ever since.

Mr. Ealy was one of several individuals found guilty of identity theft charges after buying from Ngo’s service, which relied in part on data obtained through a company owned by big-three credit bureau Experian.

After being indicted on 46 counts of fraudulent activity, Ealy fired his attorney and chose to represent himself in court. In mid-November 2014 — just days before the jury in his trial was to issue its guilty verdict — Ealy slipped his ankle monitor and skipped town, but not before posting a taunting selfie to his Twitter account.

In the four months since his disappearance, investigators caught glimpses of Ealy jumping online as he made his way south to Atlanta. Incredibly, Ealy took time to file several lengthy pro se legal arguments (PDF) stating why the judge in the case was not impartial and that he deserved a retrial. When federal officials prosecuting his case responded (PDF) incredulously to his request, Ealy took it upon himself to file a response (PDF) to their motion for dismissal — all while on the lam.

Investigators close to the case say Ealy continued filing false tax refund requests while on the run from the law. But instead of turning to an underground identity theft service as he did previously, investigators say Ealy appears to have paid numerous inmates serving time in Ohio prisons for permission to file tax refund requests on their behalf with the Internal Revenue Service (IRS) — topping up the inmates’ commissary funds to the tune of $100 per filing while pocketing the rest of the fraudulent refunds.

According to whio.com, Ealy remains in the Northern District of Georgia until he can be extradited.


21
Nov 14

Convicted ID Thief, Tax Fraudster Now Fugitive

In April 2014, this blog featured a story about Lance Ealy, an Ohio man arrested last year for buying Social Security numbers and banking information from an underground identity theft service that relied in part on data obtained through a company owned by big-three credit bureau Experian. Earlier this week, Ealy was convicted of using the data to fraudulently claim tax refunds with the IRS in the names of more than 175 U.S. citizens, but not before he snipped his monitoring anklet and skipped town.

Lance Ealy, in self-portrait he uploaded to twitter before absconding.

Lance Ealy, in selfie he uploaded to Twitter before absconding.

On Nov. 18, a jury in Ohio convicted Ealy, 28, on all 46 charges, including aggravated identity theft, and wire and mail fraud. Government prosecutors presented evidence that Ealy had purchased Social Security numbers and financial data on hundreds of consumers, using an identity theft service called Superget.info (later renamed Findget.me). The jury found that Ealy used that information to fraudulently file at least 179 tax refund requests with the Internal Revenue Service, and to open up bank accounts in other victims’ names — accounts he set up to receive and withdraw tens of thousand of dollars in refund payments from the IRS.

The identity theft service that Ealy used was dismantled in 2013, after investigators with the U.S. Secret Service arrested its proprietor and began tracking and finding many of his customers. Investigators later discovered that the service’s owner had obtained much of the consumer data from data brokers by posing as a private investigator based in the United States.

In reality, the owner of Superget.info was a Vietnamese man paying for his accounts at data brokers using cash wire transfers from a bank in Singapore. Among the companies that Ngo signed up with was Court Ventures, a California company that was bought by credit bureau Experian nine months before the government shut down Superget.info.

Court records show that Ealy went to great lengths to delay his trial, and even reached out to this reporter hoping that I would write about his allegations that everyone from his lawyer to the judge in the case was somehow biased against him or unfit to participate in his trial. Early on, Ealy fired his attorney, and opted to represent himself. When the court appointed him a public defender, Ealy again choose to represent himself.

“Mr. Ealy’s motions were in a lot of respects common delay tactics that defendants use to try to avoid the inevitability of a trial,” said Alex Sistla, an assistant U.S. attorney in Ohio who helped prosecute the case.

Ealy also continued to steal peoples’ identities while he was on trial (although no longer buying from Superget.info), according to the government. His bail was revoked for several months, but in October the judge in the case ordered him released on a surety bond. Continue reading →


19
May 14

Experian Breach Tied to NY-NJ ID Theft Ring

Last year, a top official from big-three credit bureau Experian told Congress that the firm was not aware of any consumers that had been harmed by an incident in which a business unit of Experian sold consumer records directly to an online identity theft service for nearly 10 months. Today’s post presents evidence that among the ID theft service’s clients was an identity theft and credit card fraud ring of at least 32 people who were arrested last year for allegedly using the information to steal millions from more  than 1,000 victims across the country.

