Set a former thief to catch new thieves: a cybercrime story

Earlier this month, Ngo Minh Hieu published a long article on his personal page, sharing information about a cyber-safety software that took him "three nights to complete."

Hieu doing such good, useful work is the stuff of Hollywood or Bollywood scripts about redemption of erstwhile criminals and/or convicts.

As a teen and a youth, from 2007 until 2013, Hieu stole personal data, including names, birth dates, social security numbers, and bank account information from online marketplaces, according to the U.S. Department of Justice. He sold the information for nearly $2 million, the department said.

On his release, Hieu said he regretted his action and hoped that he would land a cybersecurity job to make amends.

His hope has been realized. He returned to Vietnam in August and works currently for Vietnam’s National Cybersecurity Center (NCSC).

Hieu’s new initiative, "Chong Lua Dao" (Fighting scam), can be installed on Chrome, Coc Coc, Brave and Kiwi browsers. It will rate the safety level of websites and social media accounts. For instance, if a page is flagged as a phishing or otherwise unsuitable site, the software add-on will block the computer from accessing it. The software had more than 3,500 downloads a day after it was launched.

For real?

The anti-phishing article on Hieu's personal account has received tens of thousands of comments and interactions, mostly of encouragement. But there were some who expressed doubts about an information security tool built by someone who used to be a hacker.

"I know that people won't stop talking about at my past," said Hieu. However, he has moved on and does not care about his history, Hieu said, he is focused on creating benefits for the community at large.

The idea of creating a software to protect users from phishing sites crossed his mind when he was serving his sentence in the U.S. and deployed after he returned to Vietnam.

He said that he has learned his lessons from past mistakes and now considers them "assets" that help him build a project against phishing.

"I understand the nature of the matter since I once was a hacker going around deceiving people and spreading malicious codes. So I want to contribute my understanding to help the community."

In the anti-phishing development team, Hieu is responsible for evaluating the safety of a website. His previous experience helps him tell at just a glance if a site is a scam or not.

The anti-phishing tool is built on the idea of MyWOT - a tool that evaluates the reputation of websites with more than 6 million users around the world, sharing a similar working mechanism. The add-on evaluates the security of a website based on technical analysis, such as IP, URL length and SSL certificate, combined with user ratings, which are combined to create an overall rating on a 1 to 5 scale for each site.

However, the development team must review each report to avoid errors in their judgment, since there are safe websites getting bad reviews from competitors or malicious websites that get good reviews from people "with bad intentions."

Thanks to Hieu's experience as well as the contribution of two other security experts, the tool has added 1,000 websites to the "blacklist" after reviewing 1,400 reports from users just one day after its launch. Once it is blacklisted, a website will be "locked," preventing users from accessing it. The browser displays warnings when certain users want to access such phishing websites.

‘Bamboo curtain’

The "Chong Lua Dao" add-on has been launched in the context of increasing instances of fraud in Vietnam’s internet environment.

Hieu said a phishing website is one that mimics a reputable page in order to attract traffic and takes advantage of the users’ personal information, spreads malicious codes or carries out direct scams for money.

With the rapid rise in internet and mobile users in Vietnam, cybercriminals are also using increasingly sophisticated tricks. For example, a hacker buys a domain name that is similar to that of an airline in order to impersonate it. For this, a professional interface is built and money spent on pushing the website up in the Google search results.

Recently, cybercriminals invested hundreds of millions of dong in equipment to fake a mobile broadcasting station and use the "brand message" to urge people to click on fraudulent websites.

"Cybercriminals in Vietnam are investing more and more money on upgrading their scamming tactics," Hieu said.

The former hacker said new internet users with little knowledge about information technology are most likely to become victims of these scams.

"Even my parents regularly visit such websites," Hieu said, adding that this motivates him and his team further in completing their projects.

"In the past, bamboo forests helped protect rural people from enemy attacks and natural disasters, now I want to build an anti-phishing barrier to protect everyone from internet fraud."

The logo of the new software add-on has the image of a bamboo cluster forming a fence, protecting the "green" sides on the internet. Hieu’s nine member team want to see the small green bamboo icon on as many users’ browsers as possible.

Hieu admitted that the project was not perfect because, as a non-profit initiative, it faces human resource limitations. The team is advocating the application of artificial intelligence for faster and more accurate identification, incorporating the open source code of a tool specialized in phishing websites detection to give the best results for the Vietnamese market.

The larger the number of users, the more fake websites will be reported and the more accurate the tool becomes, thus reducing the amount of people needed to moderate internet traffic.

The Chong Lua Dao project plans to develop more applications on smartphones, adding the ability to prevent malicious YouTube and Facebook pages.

Hieu said he also plans to organize small competitions on using the tool in order to help users access security knowledge in newer ways.

He added: "This project is for the community and also develops through the community."