Vietnamese engineer honored by US Department of Defense

By Luu Quy   April 24, 2021 | 09:00 pm PT
Vietnamese engineer honored by US Department of Defense
Tran Dai Chi poses for photo with his degree from the Southern Methodist University, Texas, U.S., in 2019. Photo courtesy of Chi.
Tran Dai Chi received an honorable mention from the U.S. Department of Defense (DoD) for helping ensure domestic cybercrime security.

The 29-year-old works as a security engineer at Amazon in Texas. When the Covid-19 outbreak first hit the southern state, he was ordered to work from home where, each morning, he would conduct an online meeting with a group of security experts.

During one of these meetings in early April, Chi was congratulated by a colleague after his name appeared on the Department of Defense Cyber Crime Center (DC3) website.

Each month, the DC3 would pick a researcher of the month who had made outstanding contributions to system information security and Vulnerability Disclosure Program (VDP). Chi, aka "0xfatty", won this title in March.

In a statement on Twitter, the DC3 said the Vietnamese engineer had discovered two cyber-attack methods rated "serious." If exploited, it could "lead to a complete invasion of the system."

Previously, the security engineer from central beach town Nha Trang was honored by tech giants Apple and Google for his findings in the field of cybersecurity. Involved in the information security industry for less than three years, Chi has been raking in foreign accolades.

He had twice failed university entrance exams in Vietnam. At times, he had no choice but to attend a vocational school in Ho Chi Minh City. In 2013, when many of his friends had stable jobs, Chi chose to "start over" by studying abroad.

To him it proved a blessing since he got accepted at Southern Methodist University in Texas. During his studies, Chi overcame the language barrier and initial culture shock.

He decided to pursue a career in the information security industry back in 2018. All his hard work paid off when he passed six interviews and was accepted to work at Amazon Web Services' cyber security department, one of the leading technology companies in the world. Chi’s main focus is cloud computing, specializing in testing products and services before they hit the consumer market.

In his spare time, Chi took advantage of his cybersecurity research knowledge to solve problems in larger systems, which he claims as a way to improve his skills and gain more experience. He even built his own "problem detecting" system, using information from published vulnerabilities and then discovering which systems may be affected.

The Remote Code Execution (RCE) attack method Chi exposed for the DoD relates to the CVE-2021-22986 problem of the F5 BIG-IP service being used by many agencies in the U.S.

"This vulnerability allows hackers to take control of the whole server and do anything they want on it. The potential risk is that the bad guys can launch an attack from one machine that could spread to many others," Chi said.

U.S. law is strict on cyberattacks, so Chi only detects and confirms security risks, reports and sends them to the DoD, which would typically turn off problematic servers prior to repairs.

His job at Amazon keeps him occupied 10 to 11 hours per day. He does his outside "research" for at night, between 1-2 hours each time, when his wife and children are asleep or on Saturday. Chi said he always tries to balance work and family time.

The engineer said this career also helped him build good relationships with friends in the information security industry both in Vietnam and across the world. He joined in the Anti-Phishing project with Ngo Minh Hieu, who was imprisoned in the U.S. for about seven years until 2019 for stealing the personal information of 200 million Americans, to develope a software add-on that alerts users about scam websites.

go to top