Ngo's ID theft service superget.info

Ngo’s ID theft service superget.info

On March 31, 2014, 26-year-old Idris Soyemi of Brooklyn, New York pleaded guilty in a New Hampshire court to one count of wire fraud. In Soyemi’s guilty plea hearing, the prosecutor laid out how Soyemi on several occasions bought Social Security numbers, dates of birth and other personal information from an online identity theft service run by guy named Hieu Minh Ngo.

Ngo is a Vietnamese national who for several years ran an online identity theft service called superget.info. Shortly after my 2011 initial story about his service, Ngo tauntingly renamed his site to findget.me. The Secret Service took him up on that challenge, and succeeded in luring him out of Vietnam into Guam, where he was arrested and brought to New Hampshire for trial. He pleaded guilty earlier this year to running the ID theft service, and the government has been working on rounding up his customers ever since.

According to Soyemi’s guilty plea transcript (PDF), U.S. Secret Service agents seized control over Ngo’s email account in February 2013 and used it to interact with his customers. Posing as Ngo, the undercover agent reached out to Soyemi and wrote, “I’m back. You doing tax refund or credit card?”, asking Soyemi whether he was buying personal data on consumers to set up new lines of credit in their names or to file fraudulent tax refund requests with the IRS — a rapidly growing form of cybercrime. Soyemi responded, “I do credit cards but can you tell me about tax refund?” (if you missed last month’s story about an Ohio man who’s accused of using Ngo’s service to file at least 150 fraudulent tax refund requests with the IRS, check that out here).

Interestingly, Soyemi was part of a huge network of nearly three dozen people who were rounded up last year and charged with taking out new credit cards in victims’ names and then using the cards to make millions of dollars in retail purchases that were then fenced on the black market. From an April 2013 story in the Jersey Journal:

“The leaders of the group, authorities say, purchased the identities of unsuspecting victims from online brokers, who got the information from computer hackers across the United States….”

“In a process known as ‘punching,’ electronic account information from the cards’ magnetic strips would be transferred onto counterfeit cards, which were provided to “strikers” who conducted the purchases at retailers all over the Eastern Seaboard, authorities say…”

….”The investigation has identified nearly 1,000 victims across the country and millions of dollars in phony transactions, authorities say.”

“Authorities say the suspects spent the proceeds on luxury cars, high-end jewelry and other lavish expenses. Some of the money was additionally sent to accounts in Nigeria, authorities say.”

Further tying this group to Ngo’s service is a four-count indictment (PDF) lodged against another man named in that identity theft ring roundup by the New Jersey prosecutor’s office: Oluwaseun Adekoya, 25, of Sewaren, NJ. Adekoya’s indictment makes numerous references to his alleged purchase of hundreds of consumer records from an online identity theft service that was taken over by U.S. Secret Service agents in February 2013 (recall that in Soyemi’s guilty plea hearing government prosecutors said that in that same month undercover Secret Service agents assumed control of the email account tied to Ngo’s identity theft service). Continue reading →


21
Apr 14

An Allegation of Harm

In December 2013, an executive from big-three credit reporting bureau Experian told Congress that the company was not aware of any consumers who had been harmed by an incident in which a business unit of Experian sold consumer records directly to an online identity theft service for nearly 10 months. This blog post examines the harm allegedly caused to consumers by just one of the 1,300 customers of that ID theft service — an Ohio man the government claims used the data to file fraudulent tax returns on dozens of Americans last year.

Defendant Lance Ealy.

Defendant Lance Ealy.

In February, I was contacted via Facebook by 28-year-old Lance Ealy from Dayton, Ohio. Mr. Ealy said he needed to speak with me about the article I wrote in October 2013 — Experian Sold Consumer Data to ID Theft Service. Ealy told me he’d been arrested by the U.S. Secret Service on Nov. 25, 2013 for allegedly using his email account to purchase Social Security numbers and other personal information from an online identity theft service run by guy named Hieu Minh Ngo.

“I really need to speak with u about this case because the US attorney assigned to this case and the Secret Service agent are trying to cover up Experian involvement in this case,” Ealy said, without elaborating on his theory about the alleged cover-up.

Ngo is a Vietnamese national who for several years ran an online identity theft service called Superget.info. Shortly after my 2011 initial story about his service, Ngo tauntingly renamed his site to findget.me. The Secret Service took him up on that challenge, and succeeded in luring him out of Vietnam into Guam, where he was arrested and brought to New Hampshire for trial. He pleaded guilty earlier this year to running the ID theft service, and the government has been working on rounding up his customers ever since.

Mr. Ealy appears to be one of several individuals currently battling charges of identity theft after allegedly buying data from Ngo’s service, which relied in part on data obtained through a company owned by Experian.

According to the complaint (PDF) against Ealy, government investigators obtained a search warrant for Ngo’s email account in March 2013. Going through that email, investigators found that a customer of Ngo’s who used the address lanceealy123@yahoo.com had already purchased from Ngo some 363 “fullz” — a term used in the underground to describe a package of everything one would need to steal someone’s identity, including their Social Security number, mother’s maiden name, birth date, address, phone number, email address, bank account information and passwords.

The Justice Department alleges that between Jan. 28, 2013 and Oct. 17, 2013, Ealy filed at least 150 fraudulent tax returns on Americans, instructing the IRS to send the refund money to prepaid credit card accounts he controlled. The government claims that about 50 of those bogus claims were made with Social Security numbers and other data obtained from Ngo’s ID theft service. Continue reading →


10
Mar 14

Experian Lapse Allowed ID Theft Service Access to 200 Million Consumer Records

In October 2013, KrebsOnSecurity published an exclusive story detailing how a Vietnamese man running an online identity theft service bought personal and financial records on Americans directly from a company owned by Experian, one of the three major U.S. credit bureaus. Today’s story looks deeper at the damage wrought in this colossal misstep by one of the nation’s largest data brokers.

Vietnamese national Hieu Minh Ngo pleaded guilty last week to running the ID theft service Superget.info.

Vietnamese national Hieu Minh Ngo pleaded guilty last week to running the ID theft service Superget.info.

Last week, Hieu Minh Ngo, a 24-year-old Vietnamese national, pleaded guilty to running an identity theft service out of his home in Vietnam. Ngo was arrested last year in Guam by U.S. Secret Service agents after he was lured into visiting the U.S. territory to consummate a business deal with a man he believed could deliver huge volumes of consumers’ personal and financial data for resale.

But according to prosecutors, Ngo had already struck deals with one of the world’s biggest data brokers: Experian. Court records just released last week show that Ngo tricked an Experian subsidiary into giving him direct access to personal and financial data on more than 200 million Americans. 

HIEU KNOWS YOUR SECRETS?

As I reported last year, the data was not obtained directly from Experian, but rather via Columbus, Ohio-based US Info Search. US Info Search had a contractual agreement with a California company named Court Ventures, whereby customers of Court Ventures had access to the US Info Search data as well as Court Ventures’ data, and vice versa.

Posing as a private investigator operating out of Singapore, Ngo contracted with Court Ventures, paying for his access to consumer records via regular cash wire transfers from a bank in Singapore. Through that contract, Ngo was able to make available to his clients access to the US Info Search database containing Social Security, date of birth and other records on more than 200 million Americans.

Experian came into the picture in March 2012, when it purchased Court Ventures (along with all of its customers — including Mr. Ngo). For almost ten months after Experian completed that acquisition, Ngo continued siphoning consumer data and making his wire transfers.

Until last week, the government had shared few details about the scope and the size of the data breach, such as how many Americans may have been targeted by thieves using Ngo’s identity theft service.  According to a transcript of Ngo’s guilty plea proceedings obtained by KrebsOnSecurity, Ngo’s ID theft business attracted more than 1,300 customers who paid at least $1.9 million between 2007 and Feb. 2013 to look up Social Security numbers, dates of birth, addresses, previous addresses, phone numbers, email addresses and other sensitive data.

The government alleges that the service’s customers used the information for a variety of fraud schemes, including filing fraudulent tax returns on Americans, and opening new lines of credit and racking up huge bills in the names of unsuspecting victims. The transcript shows government investigators found that over an 18-month period ending Feb. 2013, Ngo’s customers made approximately 3.1 million queries on Americans.

Continue reading →


20
Oct 13

Experian Sold Consumer Data to ID Theft Service

An identity theft service that sold Social Security and drivers license numbers — as well as bank account and credit card data on millions of Americans — purchased much of its data from Experian, one of the three major credit bureaus, according to a lengthy investigation by KrebsOnSecurity.

superget.info home page

superget.info home page

In November 2011, this publication ran a story about an underground service called Superget.info, a fraudster-friendly site that marketed the ability to look up full Social Security numbers, birthdays, drivers license records and financial information on millions of Americans. Registration was free, and accounts were funded via WebMoney and other virtual currencies that are popular in the cybercriminal underground.

Each SSN search on Superget.info returned consumer records that were marked with a set of varying and mysterious two- and three-letter “sourceid:” identifiers, including “TH,” “MV,” and “NCO,” among others. I asked readers who may have a clue about the meaning or source of those abbreviations to contact me. In the weeks following that post, I heard from many readers who had guesses and ideas, but none who seemed to have conclusive information.

That changed in the past week. An individual who read a story about the operators of a similar ID theft service online having broken into the networks of LexisNexis and other major data brokers wrote to say that he’d gone back and reviewed my previous stories on this topic, and that he’d identified the source of the data being resold by Superget.info. The reader said the abbreviations matched data sets produced by Columbus, Ohio-based USInfoSearch.com.

Contacted about the reader’s claim, U.S. Info Search CEO Marc Martin said the data sold by the ID theft service was not obtained directly through his company, but rather via Court Ventures, a third-party company with which US Info Search had previously struck an information sharing agreement. Martin said that several years ago US Info Search and CourtVentures each agreed to grant the other company complete access to its stores of information on US consumers.

Founded in 2001, Court Ventures described itself as a firm that “aggregates, repackages and distributes public record data, obtained from over 1,400 state and county sources.” Cached, historic copies of courtventures.com are available through archive.org.

THE ROLE OF EXPERIAN

In March 2012, Court Ventures was purchased by Costa Mesa, Calif.-based Experian, one of the three major consumer credit bureaus. According to Martin, the proprietors of Superget.info had gained access to Experian’s databases by posing as a U.S.-based private investigator. In reality, Martin said, the individuals apparently responsible for running Superget.info were based in Vietnam.

Martin said he first learned of the ID theft service after hearing from a U.S. Secret Service agent who called and said the law enforcement agency was investigating Experian and had obtained a grand jury subpoena against the company.

The "sourceid" abbreviations pointed toward Court Ventures.

The “sourceid” abbreviations pointed toward Court Ventures.

While the private investigator ruse may have gotten the fraudsters past Experian and/or CourtVentures’ screening process, according to Martin there were other signs that should have alerted Experian to potential fraud associated with the account. For example, Martin said the Secret Service told him that the alleged proprietor of Superget.info had paid Experian for his monthly data access charges using wire transfers sent from Singapore.

“The issue in my mind was the fact that this went on for almost a year after Experian did their due diligence and purchased” Court Ventures, Martin said. “Why didn’t they question cash wires coming in every month? Experian portrays themselves as the databreach experts, and they sell identity theft protection services. How this could go on without them detecting it I don’t know. Our agreement with them was that our information was to be used for fraud prevention and ID verification, and was only to be sold to licensed and credentialed U.S. businesses, not to someone overseas.”

Experian declined multiple requests for an interview. But in a written statement provided to KrebsOnSecurity, Experian acknowledged the broad outlines of Martin’s story and said it had worked with the Secret Service to bring a Vietnamese national to justice in connection with the online ID theft service. Their statement is as follows:

“Experian acquired Court Ventures in March, 2012 because of its national public records database. After the acquisition, the US Secret Service notified Experian that Court Ventures had been and was continuing to resell data from US Info Search to a third party possibly engaged in illegal activity. Following notice by the US Secret Service, Experian discontinued reselling US Info Search data and worked closely and in full cooperation with law enforcement to bring Vietnamese national Hieu Minh Ngo, the alleged perpetrator, to justice.  Experian’s credit files were not accessed.  Because of the ongoing federal investigation, we are not free to say anything further at this time.”

Continue reading →